Sunday, May 4, 2014

Malls track your visits by Wi-Fi tracking

How does Wi-Fi works ? 
Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back.

Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever its available.

Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be its your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically.

You can see list of Wi-Fi networks connected by your device going to settings > WiFi




What is Wi-Fi tracking ? 

Your phone continuously searches for Wi-Fi networks to auto-connect.  To do this, it has to broadcast network signals/packets on air and check if network name stored on your phone is available. Thus your phone constantly sends signals(packets) via wireless (air) and waits for response from your Wi-Fi router. If Wi-Fi network is available then it auto-connects to it.

Your phone has unique address (MAC) and that is used when Wi-Fi signals are sent out. This address does not change and can be effectively used to identify your phone uniquely; and so also you.

Every time you visit a mall/hotel they can track your visits. With minimal set of Wi-Fi equipment's anyone can track you using these Wi-Fi signals that are sent out from your mobile device. They can exactly know when you came in and how long you were around. As your phone constantly sends Wi-Fi signals which has your unique (MAC) address, anybody can identify your presence in a area without you connecting to any of Wi-Fi networks.

Malls/Cafes/hotels are setup-ed with Wi-Fi devices that can track your presence and then record this data for commercial/non-commercial purposes. There are companies that develop sophisticated equipment's and websites that can help malls/cafes to know more about you and your visiting patterns. This is exactly called Wi-Fi tracking. Your movement is tracked easily by just the presence of your phone along with you.



How can it be used against you ? 

Just by mere presence of mobile device with active Wi-Fi can track you and your movement around a area. You do not need to do any action or connect to any network, and still you can easily be tracked.

This info of yours and your pattern of visiting a place can be used for commercial purposes by malls/shops. They know how often you visit and where you ponder around, which section of mall you visit and how long you spend time around your favorite place in mall. This can be used by malls to know what people like and what sales more and what to market more.

This brings in privacy issue as your presence is tracked by people easily without your notice. You pattern of visits is tracked, If this data is exchanged with others then all your data is exposed and can be used for good/bad reasons.

Currently this method of Wi-Fi tracking is been actively used by various malls around world. http://nakedsecurity.sophos.com/2013/05/09/nordstrom-tracking-customer-smartphones-wifi-sniffing/

Seattle police department has setup network that can track all people with mobile devices in city. Read here - http://www.rawstory.com/rs/2013/11/10/seattle-police-department-has-network-that-can-track-all-wi-fi-enabled-devices/

Wi-Fi tracking thus can be done by anyone with minimal setup. This info can then be partnered with other vendors doing same things and can result in tracking you around multiple places which hurts peoples privacy.

Your phone broadcast info where you live, where your work and which hotels you visited 

As pointed above, all your Wi-Fi network info you have been connected to is stored by your mobile so that it can search for it and connect later. This list of networks is also broadcasted every time your mobile tries to connect to any Wi-Fi network.

With Wi-Fi equipment's in place, any one can find which Wi-Fi networks you have been connected to earlier and can detail out all (network SSIDs) which can in turn tell the exact place. Wi-Fi network info are also mapped to actual location by Google and that info is available. Thus a clear loud announcement to everyone around you to know about your home, work and hotels you visited.

How to prevent it ? 

A simple way to protect yourself is to disable Wi-Fi when not in use. By disabling Wi-Fi, no wireless signals(packets) will be sent out and thus no tracking can be done. There are apps that can do this automatically.

Remove unwanted Wi-Fi networks you no longer need. Navigate to Settings > Wi-Fi > Network list to clean up on regular basis. Remove any Hotel or café Wi-Fi network that you no longer plan to visit. This keeps the list minimal and avoid announcing places you visited earlier.

Avoid connecting to public Wi-Fi unless its must to do so. Public Wi-Fi act as way to lure people and collect their data on network. Avoid those traps and stay secure.

Is there App to protect you ?
McAfee(Intel Security) has developed an innovative Android app called 'McAfee Safe Wi-Fi'. Its free app and does not require any registration. Small app that solves Wi-Fi tracking problem.  You can download from here - https://play.google.com/store/apps/details?id=com.mcafee.safewifi


HideMyAss.com

9 comments:

Transform your $15 router to $200 security router for FREE

Technology is evolving faster and there are more IoT devices at home/office than a few years back. Software Security companies are movi...