|
|
|
|
|
|
by dfc
4042 days ago
|
|
|
I am not sure this is a new threat, a user's list of known SSIDs has been a recognized threat to privacy for a long time. You do not even need to have an app installed on Alice's phone to track her location. All Eve has to do is listen for beacon probes from alice's laptop and Eve can get a good picture of where Alice has been and more: "Show me your SSIDS I'll tell you who you are"[1] [1]: http://blog.rootshell.be/2012/01/12/show-me-your-ssids-ill-t... |
|
|
2) ssids are not unique - when it says "airport" it can be any airport. When you have access to the mac of the device, you can pin point it uniquely - that's the threat we present.
3) with the threat you link, you theoretically might be able to recover some of the past locations of the user where they did connect to WiFi. With the threat we present you get the location history with time resolution of up to 20 seconds, whether the user connects to WiFi or not, and even if they disable WiFi, and you don't have to control any routers. I would say this constitutes a novelty.
=== EDIT ====
4) the link only mentions a theoretical possibility, we show that the threat is real based on real data collected over 6 months about multiple people.