Nguyen, Benjamin, Professeur des universités, INSA Centre Val de Loire
Rasmussen, Kasper, Associate professor, University of Oxford
Chrisment, Isabelle, Professeur des universités, Université de Lorraine
Risset, Tanguy, Professeur des universités, INSA Lyon
Neumann, Christoph, Principal scientist, Technicolor
Minier, Marine, Professeur des universités, Université de Lorraine
Cunche, Mathieu, Maître de conférences, Insa Lyon
Wi-Fi Tracking: Fingerprinting Attacks and Counter-Measures
The recent spread of everyday-carried Wi-Fi-enabled devices (smartphones, tablets and wearable devices) comes with a privacy threat to their owner, and to society as a whole. These devices continuously emit signals which can be captured by a passive attacker using cheap hardware and basic knowledge. These signals contain a unique identifier,
called the MAC address. To mitigate the threat, device vendors are currently deploying a countermeasure on new devices: MAC address randomization. Unfortunately, we show that this mitigation, in its current state, is insufficient to prevent tracking.
To do so, we introduce several attacks, based on the content and the timing of emitted signals. In complement, we study implementations of MAC address randomization in some recent devices, and find a number of shortcomings limiting the efficiency of these implementations at preventing device tracking.
At the same time, we perform two real-world studies. The first one considers the development of actors exploiting this issue to install Wi-Fi tracking systems. We list some real-world installations and discuss their various aspects, including regulation, privacy implications, consent and public acceptance. The second one deals with the spread of MAC address randomization in the devices population.
Finally, we present two tools: an experimental Wi-Fi tracking system for testing and public awareness raising purpose, and a tool estimating the uniqueness of a device based on the content of its emitted signals even if the identier is randomized.