Wi-Fi fingerprinting method could be used to track individuals

SAN FRANCISCO — In addition to the hundreds of presentations on information security that help to make the RSA Conference the largest cybersecurity event in the world, the event also sponsors university students whose proposals are accepted, to come to San Francisco to talk about their research at the RSAC Security Scholar Poster Exhibition.

This provides a great opportunity for attendees to talk to young researchers working at the cutting edge of our field, frequently on important issues that might otherwise not get any attention, or not get attention for a while.

Tien Vo-Huu is a PhD student in the Information Assurance program at Northeastern University’s College of Computer and Information Science
Tien Vo-Huu is a PhD student in the Information Assurance program at Northeastern University’s College of Computer and Information Science

Tien D. Vo-Huu (pictured above) has done research on how the quirks of individual Wi-Fi-enabled devices enable them to be uniquely identified just by analyzing characteristics of their radio signals. In the past, people have been tracked by using metadata transmitted by their smartphones, but in order to protect their privacy, vendors have changed the content of that metadata to make that much more difficult.

What Tien showed in his research,  is that without looking at any metadata, he could identify the make and model of the device with 95 per cent accuracy, and the individual device with 47 per cent accuracy. The problem is that it is much more difficult for manufacturers to obfuscate the radio signature of a device, which opens potential privacy concerns.

Tien’s research was done with a focus on the IEEE 802.11 standard as it’s becoming the primary medium for wireless Internet access. Even carriers are offloading traffic to Wi-Fi access points, Tien notes in his research, as a way to solve capacity issues. With its ubiquity, there is ample opportunity to collect samples, using Wi-Fi probes that can be constructed with off-the-shelf equipment.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
George Pajari
George Pajarihttps://fractionalci.so/
George Pajari is a “CISO-for-hire”, providing cybersecurity leadership to SaaS cloud startups. He was previously the Chief Information Security Officer (CISO) of Hootsuite, the most widely used social media management platform with over 15 million users including more than 800 of the Fortune 1000 companies. He was responsible for information security, IS risk management, and IT general controls. Prior to that he was the Security Architect at Hootsuite, and before that, Manager of Network Operations for Glentel's national digital radio service. He is a member of the BC Government's Provincial Security Advisory Council, a member of the Vancouver (ISC)² Chapter executive, and one of the organisers of the Vancouver BSides and BC AWARE Day security conferences. He was invited by the (ISC)² to write the Security Architecture and Engineering section for the next edition of the Official (ISC)² Guide to the CISSP CBK (Common Body of Knowledge), to be published by John Wiley in 2019. George's professional certifications include the CISSP-ISSAP, CISM, and CIPP/E. He is learning to play the bagpipes and his paper on a new device for improving piping skills will appear in a forthcoming issue of Piping Times.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight