BBC Article: Tracking smartphones using Wi-Fi emissions

You may have read our recent Wi-Fi client tracking survey on the BBC web site. How does it work, and what can you do about it?

If you have set up Wi-Fi on your smartphone or laptop, you’ve probably noticed that when you arrive home, the phone automatically connects to your home Wi-Fi access point. You don’t have to type in the passcode, it just joins.

In order for this to work, the phone sends out what are called ‘probe’ packets. It’s effectively saying “I’m looking for my home Wi-Fi access point, are you there?”

When you get home, your home AP sees the packet and responds “Yes, I’m here, talk to me and let’s set up a secure connection”.

Here’s the problem – whenever your phone has Wi-Fi turned on, it still sends out the probe packets wherever you are, even if you’re miles away from home.

With some free tools, one can easily listen in to these probe packets. I can grab the ID of your phone’s Wi-Fi chip (called a MAC address) and also find out the name of your home access point. If you use Wi-Fi at work and other places, one can work out where you work, sometimes even how you get there.

Using this information, one can quite easily track your phone as you move around. It’s easiest if I’m in Wi-Fi range of you (up to about 100m outdoors without special aerials) but some projects are working on networks of listening stations that can track you more widely.

If your home Wi-Fi access point name (called the SSID) is unique to you, then one can usually work out where you live. Web sites such as http://wigle.net contain databases of wireless surveys that often contain the GPS location of your home access point.

A big Big Brother, isn’t it!

What can you do about it?

First and easiest – just turn off Wi-Fi when you’re not using it.

Only turn it on when you’re at home or somewhere where you specifically need to use it. Your battery will last longer too! If you’re out an about, use mobile data (3G/4G) as these are usually harder to crack and it’s also harder to track you without specialist equipment.

Second, when you ‘join’ a Wi-Fi network for the first time, don’t ‘remember’ the connection unless you really want to.

That usually stops these ‘probe’ packets from being sent, as you manually connect each time. You don’t need to re-enter the security key though.

Windows and Apple laptops also allow you to choose whether to connect automatically. If you select not to, then the probe packets shouldn’t be sent again. Apple have done something quite cool with iOS 8 – the MAC address of the iPhone is effectively randomised, making tracking you rather harder. Except perhaps for Apple…

In conclusion, turn Wi-Fi off when you’re not using it, don’t allow your phone/laptop to connect to Wi-Fi automatically and the risk of tracking is much reduced.

There’s some more technical detail here