Researchers collect almost 60,000 SSIDs in a few hours. Some of the SSIDs consist of strings of numbers that are apparently preset router passwords.
Researchers at the University of Hamburg recorded the WLAN connection requests of thousands of pedestrians in a field test. With their study, they wanted to find out what data is transmitted without the user’s knowledge during the process, also known as WiFi probing.
As a rule, smartphones continuously search for available WLAN networks. This is a convenience function that allows the device to connect to trusted WLAN networks in the background. However, as Bleeping Computer reports, retailers also use WiFi probing to track customers in their retail shops. Since only anonymised MAC addresses are used in this form of tracking, the method is considered to be GDPR-compliant.
In their investigation, however, the researchers found that in addition to MAC addresses, other data, some of which is confidential, is also transmitted. In 23.2 percent of the cases, they found the SSIDs of networks to which the devices in question had connected in the past.
Recorded SSIDs apparently contain router passwords
According to the report, the field test was conducted in November 2021 in a pedestrian zone of a major German city. Over a period of three hours, the researchers used six antennas to record connection requests in different radio channels. In total, there were 252,242 requests. They contained 58,489 SSIDs. Some of these SSIDs contained numeric strings with 16 or more digits. The researchers suspect that these are preset passwords of home routers.
“Password sniffing in SSIDs is especially critical when the device transmits the real SSID in addition to the password, either correctly or with a typo from which the real SSID can be inferred,” the researchers explained, according to BleepingComputer. “The assumption that the sniffed passwords match the also transmitted SSIDs could be further verified by setting up fake access points on the fly with the potential credentials we observed.”
The researchers also warned that the data transmitted during wifi probing is generally capable of tracking users permanently. The decisive factor here is the random assignment of MAC addresses, as Apple iOS and Google Android have been offering for years. However, only newer versions of iOS (14 and 15) and Android (10, 11 and 12) also assign a random MAC address per SSID when connecting to a network.