The use of mobile devices has been increasing each year. All of us have been influenced by its spread and use. We use them on a daily basis as a
form of social interaction and to be connected to the internet 24/7.
How and where we use these devices puts in jeopardy the privacy and security of our information.
By using these kind of devices with Wi-Fi technology we may be transmitting valuable information to a malicious user that can use it to find our routine, address, workplace or even track us in real time.
Smartphones along with most mobile devices usually keep the last Wi-Fi networks they were connected to. These networks have a unique name designated
ESSID (Extended Service Set Identification) that is one of the identifiers of wireless networks. However every time a mobile device has the Wi-Fi
turned on, it transmits information about the networks it has been connected to or have been configured. It is not a flaw or vulnerability, it is
though a function witch purpose is to accelerate the connection process to a Wi-Fi network.
With the use of capture devices in a given area, it is possible to trace a person and follow their steps and movements in near real time.
8790 mobile devices were captured between subway stations, public transports, malls, public organizations and at Portela Airport during rush hours.
The average capture of device requests (from Smartphones and Tablets) was from 1100 to 1500 per hour.
2296 devices that leaked ESSID information were detected during the study.
Within a universe of 8790 devices, 706 were vulnerable to dishonest connections (It was only devices that automatically connected to the most known networks such as FON_ZON, PTWifi or Guest Networks were accounted for).
In the universe of 8790 collected devices about ~26% leaked at least one ESSID. From these 26%, about 30% are vulnerable to Evil Twin Attacks which is about 8% of the total collected devices.
The most practical and easiest way to protect your device is to turn the Wi-Fi on only when necessary.
The Android systems obtained different results depending of their manufacturer and their system version. It was possible to track several devices that leaked information of all the Wi-Fi networks they were connected to but at the same time some of tracked devices didn't show this behavior. In general, a large number of devices have a mechanism that disables the auto-connect option protecting the end user from Evil Twin Attacks previously mentioned.