Oversharing and its Consequences

2018-02-20 20_41_00-Network Connections2Recently I spotted a post by satirical website, The Poke, in which a Twitter user shared her families humorous WiFi password in a screenshot. Clearly visible was the SSID.

Would you realistically think that based on just the shared SSID someone would be able to find your house with no other information needed?

Wigle.net allows exactly that – a search facility of over 413,855,100 wireless access points allowing you to track down an SSID’s last known location. By collecting data from the ‘Wardriving’ community which records SSIDs and GPS co-ordinates it is possible to build an accurate map from a large community of open networks, WEP ‘secured’ (if that is the right word) networks and WPA networks. This can also be leveraged to find someone based on their leaked data as is the case with this article – simply type in the SSID and away you go. Virgin Media and other ISPs have made this easier by using unique default SSIDs for each customer, ensuring no clashes when searching – a good way to secure against this is to broadcast a fairly generic common SSID like “Wireless” which is almost certainly used elsewhere, or don’t broadcast any SSID at all. As the data is community gathered you’re also pretty safe if you’re in a remote location or off main roads where no one would really bother WarDriving.

2018-02-20 20_23_56-WiGLE search

This is probably one of the darker use cases, but it isn’t doom and gloom as the same process is used by Google and likely others to provide highly accurate location mapping as GPS is supplemented by SSID (or more likely BSSID) data captured by a Google Street View van (as well as some network traffic!).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s