Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Expanding upon the obvious
From: Aldo Persi <aldo.persi () gmail com>
Date: Wed, 12 Dec 2012 14:41:36 +1100

Hi


Re. iOS broadcasting  their last 3 wireless networks have a look at

https://github.com/hubert3/iSniff-GPS

believe it was presented at blackhat



On Wed, Dec 12, 2012 at 4:49 AM, Patrick Laverty
<patrick_laverty () brown edu>wrote:

I think Stop & Shop grocery stores are doing something tangential to this.
If you use their in-store price scanner, it will beep at you on occasion,
telling you about deals on an item that just happens to be in the  aisle
you're standing in! So while they might not know who *I* am (or they
might), they sure know where I am in the store.


On Tue, Dec 11, 2012 at 9:51 AM, Joe Ashbrook <joe.ashbrook () gmail com>wrote:

Hi all,

I just wanted to throw this out there as I rarely hear anything about
802.11 tracking. Aside from a few companies, such as Path Intelligence or
Skyhook (SpotRank technology), I never hear of any commercial systems that
attempt to track mobile devices (users). Of course, the companies listed
above are rather opaque in describing how their technology works.

As everyone on this mailing list is aware, basic 802.11 "hacking"
techniques can provide a lot of useful information on mobile devices and
their users. I am surprised there has not been more commercial interest in
data mining of mobile devices. Especially given that staying withing the
data link layer has proven to be legal - or so it seems the golden rule is
to not include payload...

Anyways, in this era of "Big Data" I expected to see more retailers (or
any commercial entity) interested in collecting information about devices
within physical proximity of them. I expect the most powerful use in
analyzing mobile device data would be in a deanonymized form, and perhaps
due to privacy concerns is why companies are shy to experiment with this,
or already are and just keep in on the DL.

I envision retailers using this type of technology to create 'shopper'
profiles. For instance, reconstructing a devices preferred network list (by
capturing directed probe requests) may give them information about where
else a shopper visits (directed probe request for SSID 'Panera'). Or, cross
referencing with other shoppers PNL, may be able to identify relationships
among shoppers (directed probe request from Joe's device SSID
"ByteMe", directed probe request from Tim's device for SSID "ByteMe").

For a final project in completing my undergrad degree I wrote a paper on
this, which I attached if anyone cares to skim it. It has some code at the
end for a Kismet protocol dissector to insert 802.11 probes in a mysql db.
This was a proof of concept for the class intended only as an
academic exercise.

I recall some researcher (~ a year ago) explaining how iOS devices will
broadcast their last 3 wireless networks connected, which I never heard
anything else about. So I know this is not a new topic. Being such a
fascinating subject I am curious if anyone else has some input in regards
to this.

-Joe


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault