Not really. It doesn’t really rely on MAC adresses, it relies on your phone to constantly blast out “IS ANYONE HERE $HOME_NETWORK_NAME?” (or bluetoothely named “DYPROSIUMS AIRPODS!???”) and it just catches that and then uses classic triangulating to see where you are. They all do that to quickly connect to WiFi without you having to actually type in the SSID because that shits for nerds.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password. It’s probably wrong for THAT network but it does mean you can just collect a whole ass batch of home wifi passwords.
Especially given how many people don’t change shit about their ISP-provided network if you just cyle $common_standard_wifi_names you’re off to a good start to be able to easily infilitrate half your cities WiFi.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password.
okay that’s very untrue… wifi passwords aren’t really passwords; more accurately they’re pre-shared keys… they are used to generate the encryption parameters used to talk to the AP. the password is never sent over the air, and there’s a 4-way handshake
i’m fairly sure it’s untrue yes but didn’t want to comment that because i don’t know for sure, and honestly it’s a little null and void because they definitely do broadcast all kinds of bluetooth stuff which is equally trackable (though i guess with all the wifi location data you can correlate someone in the store to where they live pretty much perfectly accurately where bluetooth info is less useful in that regard)
i’m 99% sure your phone scans for available wifi networks, sees one it knows and then connects, but i could see a situation where it’s 2s faster to just keep trying so for a “good user experience” some shit company decided to start doing it… but i’m pretty sure for apple pr google that’d result in a CVE
What if you have randomized MAC address for wifi? Will that solve it completely ?
Not really. It doesn’t really rely on MAC adresses, it relies on your phone to constantly blast out “IS ANYONE HERE $HOME_NETWORK_NAME?” (or bluetoothely named “DYPROSIUMS AIRPODS!???”) and it just catches that and then uses classic triangulating to see where you are. They all do that to quickly connect to WiFi without you having to actually type in the SSID because that shits for nerds.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password. It’s probably wrong for THAT network but it does mean you can just collect a whole ass batch of home wifi passwords.
Especially given how many people don’t change shit about their ISP-provided network if you just cyle $common_standard_wifi_names you’re off to a good start to be able to easily infilitrate half your cities WiFi.
okay that’s very untrue… wifi passwords aren’t really passwords; more accurately they’re pre-shared keys… they are used to generate the encryption parameters used to talk to the AP. the password is never sent over the air, and there’s a 4-way handshake
Is it also untrue that phones broadcast their home wifi SSIDs when out and about?
i’m fairly sure it’s untrue yes but didn’t want to comment that because i don’t know for sure, and honestly it’s a little null and void because they definitely do broadcast all kinds of bluetooth stuff which is equally trackable (though i guess with all the wifi location data you can correlate someone in the store to where they live pretty much perfectly accurately where bluetooth info is less useful in that regard)
i’m 99% sure your phone scans for available wifi networks, sees one it knows and then connects, but i could see a situation where it’s 2s faster to just keep trying so for a “good user experience” some shit company decided to start doing it… but i’m pretty sure for apple pr google that’d result in a CVE