Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Walk & Stalk: A New Twist In Cyberstalking
Newest First  |  Oldest First  |  Threaded View
Seza
Seza,
User Rank: Apprentice
1/21/2015 | 5:19:39 AM
Interesting!
Thanks for this article, this might look simple but really everybody has to know about it..

Good job.
Ken_Munro
Ken_Munro,
User Rank: Apprentice
11/12/2014 | 9:46:06 AM
Re: How prevalent?
Hi Marilyn, good question. There are a number of reasons to turn WiFi off when you're not using it:

1: your battery will usually last longer with Wi-Fi off

2: mobile data is sometimes faster than Wi-Fi, particularly 4G when compared to an overloaded ADSL connection in a coffee shop (because someone else is streaming!)

3: mobile data is almost always more secure than Wi-Fi. It's more to do with the way one connects to Wi-Fi though, rather than the encryption

4: Client probe requests do give away information about you and allow you to be tracked. The security services and phone companies can do this using GMS, but anyone can track you using Wi-Fi

5: you can mitigate the Wi-Fi tracking fairly easily, but hardly anyone does.:

- set a generic SSID (name) for your access points. Not defaults like BT-ADSL-F534D or similar, as they facilitate tracking you back to your home or office

- don't allow your devices to send client probe requests - that can be done by switching off settings like 'look for access points automatically' or 'connect automatically' or similar in your wireless client config.

I was sat on a plane before take-off recently, before the door was closed, so fired up a listener quickly. I saw over 50 devices still sending probe requests. I could work out the home addresses in the UK for at least 10 of those. Who has an empty house because they're just leaving on a business trip... Who would be easiest to burgle...

What about firing up a listener whilst in a family holiday destination? Look for mobile devices sending probe requests, trace the home address using wigle.net or similar, pass to criminals back home, burgle empty house...

I for one think it's worth turning Wi-Fi off when not in use
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 9:34:21 AM
Re: How prevalent?
LOL, Not likely (as far as I know!)
Bprince
Bprince,
User Rank: Ninja
11/12/2014 | 9:32:47 AM
Re: How prevalent?
I don't think this is somthing the average person needs to be worried about unless you suspect you are being stalked by someone with significant tech savvy.  
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 8:09:33 AM
How prevalent?
Ken, Thanks for this great expose of the potential harm from the simple devices we use every day. But how concerned should the average person really be? Do I really need to turn off the Wifi when I'm out and about in public?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31650
PUBLISHED: 2022-05-25
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651
PUBLISHED: 2022-05-25
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
CVE-2022-29256
PUBLISHED: 2022-05-25
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` e...
CVE-2022-26067
PUBLISHED: 2022-05-25
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnera...
CVE-2022-26077
PUBLISHED: 2022-05-25
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff networ...