Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Walk & Stalk: A New Twist In Cyberstalking
Newest First  |  Oldest First  |  Threaded View
Seza
50%
50%
Seza,
User Rank: Apprentice
1/21/2015 | 5:19:39 AM
Interesting!
Thanks for this article, this might look simple but really everybody has to know about it..

Good job.
Ken_Munro
100%
0%
Ken_Munro,
User Rank: Apprentice
11/12/2014 | 9:46:06 AM
Re: How prevalent?
Hi Marilyn, good question. There are a number of reasons to turn WiFi off when you're not using it:

1: your battery will usually last longer with Wi-Fi off

2: mobile data is sometimes faster than Wi-Fi, particularly 4G when compared to an overloaded ADSL connection in a coffee shop (because someone else is streaming!)

3: mobile data is almost always more secure than Wi-Fi. It's more to do with the way one connects to Wi-Fi though, rather than the encryption

4: Client probe requests do give away information about you and allow you to be tracked. The security services and phone companies can do this using GMS, but anyone can track you using Wi-Fi

5: you can mitigate the Wi-Fi tracking fairly easily, but hardly anyone does.:

- set a generic SSID (name) for your access points. Not defaults like BT-ADSL-F534D or similar, as they facilitate tracking you back to your home or office

- don't allow your devices to send client probe requests - that can be done by switching off settings like 'look for access points automatically' or 'connect automatically' or similar in your wireless client config.

I was sat on a plane before take-off recently, before the door was closed, so fired up a listener quickly. I saw over 50 devices still sending probe requests. I could work out the home addresses in the UK for at least 10 of those. Who has an empty house because they're just leaving on a business trip... Who would be easiest to burgle...

What about firing up a listener whilst in a family holiday destination? Look for mobile devices sending probe requests, trace the home address using wigle.net or similar, pass to criminals back home, burgle empty house...

I for one think it's worth turning Wi-Fi off when not in use
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 9:34:21 AM
Re: How prevalent?
LOL, Not likely (as far as I know!)
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/12/2014 | 9:32:47 AM
Re: How prevalent?
I don't think this is somthing the average person needs to be worried about unless you suspect you are being stalked by someone with significant tech savvy.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 8:09:33 AM
How prevalent?
Ken, Thanks for this great expose of the potential harm from the simple devices we use every day. But how concerned should the average person really be? Do I really need to turn off the Wifi when I'm out and about in public?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
CVE-2020-21547
PUBLISHED: 2021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
CVE-2020-21548
PUBLISHED: 2021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
CVE-2021-39218
PUBLISHED: 2021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...
CVE-2021-41387
PUBLISHED: 2021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.