Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Walk & Stalk: A New Twist In Cyberstalking
Newest First  |  Oldest First  |  Threaded View
Seza
Seza,
User Rank: Apprentice
1/21/2015 | 5:19:39 AM
Interesting!
Thanks for this article, this might look simple but really everybody has to know about it..

Good job.
Ken_Munro
Ken_Munro,
User Rank: Apprentice
11/12/2014 | 9:46:06 AM
Re: How prevalent?
Hi Marilyn, good question. There are a number of reasons to turn WiFi off when you're not using it:

1: your battery will usually last longer with Wi-Fi off

2: mobile data is sometimes faster than Wi-Fi, particularly 4G when compared to an overloaded ADSL connection in a coffee shop (because someone else is streaming!)

3: mobile data is almost always more secure than Wi-Fi. It's more to do with the way one connects to Wi-Fi though, rather than the encryption

4: Client probe requests do give away information about you and allow you to be tracked. The security services and phone companies can do this using GMS, but anyone can track you using Wi-Fi

5: you can mitigate the Wi-Fi tracking fairly easily, but hardly anyone does.:

- set a generic SSID (name) for your access points. Not defaults like BT-ADSL-F534D or similar, as they facilitate tracking you back to your home or office

- don't allow your devices to send client probe requests - that can be done by switching off settings like 'look for access points automatically' or 'connect automatically' or similar in your wireless client config.

I was sat on a plane before take-off recently, before the door was closed, so fired up a listener quickly. I saw over 50 devices still sending probe requests. I could work out the home addresses in the UK for at least 10 of those. Who has an empty house because they're just leaving on a business trip... Who would be easiest to burgle...

What about firing up a listener whilst in a family holiday destination? Look for mobile devices sending probe requests, trace the home address using wigle.net or similar, pass to criminals back home, burgle empty house...

I for one think it's worth turning Wi-Fi off when not in use
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 9:34:21 AM
Re: How prevalent?
LOL, Not likely (as far as I know!)
Bprince
Bprince,
User Rank: Ninja
11/12/2014 | 9:32:47 AM
Re: How prevalent?
I don't think this is somthing the average person needs to be worried about unless you suspect you are being stalked by someone with significant tech savvy.  
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 8:09:33 AM
How prevalent?
Ken, Thanks for this great expose of the potential harm from the simple devices we use every day. But how concerned should the average person really be? Do I really need to turn off the Wifi when I'm out and about in public?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38193
PUBLISHED: 2022-08-16
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.
CVE-2022-38194
PUBLISHED: 2022-08-16
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
CVE-2022-38192
PUBLISHED: 2022-08-16
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userâ€â&b...
CVE-2022-38362
PUBLISHED: 2022-08-16
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
CVE-2022-30264
PUBLISHED: 2022-08-16
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the fl...