3

I may be missing something about how WiFi and networking in general works, but I do know how WiFi device tracking works.

When eg. an Android phone has WiFi on, it's sending a ping/broadcast message every few seconds. Using this message eg. retailers can track the location of the device by triangulating the message between multiple wifi hotspots.

My question is, why does the Client broadcast this message at all? Why is it not only the access point that sends the "I am here, connect to me" messages. There should be no WiFi traffic from my device until I try to connect to something, and yet it gives away my location and device id every few seconds.

You could then do the reverse only for hidden SSID networks, and encrypt the probe with something unique to that network and time, only sending a probe in the current style when you set up the network the first time.

This would stop the real time tracking of specific devices, no?

Stiffo
  • 133
  • 5
  • I looked at that one, but IMHO the answer isn't sufficient, even after I read the linked article. – Stiffo Feb 22 '17 at 14:23

1 Answers1

4

It's more efficient.

Your device can either perform an active or a passive scan. In a passive scan, the device waits until it captures beacon frames from access points that advertise themselves. In an active scan, you are sending probe requests yourself and wait for APs to respond - this is what most smartphones do.

Passive scanning should be the preferred method in terms of security since it is entirely anonymous, not broadcasting any information about the device. But it also has a negative impact on performance and latency:

The beacon (by default) is only transmitted every 100TU (102,400μs). To have some hope of hearing most Access Points, you’ll need to wait for 2 beacon intervals – say 102,400μs x 2 per channel. We have 12 (or 14 in some areas) channels in the 2.4Ghz band, so a full scan would take 102,400μs x 2 x 12 = 2,457,600μs or about 2.5 seconds.

During this time, the receiver is in a high power usage mode – so battery life is negatively impacted and power usage for a wifi adapter sky-rockets. Sure, you can only run a scan lets say, every 30 seconds – but that still means you have the receiver powered up for 5 seconds out of every minute.

Active scanning is more efficient:

The power requirements are much lower – after the initial probe request, the adapter only listens for a fraction of time compared to a passive scan (although this varies per manufacturer and driver).

(Source)

Besides performance problems, hidden networks that don't send beacons regularly also wouldn't be picked up at all. For devices that use wifi information to enhance the location services (like Android does), active scanning presumably also increases the accuracy.

Community
  • 1
Arminius
  • 43,922
  • 13
  • 140
  • 136
  • But with the current one, don't you need to have both the transmitter and receiver on? Since it will be sending probes, and connect to a wifi *if* any wifi responds, and it would have to have the receiver on to get the response, right? Or is it about reducing the time the receiver is on by sending a probe, turning it on, and almost immediately off? – Stiffo Feb 22 '17 at 15:06
  • 1
    @Stiffo Yes, that's the point. During an active scan the receiver only has to be on for a fraction of the time. – Arminius Feb 22 '17 at 15:12