I was wondering if when a router is broadcasting its signal, it is able to handshake with devices that are wifi enabled and looking for a wifi network to connect and get some info from them?
Asked
Active
Viewed 114 times
1 Answers
1
That depends on the scenario, and what kind of information you are worried about. In order to make the following examples less cluttered, I will always be calling the access point "AP" and the client device "Client".
AP Broadcasts, Client does not want to connect
Depending on how the client is set up, it is possible that the client regularly sends out broadcast messages, containing SSIDs they have connected to before. This is required if those SSIDs are "hidden".
As such, a malicious AP (or anyone else listening) could gain information about SSIDs the client has been connected to. These broadcasts also contain the MAC address of the W-LAN interface of the client.
AP Broadcasts, Client wishes to connect
In this case, the AP absolutely gains information about the client. Afterall, it needs this information to send data to the client.
The client has to disclose their MAC address, and like above, may disclose other information about previously connected to networks.
What information does my MAC address show?
By default, it shows the manufacturer of the NIC (the network interface card), which could give information about the nature of the device. For instance, a MAC address starting with 00:22:AA belongs to a NIC manufactured by Nintendo. So it's probably a game console. Further investigation into the MAC addresses might reveal more information about the device.
How reliable is this information?
Not at all. In fact, anyone is able to change their MAC address as they please. The only thing required for their MAC to work properly is to be unique within the domain. And if it's not, that opens up all kinds of attacks, which I am not going to get into.
The key point is that MAC addresses can be changed quite easily, and thus any information received by a MAC should be taken with a grain of salt.
-
Thanks for the answer! – Javier Hernandez May 26 '19 at 02:46