3
2
I'd like to uniquely identify all wireless devices (phones, tablets, etc) within range. I don't care how far the devices are nor do I need to send them anything. I just want to be able to say: phone ABC was in this zone between 9:00 - 9:30, and 17:00 - 18:00.
I was thinking of sniffing Wifi packets but it seems that some phones avoid sending Probe Request packets, furthermore it's difficult to get Wifi cards into Monitor Mode. I've been unable to find any information on EDGE/3G detection.
I'm trying to do something similar to http://louwrentius.com/blog/2011/04/determining-smartphone-market-share-using-wireless-sniffing/.
The approach must "uniquely identify" the device. Meaning I want to be able to differentiate between the same device entering the zone multiple times versus new devices entering.
The approach must collect "anonymous" data, meaning I don't want to record any information that would allow someone to figure out the owner's identity.
What's the best way to detect the presence of mobile devices?
1If for any reason they broadcast their MAC address (ie, arp requests), you can log that via tcpdump or router logs and even look up the brand of phone if desired. That however will only work on devices that actually attempt to connect. For any device that does not attempt to connect to anything, you are probably out of luck – MaQleod – 2011-09-13T20:49:40.237
I don't think there's any good way to do this for devices that aren't actively connecting to WiFi. You could potentially eavesdrop on their cellular signal to catch a unique ID, but this is probably illegal and would require relatively expensive equipment. – jcrawfordor – 2011-09-13T22:03:15.747
Does it not seem contradictory to be able to uniquely identify a given device and also keep anonymous data? Any data that is unique to a person, combined with additional information (e.g. CCTV data) can be used to uniquely identify a person, with geolocation data being particularly bad. As an example, see the AOL Search Data Release controversy: http://en.wikipedia.org/wiki/AOL_search_data_scandal
– Lukasa – 2011-09-17T13:21:40.087@Lukasa: not necessarily. I might record MAC addresses of phones walking by my office but I have no way of measuring their "distance", which way they are walking, or if they ever come back a second time. Nor do I have (or plan to have) access to CCTV data. Ideally, I'd read their MAC address and store hash(MAC) to disk, making it impossible for someone to retrieve the actual MAC address at a later date. – Gili – 2011-09-17T17:37:41.433
@Gili: Hmm, yeah, I guess. Given sufficient data or enough motivation on the behalf of someone who wanted to use that data, that wouldn't cut it, but you can certainly make it harder. I retract my concern. =) – Lukasa – 2011-09-17T17:54:34.150