Honey, where have you been?

Do you want to know where a smartphone has been connected? I mean … would you like to know what wireless networks have been used by a smartphone? Is this information useful? It depends on what you are looking for. From time to time someone might be interested in gathering information about someone. For instance, where have people, who are around you, been connected? What is their ISP? where have they been eating? what places have they visited? What smartphone do they have? Is he in his house/office right now? etc. Getting this “public” and “free” information, and use it as you want!!

As you can guest, there is an easy way to get this information due to the fact that lots of people always have their Wi-Fi connection enabled in their smartphones even when they leave their home, office or wherever or even when they don't need it. However, these mobile devices keep sending “Probe Request” messages over the air asking for the whole wireless network list stored in their smartphones because it is looking for these wireless networks to connect again. This wireless networks list is made by our smartphone with each Wi-Fi we connect because mobile devices store all SSIDs we use by default. Next, we can see an image with all SSIDs my smartphone has used:

Wireless Network List

What tool can we use to get “Probe Request” messages? “Hoover” is an “old” and free tool, made in 2012 and writing in perl language by David Nelissen & Xavier Mertens, that it allows us to get a list of SSIDs which have been used by mobile devices which are nearby. This script uses the “channel hopping” technique to change the Wi-Fi channel every 5 seconds within an infinitive loop looking for “Probe Requests” messages. If we want to use it, we need to configure our wireless adapter in a monitor mode, and we also have to install tshark and perl. Next, we can see an image with the SSIDs and wireless devices which are around me:

Hoover

Hoover Results

Of course, hoover can be improved. For example, dates when SSIDs are discovered are wrong, it would be great to match MAC addresses with manufacturers and it would be awesome to know where SSIDs are in a wireless network mapping like WiGLE.

Once we know the SSIDs which mobile devices want to connect, what could be next? Maybe, turning on a rogue access point with that SSIDs to try to get their Wi-Fi passwords, try to analyze their network traffic and also trying to hack their devices.

If you don't want to be spied and you don't want anybody breaks your privacy, delete your unneccessary wireless list of your mobile devices and turn off your wireless connection when you don't use it, if not, you are exposing valuable information like where you have been eating, sleeping, or … everything.

Regards my friend and remember, drop a line with the first thing you're thinking.