Your data might be hacked with a Wi-Fi probe request according to a recent study done by scientists at the University of Hamburg in Germany. A device having a Wi-Fi interface periodically performs a wireless probe procedure by actively sending a control frame, known as a probe request.
Mobile devices use prob requests in order to get information about nearby Wi-Fi access points for establishing connections. Attackers can use these prob requests to track and identify devices including their locations. The probe requests can be useful in detecting the location of a device with an accuracy of up to 1.5 meters by determining device movements to track owners.
The researchers included in their paper, “This is in fact employed in 23% of the stores already. Companies and cities that conduct WiFi tracking take the legal position that only the MAC address contained in probe requests is considered personal data according to GDPR Article 4(1), which protects personal data from unlawful collection and processing.”
The researchers claimed that probe requests can be enough to collect personal data based on SSID or Service Set Identifier stored in the devices. They have also conducted an experiment in a German city’s pedestrian area. They have recorded probe requests over a period of an hour three times. Among the 252,242 total requests, they recorded that about 23.2% contained SSIDs.
Some of those probe requests containing SSIDs also leaked password information, email address, and distinct first and last name of the owners.
