NEWBURYPORT, Mass. — Cyber-security consultant Caleb Barlow is sitting in his dining room, reading Wi-Fi information off cell phones from a coffee shop across the street. It’s totally legal, and no one would have any idea he’s doing it.
“This is very easy to do,” Barlow said from behind his computer. “We can learn a lot about you just by listening to what your phone is broadcasting as you walk by.”
With a $100 wireless auditing device and an online database, Barlow demonstrates how it’s possible to track someone’s location based on the unique information coming off their cell phone.
“All we’re doing is listening to what people’s phones are broadcasting on their own. We’re not actually interacting with any of these devices,” Barlow said. “This becomes a really somewhat creepy way to figure out where people are traveling and what they’re doing.”
Here’s how it works: our phones are set to automatically connect to our Wi-Fi networks at home or work when the Wi-Fi antenna is switched on. When we’re not connected, our phones are constantly sending out a signal looking for those networks. At the same time, our Wi-Fi routers are searching to connect with our phones. The router sends out a signal, known as an SSID. With the right equipment, someone can read the signal coming off a phone, determine the names of the established networks, then cross-reference the names with an online database to figure out a person’s location.
“The privacy concerns are vast. I can tell a lot about a person based on where they’ve visited. I can probably figure out where their home is. I can probably figure out where they work, maybe what gym they go to,” Barlow said.
Barlow said to protect yourself, you should change the name of your home Wi-Fi network at least once a year. Use a common name, like your favorite sports team or band, then add “_NOMAP” to the end of the name – that lets mapping companies know you’d prefer not to have your Wi-Fi network published online.
Barlow also recommends routinely cleaning out the list of networks stored on your phone.
“Every now and then go into that list in your network settings, and delete all those Wi-Fi networks that you no longer connect to,” he said.
David O’Brien with Harvard’s Berkman Klein Center for Internet & Society said this a well-documented issue that people have complained about for a decade.
“A big part of the problem is that when wireless protocols were designed years ago, it was by engineers who were not thinking of these types of problems,” O’Brien said.
O’Brien said retail companies have used a similar form of Wi-Fi probing to track your movements around stores. O’Brien said the easiest way to protect yourself and stop Wi-Fi tracking is to simply turn off your Wi-Fi antenna when you leave the house.
“If you’re the type of person who cares about your privacy in terms of commercial tracking, stores will often use wireless technology signals from your phone to track your movement throughout the store,” O’Brien said. “They want to know how long you’ve lingered in one corner, what products you might have been looking at, whether you bought something or not. They can use this to figure that out.”
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW