NEWS FROM THE LAB - Monday, August 26, 2013

Wi-Fi Honeypots and MAC Address Surveillance Posted by Sean @ 12:45 GMT

On August 8th, Quartz published a report that recycling bins in the City of London were being used to collect the MAC addresses from phones passing-by. The scheme was halted by August 12th. On the 13th, I spoke with Danish reporter Jakob M�llerh�j about similar Bluetooth and Wi-Fi tracking that takes place in Denmark — to predict the flow of traffic on roads and human flows in airports.

And while traffic flow analysis is a very valuable thing for planners — in the light of a "prism" — this type of metadata collection is a very worrying trend.

Several years ago, we had our own Bluetooth honeypot project:

Bluetooth Honeypot

Had we moved forward with it, we would have needed to find a way to store MAC addresses anonymously. Because these days, it's entirely too easy for third-parties to seek or sell "business records" to be correlated. Can you just imagine if every CCTV in your city also logged your phone's Wi-Fi Mac?

For those of you interested in running an experiment, check out March's Linux Journal: Wi-Fi Mini Honeypot

But do be careful on what you collect, and how — it's a dangerously unregulated landscape.