Wake up call from Google cars recording wifi data

On 15.05.2010, Google admitted that their Google Street View cars recorded a lot of Wi-Fi data (access point MAC address, SSID and more). The purpose is to be able to correlate the GPS location with the visible Wi-Fi access points. The end game is to provide a quick approximate geolocation to Wi-Fi enabled devices. A company like Skyhook Wireless records similar informations and provides its services to Apple mobile products (iPod Touch, iPhone, iPad,...).

google_street_view_car.png

The SSID can be easily changed by the user so you shouldn't rely on it alone. The average Joe will probably never change their SSID. The MAC address modification is possible but far out the reach of the average Joe. It require a custom firmware which not all router support.

When the SSID is not "hidden", the Wi-Fi beacon packet advertise the SSID every 100ms. If it's "hidden" there are 4 other ways to get the SSID. For routing purposes, every Wi-Fi packet feature in the clear the MAC address of the communicating devices. Only the payload is encrypted when using WEP or WPA.

I believe that Google cars record the GPS location and whatever packet they ear on the 14 Wi-Fi channels. The Google cars change the listening channel every 200ms so in less than 3 seconds they can scan the 14 available channels. Instead of extracting the useful parts of the packet (SSID + MAC) on the fly, they keep the intercepted packets for an offline analysis.The open source Wi-Fi auditor inSSIDer builds a database of MAC address/SSID/GPS coordinates.

Google clearly stated that they didn't record encrypted packets. But the real issue for me is the following. Once you record a WPA encrypted packet you are able to do a brute force offline attack. It's time and computer consuming. The duration of the attack depends on the length of the WPA key. A tool like Elcomsoft Wireless Security Auditor is able to try 100000+ keys a second.

You should use WPA with a 63 characters random key from the GRC password generator. WEP encryption is so badly broken that it should not be used at all. Insecure wifi access points should be used only when there is no other option. If you have to use an open access point know that whatever is not encrypted is broadcasted in the clear.