Home > CAPEC List > CAPEC-613: WiFi SSID Tracking (Version 2.11)  

CAPEC-613: WiFi SSID Tracking

WiFi SSID Tracking
Definition in a New Window Definition in a New Window
Attack Pattern ID: 613
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.

+ Attack Prerequisites
  • None

+ Typical Severity


+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Open source and commercial software tools are available and open databases of known WiFi SSID addresses are available online.

+ Solutions and Mitigations

Do not enable the feature of "Hidden SSIDs” (also known as “Network Cloaking”) – this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.

Frequently change the SSID to new and unrelated values

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
+ Technical Context
Architectural Paradigms
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017