Sniff Wi-Fi

When we last left off, yours truly had noticed that an Android tablet was probing for Wi-Fi networks even when associated.  This behavior would have been unusual, as consumer-grade Wi-Fi devices historically would probe when unassociated and stop probing once a connection is made.  After a little bit more investigation, it appears there was an extenuating circumstance that was causing all of the extra probing. I wondered if the Android tablet I have (Samsung Galaxy Tab 2.0 with 65 Mbps 802.11b/g/n WiFi) might have its probing behavior affected by movement, and sure enough it does. I'll try to amend this blog post later to add screenshots of my captures, but for now here is a summary of what I saw: I associated my Galaxy Tab to a WLAN that is on channel 1.  Then I captured on channel 11.  My hypothesis is that an associated device should stop probing on other channels as long as the signal is solid. Sure enough, once I was associated on channel 1, I stopped seeing Probe Req

No bold type introducing today's post, as I'm going to keep things short. I was doing some work last week looking at Android devices (specifically, a Samsung Galaxy Tab 2) and I noticed some very heavy probing behavior.  We were checking out the device's behavior when it moves from AP to AP, so I set a capture for the target second AP.  I did the test (things went fine, but the WiFi Analyzer app in particular seems to really make Android devices stick to their currently associated BSS) and looked at the capture. Seeing a ton of Probe Requests from the Tablet was expected.  What wasn't expected was the Android tablet probing even while associated to the first AP.  Even when the received signal was strong (in the -50 to -63 dBm range), the Android was going off channel to probe and probe excessively. At this point I'm still trying to figure out if physical motion or an app (or lack thereof) caused the probing.  One thing I am pretty confident in saying already

Happy (belated) Cinco de Mayo!  In honor of Mexico (whose El Tri I actually like a heck of a lot less than Les Bleus ), today's discussion of Guerra de Conduccíon has a Spanish language title.   As noted by noted sarcastor Keith R. "The R Stands for Reassociation" Parsons , in some ways wardriving is a topic whose time has passed.  We've known about it for years.  Wardriving tells hackers where your network is.  Most WiFi networks are encrypted.  What else is there?  Hackers can try to connect, but if you use a long WPA2 Personal passphrase , they won't be able to.  Hackers can try to sniff, but if you're using WPA2 Enterprise, then decryption of data frames is impossible (as far as us non-NSA employees know). But imagine you are an NSA employee.  Or the CEO of a noted defense contractor .  Or holder of some other high-profile job where the nation's prosperity is dependent on your secrecy (like USC's head football coach).  Then if a hack