Buy It Now, Track Me Later: Attacking User Privacy via Wi-Fi AP Online Auctions

4 months ago 3

[Submitted on 16 Jun 2025]

View PDF HTML (experimental)

Abstract:Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely gather a large quantity of layer-two Wi-Fi identifiers by programmatically querying the eBay marketplace and applying state-of-the-art computer vision techniques to extract IEEE 802.11 BSSIDs from the seller's posted images of the hardware. By leveraging data from a global Wi-Fi Positioning System (WPS) that geolocates BSSIDs, we obtain the physical locations of these devices both pre- and post-sale. In addition to validating the degree to which a seller's location matches the location of the device, we examine cases of device movement -- once the device is sold and then subsequently re-used in a new environment. Our work highlights a previously unrecognized privacy vulnerability and suggests, yet again, the strong need to protect layer-two network identifiers.

Submission history

From: Erik Rye [view email]
[v1] Mon, 16 Jun 2025 02:42:14 UTC (678 KB)

Read Entire Article
  1. Homepage
  2. Technology
  3. Buy It Now, Track Me Later: Attacking User Privacy via Wi-Fi AP Online Auctions

Related

Bluetooth 6.2 – more responsive, improves security, USB comms, and testing

Bluetooth 6.2 – more responsive, improves security, USB comm...

13 minutes ago 0
Stepping Down as Framework Linux Community Ambassadors

Stepping Down as Framework Linux Community Ambassadors

16 minutes ago 0
CoAgent = AI-container, RepoZipper = GitHub backups

CoAgent = AI-container, RepoZipper = GitHub backups

18 minutes ago 0
Hostinger Web Hosting