In January, I developed a tool to sniff Wi-Fi SSIDs. I decided to call it ‘hoover‘ (based on the vacuum cleaner brand). The original post is here. I’m often running this tool in my area to detect the presence of some people in the neighborhood or when I’m staying at hotels. But usually, the scan scope is very limited.
A friend had the wonderful idea to run hoover during a major Belgian event: The Rock Wechter music festival! Belgium is a wonderful country for music lovers. Plenty of festivals are organized across the country during the summer. They are covering all music styles! Such public events are great places to find good samples of citizens. During four days, 139.000 unique people attended the festival (source). And guess what people are always carying with them? Their smart phones of course!
The high number of visitors attending festivals represents a very good sample of “common users“. We have:
- Belgian, foreigners
- Young, old people
- Students, workers
- French, Dutch speaking people (Yes, that’s Belgium!)
My friend had a chance to stay at a good location. This was an excellent opportunity to keep his laptop safely running hoover to collect broadcasted SSIDs. What can we discover from the (huge) log file? Here are some of my findings…
- 29194 unique SSIDs were detected!
- 6475 unique MAC addresses (devices)
Among the detected SSIDs, here is the top-20 (based on the seen requests):
|4890||Wifi Ranst NIV0|
|3735||Netwerk van Geert Delbaere|
This top-20 is very interesting to conduct WiFi attacks later. We can see that SSIDs like “dlink” or “default” are commonly used. From an attacker’s point of view, this list is interesting to wisely choose the SSIDs which will increase your chances to attract devices to your rogue access point. I’m wondering what’s the first SSID (“Hotspot-Corelio“)? Corelio is a big Belgian media company which edits lot of newspapers. Maybe they were the sponsor of the official Wi-Fi access?
A fact: many people disclose their name via their SSIDs. There was plenty of networks with names. 169 SSIDs based on “Network of xxx” were detected. Some examples:
- “Netwerk van Geert Van Assche”
- “Netwerk van Alex Van Hoydonck”
- “Netwerk van Joost MUYLLE”
- “Netwerk Dennis De Smaele”
- “Netwerk van Dimitri De Schryver”
- “Famille Moies-Delval”
Lof of SSIDs contained geographic details (airports, city names). This helps us to build a list of countries from where the festival visitors came:
- Burma (Myanmar)
What about the hardware used to build wireless networks? Lot of Wi-Fi access point owners do not change the default SSID or just add extensions like a number or a name. Below is the repartition of hardware based on common strings:
Where people do use Wi-Fi connectivity? Mostly in hotels:
They also use free networks:
Of course, there are always some funny SSIDs:
- Hide yo kids, hide yo wi-fi
- LA TAVERNE with Big Boobs
- ( . )( . )
- Network of Darkness
- HP-Print-c1-LaserJet 400 MFP
- Fort Knox-guest
- www.lloretwifi.es +34672530193
- pretty fly for a WiFi
- louloute qui boit le sperme ! ! (No comment – I won’t translate it)
More events will be covered by my friend. He will try to perform the same operation. This will be a good opportunity to compare results.
Final disclaimer, no intrusion or attack of any kind was performed. The tool just listen passively for information broadcasted from Wi-Fi enabled devices.
The complete list of SSIDs is available here.