The proliferation of city-wide wifi networks has already raised serious concern over privacy implications. Privacy advocates fear that wifi networks can be used to record location information for the operating ISPs, their partners, and possibly law enforcement, raising concerns that wifi can be used to track general user behavior in a "Big Brother" fashion.
However worrying this scenario might appear, it can be classified as a mere nuisance when compared with the possibility of anyone being able to remotely set up a tracking system, without even having to set up physical infrastructure. Such systems, which could be termed as Tracknets can be deployed using a reasonably sized botnet, providing a user-tracking mechanism that can operate across wireless network boundaries. Criminal gangs are known to operate marketplaces for bots, sometimes with specific features such as high bandwidth and CPU power, priced between $1 and $40 per compromised PC according to security exprerts who have monitored IRC chat room echanges . It is conceivable that attributes such as wifi connectivity, and location within a metro-area could be added to the list of features to facilitate attacks such as those described here.
Such a botnet can then track location information , possibly coupled with user-profiles that can span across heterogeneous wireless LANs. The location of the zombies comprising the bot can be infered from the ESSID of their AP using public wifi maps. (In fact, this service is already provided by companies such as Navizon and Skyhook.) The number of users that can be tracked using Tracknets and its coverage are commensurate with the size of the botnet population and the amplifying effect of proximity, similar to the spoofing threat discussed in the previous section.
Several services can leak significant amounts of privacy-sensitive information. This information can, in turn, be used for targeted Phishing and spam attacks, blackmail, and for pre-attack reconnaissance such as building hit-lists. In addition to high-information-leak vectors, several techniques can provide personal information at a lower granularity that might not be able to distinctly identify individual users but can be used to classify sets of users according to broader set of criteria such as OS version version, wireless driver information and general browsing behaviour. In this section we briefly examine some of the most obvious tracking vectors. Our investigation is far from exhaustive and only scratches the surface of possible ways that users could be tagged and tracked. Nevertheless, the vectors we discuss show at least one set of techniques that seem threatening enough by themselves, and may be representative of other approaches.