On 802.11 Access Point Locatability and Named Entity Recognition in Service Set Identifiers

The 802.11 active service discovery mechanism requires the transmission of various attributes in a plain text. These attributes can be collected using passive monitoring and can be used to enumerate the preferred network list (PNL) of client devices. In this paper, we focus on the information that can be obtained using the service set identifiers (SSIDs) that make up the PNL. First, we describe a simple model based on a wireless access point geolocation technique to gauge the potential device locatability using data available on WiGLE.net. Second, we look at additional information that can be extracted from the SSID strings. Our hypothesis is that the entities of potential interest, such as locations and personal names contained within SSIDs, can be recognized in an automated fashion. Using two freely available pretrained named entity recognizers, we were able to identify up to 49% of SSIDs as possibly carrying entities of interest based on multiple data sets. We also show that extracted attributes can be used as an inference basis for additional inference attacks, which presents further opportunities in forensic and intelligence contexts.