{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,10]],"date-time":"2026-05-10T11:44:25Z","timestamp":1778413465959,"version":"3.51.4"},"reference-count":41,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2018,7,22]],"date-time":"2018-07-22T00:00:00Z","timestamp":1532217600000},"content-version":"vor","delay-in-days":202,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Wireless Communications and Mobile Computing"],"published-print":{"date-parts":[[2018,1]]},"abstract":"<jats:p>User\u2019s location privacy concerns have been further raised by today\u2019s Wi\u2010Fi technology omnipresence. Preferred Network Lists (PNLs) are a particularly interesting source of private location information, as devices are storing a list of previously used hotspots. Privacy implications of a disclosed PNL have been covered by numerous papers, mostly focusing on passive monitoring attacks. Nowadays, however, more and more devices no longer transmit their PNL in clear, thus mitigating passive attacks. Hidden PNLs are still vulnerable against active attacks whereby an attacker mounts a fake SSID hotspot set to one likely contained within targeted PNL. If the targeted device has this SSID in the corresponding PNL, it will automatically initiate a connection with the fake hotspot thus disclosing this information to the attacker. By iterating through different SSIDs (from a predefined dictionary) the attacker can eventually reveal a big part of the hidden PNL. Considering user mobility, executing active attacks usually has to be done within a short opportunity window, while targeting nontrivial SSIDs from user\u2019s PNL. The existing work on active attacks against hidden PNLs often neglects both of these challenges. In this paper we propose a simple mathematical model for analyzing active SSID dictionary attacks, allowing us to optimize the effectiveness of the attack under the above constraints (limited window of opportunity and targeting nontrivial SSIDs). Additionally, we showcase an example method for building an effective SSID dictionary using top\u2010N recommender algorithm and validate our model through simulations and extensive real\u2010life tests.<\/jats:p>","DOI":"10.1155\/2018\/5153265","type":"journal-article","created":{"date-parts":[[2018,7,22]],"date-time":"2018-07-22T23:31:08Z","timestamp":1532302268000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["SSID Oracle Attack on Undisclosed Wi\u2010Fi Preferred Network Lists"],"prefix":"10.1155","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8393-783X","authenticated-orcid":false,"given":"Ante","family":"Dageli\u0107","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8826-4905","authenticated-orcid":false,"given":"Toni","family":"Perkovi\u0107","sequence":"additional","affiliation":[]},{"given":"Bojan","family":"Vujatovi\u0107","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0235-7436","authenticated-orcid":false,"given":"Mario","family":"\u010cagalj","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2018,7,22]]},"reference":[{"key":"e_1_2_11_1_2","unstructured":"\u201cHybrid positioning \u201d accessed: 2017-02-28https:\/\/en.wikipedia.org\/wiki\/Hybrid_positioning_system."},{"key":"e_1_2_11_2_2","unstructured":"\u201cCell tower trilateration \u201d accessed: 2017-02-19https:\/\/wrongfulconvictionsblog.org\/2012\/06\/01\/cell-tower-triangulation-how-it-works\/."},{"key":"e_1_2_11_3_2","doi-asserted-by":"crossref","unstructured":"MarquesN. MenesesF. andMoreiraA. Combining similarity functions and majority rules for multi-building multi-floor WiFi positioning Proceedings of the International Conference on Indoor Positioning and Indoor Navigation (IPIN \u203212) November 2012 Sydney Australia 1\u20139 https:\/\/doi.org\/10.1109\/ipin.2012.6418937 2-s2.0-84874271633.","DOI":"10.1109\/IPIN.2012.6418937"},{"key":"e_1_2_11_4_2","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/2630413"},{"key":"e_1_2_11_5_2","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/2107872"},{"key":"e_1_2_11_6_2","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/7821585"},{"key":"e_1_2_11_7_2","doi-asserted-by":"crossref","unstructured":"BarberaM. V. EpastoA. MeiA. PertaV. C. andStefaJ. Signals from the crowd: Uncovering social relationships through smartphone probes Proceedings of the 13th ACM Internet Measurement Conference IMC 2013 October 2013 Spain 265\u2013276 2-s2.0-84890082562.","DOI":"10.1145\/2504730.2504742"},{"key":"e_1_2_11_8_2","doi-asserted-by":"crossref","unstructured":"Di LuzioA. MeiA. andStefaJ. Mind your probes: De-anonymization of large crowds through smartphone WiFi probe requests Proceedings of the 35th Annual IEEE International Conference on Computer Communications IEEE INFOCOM 2016 April 2016 San Francisco CA USA 2-s2.0-84983239147.","DOI":"10.1109\/INFOCOM.2016.7524459"},{"key":"e_1_2_11_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2013.04.001"},{"key":"e_1_2_11_10_2","doi-asserted-by":"crossref","unstructured":"CuncheM. Mohamed Ali Kaafar. andBoreliR. I know who you will meet this evening! Linking wireless devices using Wi-Fi probe requests Proceedings of the 2012 IEEE Thirteenth International Symposium on \u201cA World of Wireless Mobile and Multimedia Networks\u201d (WoWMoM) June 2012 San Francisco CA USA 1\u20139 https:\/\/doi.org\/10.1109\/WoWMoM.2012.6263700.","DOI":"10.1109\/WoWMoM.2012.6263700"},{"key":"e_1_2_11_11_2","doi-asserted-by":"crossref","unstructured":"Bonn\u00e9B. BarzanA. QuaxP. andLamotteW. WiFiPi: involuntary tracking of visitors at mass events Proceedings of the IEEE 14th International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM \u203213) June 2013 Madrid Spain 1\u20136 https:\/\/doi.org\/10.1109\/wowmom.2013.6583443 2-s2.0-84883677756.","DOI":"10.1109\/WoWMoM.2013.6583443"},{"key":"e_1_2_11_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2015.2507542"},{"key":"e_1_2_11_13_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-018-1737-7"},{"key":"e_1_2_11_14_2","unstructured":"\u201cWireless Geographic Logging Engine \u201d accessed: 2017-02-28 https:\/\/wigle.net\/."},{"key":"e_1_2_11_15_2","unstructured":"\u201cWhat are Active and Passive scanning \u201d accessed: 2017-02-28 http:\/\/www.wi-fi.org\/knowledge-center\/faq\/what-are-passive-and-active-scanning."},{"key":"e_1_2_11_16_2","doi-asserted-by":"crossref","unstructured":"FreudigerJ. Short: How talkative is your mobile device? An experimental study of Wi-Fi probe requests Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks WiSec 2015 June 2015 2-s2.0-84962030770.","DOI":"10.1145\/2766498.2766517"},{"key":"e_1_2_11_17_2","article-title":"Open Wifi SSID Broadcast vulnerability","author":"Sidiropoulos N.","year":"2012","journal-title":"SSN Project Assessment"},{"key":"e_1_2_11_18_2","unstructured":"\u201cKarma tool \u201d accessed: 2017-02-19 https:\/\/www.offensive-security.com\/kali-linux\/kali-linux-evil-wireless-access-point\/."},{"key":"e_1_2_11_19_2","doi-asserted-by":"crossref","unstructured":"VanhoefM. MatteC. CuncheM. CardosoL. S. andPiessensF. Why MAC address randomization is not enough: an analysis of Wi-Fi network discovery mechanisms Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security June 2016 Xi\u2032an China ACM 413\u2013424 https:\/\/doi.org\/10.1145\/2897845.2897883 2-s2.0-84979666706.","DOI":"10.1145\/2897845.2897883"},{"key":"e_1_2_11_20_2","unstructured":"RamachandranV. Scapy: Dictionary Attacks on Hidden SSID Networks accessed: 2017-02-19 http:\/\/www.pentesteracademy.com\/video?id=471."},{"key":"e_1_2_11_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/963770.963776"},{"key":"e_1_2_11_22_2","doi-asserted-by":"crossref","unstructured":"JamilS. BasalamahA. KhanS. andLbathA. Classifying smartphone screen ON\/OFF State Based on WiFi probe patterns Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing UbiComp 2016 September 2016 Germany 301\u2013304 2-s2.0-84991052003.","DOI":"10.1145\/2968219.2971377"},{"key":"e_1_2_11_23_2","doi-asserted-by":"crossref","unstructured":"WangW. JoshiR. KulkarniA. LeongW. K. andLeongB. Feasibility study of mobile phone WiFi detection in aerial search and rescue operations Proceedings of the 4th Asia-Pacific Workshop on Systems APSys 2013 July 2013 Singapore 2-s2.0-84883060390.","DOI":"10.1145\/2500727.2500729"},{"key":"e_1_2_11_24_2","doi-asserted-by":"crossref","unstructured":"HuX. SongL. Van BruggenD. andStriegelA. Is there WiFi yet? How aggressive probe requests deteriorate energy and throughput Proceedings of the ACM Internet Measurement Conference IMC 2015 October 2015 Japan 317\u2013323 2-s2.0-84954154024.","DOI":"10.1145\/2815675.2815709"},{"key":"e_1_2_11_25_2","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/6235484"},{"key":"e_1_2_11_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-013-0196-1"},{"key":"e_1_2_11_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47806-7"},{"key":"e_1_2_11_28_2","doi-asserted-by":"crossref","unstructured":"SarwarB. KarypisG. KonstanJ. andRiedlJ. Item-based collaborative filtering recommendation algorithms Proceedings of the 10th International Conference on World Wide Web (WWW \u203201) 2001 New York NY USA ACM 285\u2013295 https:\/\/doi.org\/10.1145\/371920.372071.","DOI":"10.1145\/371920.372071"},{"key":"e_1_2_11_29_2","unstructured":"Aircrack \u201cAircrackng \u201d accessed: 2017-02-19 https:\/\/www.aircrack-ng.org\/."},{"key":"e_1_2_11_30_2","doi-asserted-by":"crossref","unstructured":"KimY. S. TianY. NguyenL. T. andTagueP. LAPWiN: Location-aided probing for protecting user privacy in Wi-Fi networks Proceedings of the 2014 IEEE Conference on Communications and Network Security CNS 2014 October 2014 USA 427\u2013435 2-s2.0-84921461289.","DOI":"10.1109\/CNS.2014.6997512"},{"key":"e_1_2_11_31_2","unstructured":"BarberaM. V. EpastoA. MeiA. KostaS. PertaV. C. andStefaJ. CRAWDAD dataset sapienza\/probe-requests (v. 2013-09-10) Sep. 2013 Downloaded fromhttps:\/\/crawdad.org\/sapienza\/probe-requests\/20130910."},{"key":"e_1_2_11_32_2","volume-title":"AMLBook","author":"Abu-Mostafa","year":"2012"},{"key":"e_1_2_11_33_2","volume-title":"Open Wifi SSID Broadcast vulnerability","author":"Sidiropoulos N.","year":"2012"},{"key":"e_1_2_11_34_2","doi-asserted-by":"crossref","unstructured":"SethomK.andAfifiH. Requirements and adaptation solutions for transparent handover between wifi and Bluetooth Proceedings of the 2004 IEEE International Conference on Communications June 2004 France 3916\u20133920 2-s2.0-4143137618.","DOI":"10.1109\/ICC.2004.1313286"},{"key":"e_1_2_11_35_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2017.12.012"},{"key":"e_1_2_11_36_2","doi-asserted-by":"crossref","unstructured":"SeneviratneS. JiangF. CuncheM. andSeneviratneA. SSIDs in the wild: Extracting semantic information from WiFi SSIDs Proceedings of the 2015 IEEE 40th Conference on Local Computer Networks LCN 2015 October 2015 USA 494\u2013497 2-s2.0-84973931636.","DOI":"10.1109\/LCN.2015.7366361"},{"key":"e_1_2_11_37_2","unstructured":"MatteC.andCuncheM. Beam me up Scotty: identifying the individual behind a MAC address using Wi-Fi geolocation spoofing Proceedings of the 1er Colloque sur la Confiance Num\u00e9rique en Auvergne 2014."},{"key":"e_1_2_11_38_2","unstructured":"GoodinD. No this isn\u2019t a scene from Minority Report. This trash can is stalking you accessed: 2017-02-28 http:\/\/arstechnica.com\/security\/2013\/08\/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you\/."},{"key":"e_1_2_11_39_2","unstructured":"DIY stalker boxes spy on Wi-Fi users cheaply and with maximum creep value accessed: 2017-02-28 http:\/\/arstechnica.com\/security\/2013\/08\/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value\/."},{"key":"e_1_2_11_40_2","unstructured":"KropeitT. Don\u2019t Trust Open Hotspots: Wi-Fi Hacker Detection and Privacy Protection via Smartphone [Bachelor\u2019s Thesis] 2015 Ruhr-Universit\u00e4t-Bochum."},{"key":"e_1_2_11_41_2","doi-asserted-by":"crossref","unstructured":"MatteC. CuncheM. RousseauF. andVanhoefM. Defeating MAC address randomization through timing attacks Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks WiSec 2016 July 2016 15\u201320 2-s2.0-84985006713.","DOI":"10.1145\/2939918.2939930"}],"container-title":["Wireless Communications and Mobile Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2018\/5153265.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2018\/5153265.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2018\/5153265","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T23:17:06Z","timestamp":1751757426000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1155\/2018\/5153265"}},"subtitle":[],"editor":[{"given":"Mauro","family":"Femminella","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2018,1]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,1]]}},"alternative-id":["10.1155\/2018\/5153265"],"URL":"https:\/\/doi.org\/10.1155\/2018\/5153265","archive":["Portico"],"relation":{},"ISSN":["1530-8669","1530-8677"],"issn-type":[{"value":"1530-8669","type":"print"},{"value":"1530-8677","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1]]},"assertion":[{"value":"2018-03-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-08","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"5153265"}}