Friday, June 14, 2019

Does attempted WIFI connection, but no password sent, expose your info to that network?

Say you accidentally click on the wrong WIFI networks that are broadcasting SSIDs from your phone. Then you immediately cancel without even attempting a password try. Is your login attempt and other information like your MAC address and device name already exposed to the network and the wireless access point router?

Basically, the moment you attempt to connect, the wireless access point already knows about it and it is already too late to back out even if you don't go through with the whole process to send a password? And that this action can in theory trigger a log?

Granted most home wireless routers are not sophisticated to log these stuff for their users, but just discussing this in an academic sense.

As a noob, from what I read about the four way handshake of IEEE 802.11 standard is that to even attempt a login, the access point has already set up an AN-nonce for you and awaiting your SN-nonce reply. Is that correct? So the router should already know you're there and at the bare minimum clicked login?

Or does this depend on the connecting client side too? Maybe the device doesn't go through with the handshake until after the password field is filled, and then it attempts the first connection to be established an AN-nonce from the router only after the password is entered in software?



No comments:

Post a Comment