Mobile Subscriber WiFi Privacy.

This paper investigates and analyses the insufficient protections afforded to mobile identities when using today's operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user's International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future.