Device Names in the Wild: Investigating Privacy Risks of Zero Configuration Networking

摘要

Zero configuration networking aims to support users in seamlessly connecting devices and services. However, in public networks associated service announcements pose substantial privacy risks. A major issue is the inclusion of identifying information in device names, often automatically set or suggested by devices upon initial configuration. Focusing on mDNS, we assess this issue by studying its actual extent, awareness about the problem, and potential consequences for privacy. We collected a one-week dataset of mDNS announcements in a semi-public Wi-Fi network at a university. Of 2,957 unique device names, 59% contained real names of users, with 17.6% containing first and last name. An online survey (n=137) revealed that 29% of the participants did not know the current device name of their smartphone, but that the vast majority considered periodic announcement of their full names worrisome. We further discuss specific potential privacy threats and attack scenarios stemming from mDNS device names.