jfleck writes with news that researchers at Sandia National Laboratories have released a paper on a technique they have developed for passively fingerprinting wireless device drivers (PDF). The researchers comment, "This technique is valuable to an attacker wishing to conduct reconnaissance against a potential target so that he may launch a driver-specific exploit." They sketch the loose language in the 802.11 standard describing the way client devices should probe for access points. Because probing is not spelled out in any detail, the authors say, "...implementing active scanning within wireless drivers [is] a poorly guided task. This has led to the development of many drivers that perform probing using slightly different techniques. By characterizing these implementation-dependent probing algorithms, we are able to passively identify the wireless driver employed by a device." This technique beats Wi-Fi Fingerprints by a country mile.