Entries Tagged "Wi-Fi"

Page 5 of 8

Close-In Surveillance Using Your Phone's Wi-Fi

This article talks about applications in retail, but the possibilities are endless.

Every smartphone these days comes equipped with a WiFi card. When the card is on and looking for networks to join, it’s detectable by local routers. In your home, the router connects to your device, and then voila ­ you have the Internet on your phone. But in a retail environment, other in-store equipment can pick up your WiFi card, learn your device’s unique ID number and use it to keep tabs on that device over time as you move through the store.

This gives offline companies the power to get incredibly specific data about how their customers behave. You could say it’s the physical version of what Web-based vendors have spent millions of dollars trying to perfect ­ the science of behavioral tracking.

Basically, the system is using the MAC address to identify individual devices. Another article on the system is here.

Posted on November 1, 2013 at 6:32 AMView Comments

Google Knows Every Wi-Fi Password in the World

This article points out that as people are logging into Wi-Fi networks from their Android phones, and backing up those passwords along with everything else into Google’s cloud, that Google is amassing an enormous database of the world’s Wi-Fi passwords. And while it’s not every Wi-Fi password in the world, it’s almost certainly a large percentage of them.

Leaving aside Google’s intentions regarding this database, it is certainly something that the US government could force Google to turn over with a National Security Letter.

Something else to think about.

Posted on September 20, 2013 at 7:05 AMView Comments

Hacking Tool Disguised as a Power Strip

This is impressive:

The device has Bluetooth and Wi-Fi adapters, a cellular connection, dual Ethernet ports, and hacking and remote access tools that let security professionals test the network and call home to be remotely controlled via the cellular network. The device comes with easy-to-use scripts that cause it to boot up and then phone home for instructions.

A “text-to-bash” feature allows sending commands to the device using SMS messages. Power Pwn is preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools and. It really can function as a 120/240v AC outlet strip.

It was funded with DARPA money.

Posted on July 31, 2012 at 6:30 AMView Comments

Security Risks of Running an Open WiFi Network

As I’ve written before, I run an open WiFi network. It’s stories like these that may make me rethink that.

The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. “You’re a creep… just admit it,” one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks.

EDITED TO ADD (4/29): The EFF is calling for an open wireless movement. I approve.

Posted on April 26, 2011 at 6:59 AMView Comments

Security Fears of Wi-Fi in London Underground

The London Underground is getting Wi-Fi. Of course there are security fears:

But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.

He said: “There are lots of implications in terms of terrorism and security.

“This will enable people to use their laptop on the Tube as if it was a cell phone.”

Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.

He warned a wi-fi system would enable a terror cell to communicate underground.

And he said “Trojan” or eavesdropping software could be used to penetrate users’ laptops and garner information such as bank details.

Mr Geddes added: “Eavesdropping software can be found and downloaded within minutes.”

This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn’t deploy technologies because of this fear, we’d still be living in the Middle Ages.

Posted on April 13, 2011 at 1:14 PMView Comments

The End of In-Flight Wi-Fi?

Okay, now the terrorists have really affected me personally: they’re forcing us to turn off airplane Wi-Fi. No, it’s not that the Yemeni package bombs had a Wi-Fi triggering mechanism—they seem to have had a cell phone triggering mechanism, dubious at best—but we can imagine an Internet-based triggering mechanism. Put together a sloppy and unsuccessful package bomb with an imagined triggering mechanism, and you have a new and dangerous threat that—even though it was a threat ever since the first airplane got Wi-Fi capability—must be immediately dealt with right now.

Please, let’s not ever tell the TSA about timers. Or altimeters.

And, while we’re talking about the TSA, be sure to opt out of the full-body scanners and remember your sense of humor when a TSA officer slips white powder into your suitcase and then threatens you with arrest.

EDITED TO ADD (11/8): We’re banning toner cartridges over 16 ounces.

Additionally, toner and ink cartridges that are over 16 ounces will be banned from all U.S. passenger flights and planes heading to the United States, she said. That ban will also apply to some air cargo shipments.

Other new rules include:

  • International mail packages sent to the U.S. must be screened individually and certified to have come from an established postal shipper;
  • Cargo shippers, such as UPS, Federal Express, and DHL, have been encouraged to report cargo manifests to Homeland Security faster, prior to departure, to aid in identifying risky cargo based on current intelligence.

There’s some impressive magical thinking going on here.

Posted on November 8, 2010 at 10:21 AMView Comments

WPA Cracking in the Cloud

It’s a service:

The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time. Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.

[…]

It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.

FAQ here.

In related news, there might be a man-in-the-middle attack possible against the WPA2 protocol. Man-in-the-middle attacks are potentially serious, but it depends on the details—and they’re not available yet.

EDITED TO ADD (8/8): Details about the MITM attack.

Posted on July 27, 2010 at 6:43 AMView Comments

Wi-fi Blocking Paint

I wrote about this in 2004. This is an improved product:

While paints blocking lower frequencies have been available for some time, Mr Ohkoshi’s technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data—such as wireless internet—travel at a higher frequency than, for example, FM radio.

Posted on October 12, 2009 at 1:47 PMView Comments

1 3 4 5 6 7 8

Sidebar photo of Bruce Schneier by Joe MacInnis.