So I decided that a little wifi social experiment was in order, to see if open and free wifi really makes people forget all common sense, when it comes to the Internet and their personal information.
No doubt most of you are familar with the likes of aircrack-ng, and maybe even the infamous Pineapple.Heck, you may even dabble in Backtrack and Kali.All these tools allow you to "sniff" the airwaves for wifi signals, and, depending on your motives, do something with said information. Problem is, most are what I would call promiscuous (you go out looking for something). I wanted to let the people come to me! :-)
Anyway, I digress. What if we set up an access point, or many access points,based on the most common names (SSID's I mean) people used? And what if we assumed that those mobile devices, without asking the end user, connected to these most common SSID's? Because when you walk into Costa, or MacDonalds, you've already connected once, so heh, free is free,you've used it before-why would your phone ask you again?
Also, the problem with some of the tools above depend on the mobile device giving up the SSID's it's used before. That assumption is now on the down slope, due to the vendors (Apple especially) implementing much stricter use of the PNL (Preferred Network List). Basically, in past years,your device would send out a broadcast looking for wifi-in this it broadcast all the other wifi's you had connected too in the past.Now, most just send out a broadcast beacon, without giving up your past wifi locations.This was/is the secret sauce that all the tools above would use to set up an "Evil" wifi access point. Now, its a pain.
But, and here's the upside (see, it's not all bad news), and with the explosion of free wifi (I'm in the UK so the main ones are BT, The Cloud, O2 etc etc) you not only have 1000's of access points, but these access points are being consolidated.But the real crown jewels are the broadband operators and BT (formerly British Telecom) should take a bow-they enable, by default, a "guest" wifi signal on EVERY home installation.In fact, you cant turn it off! This is so no matter where you are, and if you are a BT customer customer, you can connect as a guest to any other BT residential user
SKY is not far behind (they bought out the Cloud) but dont do the same guest offering for a residential. I'm sure they are not that far behind, mind you.
So you have millions of people, who connect regularly to the same wifi signal, day after day. All we need to do is mimic these wifi points. As a great man once said "If you build it, he will come". Substitute he for them!
So how do you do it, and what can you see?
You need an access point that has the ability to a) run OpenWRT and b) be able to transmit multiple hotspots. You could use DD-WRT,but the logging capabilities are pants-and you could use an AP with just one SSID that can be transmitted, but it takes a lot of flexibility (and fun) out of the exercise. I am using an AP from TP-Link-the TL-WR2543ND
I got it for £12 from Ebay-it has both 5Ghz and 2.4Ghz, it has detachable antennas (so you can put on bigger ones!) and it has an Atheros chipset-which means you can put up to 8 (eight!) SSID's on one physical AP. Stay away from Broadcom based chipsets, they are limited in their logging ability, especially around a Linux package called hostap Step 2
Deploy Openwrt onto your router-I'm not going into that here, Google it. Get a decent 9dB omni antenna. Put the antenna as high as possible, and the access point as close to that antenna as well.If you dont, at these frequencies, you lose signal.
The reason for this is to make your SSID's go as afar as possible, to get as many devices to connect to it as possible.
Configure the access points with the most common SSID's you can think of-see my wifi config below for the ones I use
Set up extended logging on the DD-WRT box-this will allow you to capture "rotating" logs. A few good web pages are here and here. I put them into /etc/logs/ directory- dont put them into /var, as they will be overwritten every time you reboot the device
Sit back and wait for the suckers, sorry public at large, to connect to your access point. Now, I need to make something clear here-I did not set this up as a man-in-the-middle-attack, I did not sniff actual user data and I didn't use any sort of proxy to redirect traffic to a malicious site. That's not the aim here, it was social experiment to see how dumb both the end user, and their mobile device is. The way you connect to your home wifi when you walk in the front door, the way you connect to your work wifi- this is all this is trying to mimic. I'm not trying to hack someone's personal data.
So over a period of a month, I collected daily logs of all people that connected to my 4 SSID's-both from a physical point of view (wifi authentication/de-authentication packets),and from a logical point of view (they aquired a IP address and surfed the web). See below-the first table is those devices/users who not only connected, but acquired an IP address from the router.The 2nd one is the physical connections (top 20 or so)
So I have hidden some of the personal details.But here's the highlights:
Just under 80 devices connected and surfed on my AP,some quite regularly,over the month. About 305 just connected physically, probably passing motorists (I live near a main road), which didn't have time to complete the DHCP process.
The added bonus is that when they connect, you also get the host name of the device-so Bobs iPhone or Julies-iPad -very revealing. Android is a bit more secure (!) but on the second list, I get the MAC address's (top 20 or so, the xls page is too big!)-the actual log files give you both, I just split it up into Excel and did a simple pivot.So now I know who it is, and what the device ID. It wouldn't take a genius, and big business is doing this right now, to put 3 or 4 AP's up, and track people.The individual wlan0-wlan0-7 columns are the individual AP SSID's I assigned-so you can see what the most popular SSID's are in use-it also serves as a confidence check that you have the right ones, or which ones to discard/replace.I know of no other method that gives you this check.
As I said before, I wanted to go a different route-not to use a wifi tool to work out who was out there,but make an assumption on what those devices had connected to before, and use that assumption to get information.One thing the logs gave me, which I didn't include here, was date time stamps, to the second, of when people connected.I wont show the graph but I did the same test in a local shopping mall, over a few hours, over different days.Not only did I see the "busy" patterns, I saw some of the same devices I saw on my AP! ;-) Device was a TP-Link 703, if your interested-fits in the palm of your hand and works off 5vdc-excellent little piece of kit!
Hopefully I've shown how stupid wifi is on modern devices, and how ridiculously easy it is to impersonate a legitimate wifi access point.Connect once, and your phone will connect to that wifi signal again and again, without your permission, regardless of who, or what is broadcasting that signal. It wouldn't be rocket science to make the AP sniff traffic, or re-direct to a bogus sign up page.
Been lazy (and busy) so not has a chance to post. Besides I’m not one of these bloggers who feels they have to put something up just for the sake of my viewing figures. As my wife says, quality over quantity ;-)
DLNA-or to give it its proper name Digital Living Network Alliance. Big name, rubbish sounding but it’s all around us. PVR’s (Personal Video Recorder). It should actually say DVR (Digital Video Recorder) but the two names are interchangeable. Most people know the latter, few know the former. Thing is, you’ve got a DLNA TV or a DLNA client (PS3 is one) and you probably don’t even know it. And probably don’t even use it. So why is it a big deal?
Well, it’s all to do with the magical expression that media companies and Internet providers will stuff down our throats called the “digitally connected home”. There-I said it. Sky will say they do it, with their multi-room facility and Virgin Media would like to say it but they’re not quite there-yet. Freeview is even worse, as you need a separate box for each room and there is no way to watch one programme on one box, on another TV.The big problem with this is you need a separate box for each room-pain in the b*tt, extra power, need one for each of the kids and costs you a fortune. Plus it isn’t scalable. Be honest-how often do you watch Sky Movies? Thing is, the media barons will have you believe that you need them-you don’t. In the US, this is called cord cutting-that is, people are ditching their traditional Pay TV subscriptions and streaming straight from the content providers-NetFlix & LoveFilm are two examples. In a few years, the TV will again become the centrepiece of the family home but this time with the Internet content on it.
(I hear people complaining that this doesn’t cater for Premnium TV-true, but Freeview is by far the biggest provider of TV in the UK-and always will be. You could always supplement your viewing experience with a Slingbox ;-))
What you do like is the flexibility they give you, to tie in with your busy lives. I always look at my family and friends, rather than some media marketing nutjob, to make me stop and think what people want. My wife very rarely watches anything “primetime”-she’ll watch it delayed. Why? Because a) it fits round her life and b) she can fast forward through the adverts. So I’ve set the scene and hopefully you get the point.
So you have the big TV (s), you don’t have the time and you want the flexibility-how do you do it? With DLNA, stupid. I’ll go on to describe, with a little thought and some cash outlay, how you get all your programmes, wherever you want, when you want.
Home DNLA set-up
Step 1-fire up that old desktop PC you consigned to the loft. This will be you media centre-where you have all you videos, your music and wait for it, your TV recordings. You’ll need 3 things-a TV tuner card (about £50) and 2 bits of free software. The first part is called MediaPortal and the second part is PS3MediaServer. You install the software and the tuner-tip-try to get a connection to the tuner card (which is a USB stick-no need to pull apart the PC) from your external aerial. It will come with a small internal one but unless you’re close to your TV transmitter, you won’t pick up all the channels. Might be a bit of hassle but it will be worth it.
Step 2-get your TV or client connected up to the media server PC. Now, I’m assuming if you’re reading this, you have a broadband connection. If you’re really lucky, and not like me, you’ll have a Virgin Media broadband connection-which means you’ll have blazing speeds, as well as a router. This router supplies your wireless connection and wired-I specifically mention the wired (Ethernet) side of things as that part seems to have been forgotten in the mad rush for everything wireless (see my earlier posts). I blame that bald guy and his slightly ugly female partner on the Gadget show-or Dick and Fluff as I call them. A lot of the TV’s, which have DLNA, have the facility to connect to your router via a special wireless dongle-tip-don’t bother. They will also have an Ethernet port on the back-use this with a Powerline adaptor. It’s cheaper, and faster. You can do it wireless but wireless doesn’t really scale to high-def video, plus you’re in a very congested airwaves scenario-go for wired, you won’t regret it. As your TV will need to be near a power socket, you can use these all round the house-you can now get ones with in-line sockets so you don’t even need an extension. So idea is, wherever you have a TV, stick in a Powerline adaptor. These are all connected to the router (and hence your media server) by another Powerline adaptor. If you’re really adventurous, you could just run CAT5 cabling all round your house and dispense with the adaptors but I guess you really can’t be bothered drilling holes through your walls and putting your foot through ceilings.
Step 3-ahh, but what if you have an older TV or one that doesn’t have DLNA? Well, this is where this little beauty comes in-£60 and it fits in the palm of your hand. An extra bonus is that it can also do some Internet “stuff”, like YouTube and suchlike. No hardrive, it really is meant for streaming, but you can connect USB drives off the back of it (powered or pen drive).It would also fit very nicely strapped on the back of a wall mounted LCD/LED TV.
Step 4-addtional software to make your life easier. For remote control of the media centre (you don’t even need a monitor) get TeamViewer-stick the main app on your laptop and the client app on your media centre. No more running back and forward. The more canny of you will realise that with a PC as the hub, you can download other “stuff”. Maybe a few torrents with the likes of Utorrent?
So you now have the software, you have the hardware and they are all connected up-sorted. Hopefully the diagram will show you what I mean. Because your TV’s will all have Freeview built in, you still have all your channels as before, for the usual real-time experience. The programmes will be recorded to media centre PC-in my experience, a 30 minute show will take up about 400MB of space (about half a CD). Whereas a 90 minute film will be about 1-2GB of data (half of a DVD). But you can get a 1TB (terabyte) drive for about £50 now so you have oodles of space-as as with your PVR/DVR, you can simply delete the files to clear up space.
Additional Notes (techy bits)
DLNA server software-I prefer PS3MediaServer as you don’t have to continually update/refresh your library as the likes of TV Versity and Serviio require-I Iike the latter but the PS3MS lets you browse all your drives
Media Centre software-yes, you can use the inbuilt Windows supplied one (if your operating system came with it), or you could use the likes of GBPVR but I find Media Portal to be much more feature rich and user friendly, especially where the EPG (Electronic Program Guide) is concerned.
Freeview PVR’s-there are some PVR’s coming onto the market now that have networking capabilities but they are pricey (£300) and probably best to wait until they become mass market. Besides, its just another cost.
So this is a brief intro to getting that media content around the home-hope you've found it useful!