Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?
Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.
Each box cost $57. He produced 10 of them, and then he turned them on – to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi – say at a cafe – and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.
Even when he didn’t connect to a Wi-Fi network, his sensors could track his location through Wi-Fi “pings.” His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.
Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.
Join us every Wednesday night at 8pm ET for Ask an Engineer!
Learn resistor values with Mho’s Resistance or get the best electronics calculator for engineers “Circuit Playground” – Adafruit’s Apps!
Maker Business — Blackbox “a new shipping company from the creators of Cards Against Humanity” @coolboxes
Wearables — Tape it down
Electronics — Spit in your eye
Biohacking — Biofabrication: The New Revolution in Material Design
No comments yet.
Sorry, the comment form is closed at this time.