Monday, December 5

Creepy Wireless Stalking Made Easy

In a slight twist on the august pursuit of warwalking, [Mehdi] took a Raspberry Pi armed with a GPS, WiFi, and a Bluetooth sniffer around Bordeaux with him for six months and logged all the data he could find. The result isn’t entirely surprising, but it’s still a little bit creepy.

If your WiFi sends out probe requests for its home access points, [Mehdi] logged it. If your Bluetooth devices leak information about what they are, [Mehdi] logged it. In the end, he got nearly 30,000 WiFis logged, including 120,000 probes. Each reading is timestamped and geolocated, and [Mehdi] presents a few of the results from querying the resulting database.

For instance, one person who shared a train commute with [Mehdi] got on at Meriadek and got off at Lycee Dagin on July 14th, and was never seen again. Another fellow train rider’s WiFi sent out probes for a Dominos pizza WiFi BSSID. [Mehdi] points out that you could even figure out which riders knew each other because they often connect to devices with unique IDs, which could be used to correlate them.

Now, all of this is actually more telling about [Mehdi] than anyone else he meets. You can easily tell which train lines he rides and when. But if there were a network of these sniffers scattered around the city, especially if they were made cheaper out of something like an ESP8266 or a used cell phone, one could play NSA on a human-scale budget. (Local laws allowing.)

Is this horrible, creepy, illegal, or yesterday’s news? Hash it out in the comments!


Filed under: wireless hacks

No comments:

Post a Comment