The pictures were taken by the researcher-- Mr. Bransfield. The cat is named Coco, and Coco is looking for open wifi connections. No, Really.
On to the Wired account:
Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ Wi-Fi networks, identifying four routers that used an old, easily-broken form of encryption and another four that were left entirely unprotected.
Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery—everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with, at most, some simple crypto-cracking tools.
Some background --
In the 1980s, hackers used a technique called “wardialing,” cycling through numbers with their modems to find unprotected computers far across the internet. The advent of Wi-Fi brought “wardriving,” putting an antenna in a car and cruising a city to suss out weak and unprotected Wi-Fi networks. ......
Despite the title of his DefCon talk—”How To Weaponize Your Pets”–Bransfield admits WarKitteh doesn’t represent a substantial security threat. Rather, it’s the sort of goofy hack designed to entertain the con’s hacker audience. Still, he was surprised by just how many networks tracked by his data-collecting cat used WEP, a form of wireless encryption known for more than ten years to be easily broken. “My intent was not to show people where to get free Wi-Fi. I put some technology on a cat and let it roam around because the idea amused me,” says Bransfield, who works for the security consultancy Tenacity. “But the result of this cat research was that there were a lot more open and WEP-encrypted hot spots out there than there should be in 2014.”
In his DefCon talk, Bransfield plans to explain how anyone can replicate the WarKitteh collar to create their own Wifi-spying cat, a feat that’s only become easier in the past months as the collar’s Spark Core chip has become easier to program. Bransfield came up with the idea of feline-powered Wi-Fi reconnaissance when someone attending one of his security briefings showed him a GPS collar designed to let people locate their pets by sending a text message. “All it needed was a Wi-Fi sniffer,” he says. “I thought the idea was hilarious, and I decided to make it.”
In his DefCon talk, Bransfield plans to explain how anyone can replicate the WarKitteh collar to create their own Wifi-spying cat, a feat that’s only become easier in the past months as the collar’s Spark Core chip has become easier to program. Bransfield came up with the idea of feline-powered Wi-Fi reconnaissance when someone attending one of his security briefings showed him a GPS collar designed to let people locate their pets by sending a text message. “All it needed was a Wi-Fi sniffer,” he says. “I thought the idea was hilarious, and I decided to make it.”
.....Coco .... revealed 23 Wi-Fi hotspots, more than a third of which were open to snoops or used crackable WEP instead of the more modern WPA encryption. Bransfield mapped those networks in a program created by an Internet collaborator, using Google Earth’s API. The number of vulnerable access points surprised Bransfield; He says that several of the WEP connections were Verizon FiOS routers left with their default settings unchanged.
Summary of the Wired account:
Though...[Bransfield] admits his cat stunt was mostly intended to entertain himself, he hopes it might make more users aware of privacy lessons those in the security community have long taken for granted. “...
A better conclusion though might wonder whether the warkitteh collar allows someone to ALSO locate their pet in the field. It is not clear to me that Bransfield's collar does both--receive text messages and sniff out routers. Otherwise, we are exposing cats to risk. Not that anyone is going to duplicate Bransfield's prank. I don't think.
No comments:
Post a Comment