Wednesday, March 21, 2007

Wifi Beacon Seapage

Data 'seepage' refers to the fact that we broadcast bits of information about ourselves to the public world. Clever people who collect that information can exploit it in interesting ways.

One example is a startup called Skyhook Wireless. They have wardrivers in the major U.S. cities getting the GPS coordinates of all the major wireless access points. Then, when a user runs their software on notebook computers, the users can send Skyhook the MAC address of their current hotspot, and Skyhook will send them back their location. The software will also provide "location based" services, such as search and advertising.

Recently, they've partnered with AOL to provide a plugin to their instant messenger so that you can see where your chat buddies are on Mapquest.

All this sounds really cool, and I'm sure Skyhook is not evil, but of course, I get paid to think up ways it can become evil.

For example, the software they put on your computer can not only send Skyhook the MAC address of your access point, but of other access points near you. Since they know the GPS coordinates of one access point, they can discover the likely GPS coordinates of a lot of other ones - without sending one of their 200 drivers around to find it. This is not evil, but it does make you start to think. Most people don't secure their wifi access points because they believe nobody is listening to them. Once they discover that there is, indeed, a company keeping track of all these things, they might change their habits. For example, they might turn off the broadcast of SSID, which will prevent a desktop agent from discovering it. It won't, however, stop more advanced sniffers: a desktop agent would presumably retrieve SSID broadcasts from the Windows wireless configuration stuff, to get SSIDs from quieter networks requires custom drivers.

When one person runs the Skyhook desktop software, they will compromise the location of everyone behind an access point. Everyone behind an access point shares the same IP address. That means that while a Skyhook user is chatting on AIM, you are visiting, and you might see advertisements for the neighboring shoe store. This is because your fellow hotspot user told Skyhook about your common IP address, which in turn told ESPN. Indeed, Skyhook can shortcut this by including UPnP queries in their wardriving tool to map the current Internet-facing IP address from open access points. While such IP addresses change in theory, they change infrequently enough that it could still be useful to Skyhook.

If you are paranoid, there are some steps you can take to defend against this sort of seepage. Most home wifi access points allow you to turn off SSID beacon/broadcasts; that's a good step. Most home wifi access points allow you to change your MAC address. Rather than have unique identifiers for those, you could change them into something more bland. Indeed, you could search for wardriving information people have posted on the web, and copy down those SSIDs and MAC addresses. It'll really annoy Skyhook to have the same MAC address used in multiple locations throughout the Internet. I suggest using a MAC address of 00:00:DE:AD:BE:EF. Also, I use "Wayport_Access" for my SSID, precisely because it's so common.

No comments: