A security researcher erected a personal surveillance apparatus to spy on the movements of virtually everyone on his street with just a few hundred dollars.
Brendan O’Connor, 27, bought 10 unassuming plastic boxes which he stuffed with a “credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters,” The New York Times reports. “He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.”
Each box cost only $57. When he turned them on—to spy on himself, he says—he was able to pick up sites he browsed from a public Wi-Fi as well as the unique identifier information connected to his phone and iPad. “Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up,” including “what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.”
—Posted by Alexander Reed Kelly.
The New York Times:
You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. O’Connor argued, would surely leak some information about them – and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed.
… “It eliminates the idea of ‘blending into a crowd,’” is how he put it. “If you have a wireless device (phone, iPad, etc.), even if you’re not connected to a network, CreepyDOL will see you, track your movements, and report home.”
Can individual consumers guard against such a prospect? Not really, he concluded. Applications leak more information than they should. And those who care about security and use things like VPN have to connect to their tunneling software after connecting to a Wi-Fi hub, meaning that at least for a few seconds, their Web traffic is known to anyone who cares to know, and VPN does nothing to mask your device identifier.
Meigs O'Toole (CC BY-ND 2.0)