Posted on 08/03/2013 5:12:33 AM PDT by LibWhacker
With a handful of plastic boxes and over-the-counter sensors, including Wi-Fi adapters and a USB hub, Brendan O’Connor, a security researcher, was able to monitor all the wireless traffic emitted by nearby wireless devices.Brendan O’Connor With a handful of plastic boxes and over-the-counter sensors, including Wi-Fi adapters and a USB hub, Brendan O’Connor, a security researcher, was able to monitor all the wireless traffic emitted by nearby wireless devices.
Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?
Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.
Each box cost $57. He produced 10 of them, and then he turned them on – to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi – say at a cafe – and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.
(Excerpt) Read more at bits.blogs.nytimes.com ...
... one reason to NEVER download your banking data on your smart phone!
That’s what encryption is for. Anyone can listen in and gather as much data as they like, but all that banking data will just be gibberish.
Yes, never do anything serious on a public wi-fi connection.
Burn a free Backtrack live CD and you can do this without building any hardware.
AFAIK, attaching to a web site that has https is always safe as the data is encrypted both ways.
If everyone does things right on both ends, true. Not infrequently, they don’t. Better safe than sorry.
If you open your banking page on an open wi-fi and then proceed to log on, that log-on was not encrypted.
Even when encrypted, people don't necessarily have to read the encryption to use it. Capture the train and resend it. For example, you send an encrypted signal to deactivate your house alarm for the exterminator. I capture that signal and resend it. I don't have to be able to read the signal just know what it does and duplicate it. This gets much more complicated, as people parse coded commands by knowing what a string length means regarding function.
For a code to prevent this, but send and receiver must be time synced with an ever changing algorithm based on the time. That is a very complicated code.
There are now thumb tip sized USB WIFI antennas, that with a little modification could look the same, but could do all sorts of things.
For example voice recording the entire room, compressing the recording and sending small mp3 files to a particular IP address, without the computer even being part of the process.
I was thinking one more reason to toss the cell phone in the trash.
Those only apply of the crypto programmer is incompetent.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.