Slashdot Mirror

← Back to Stories (view on slashdot.org)

WiFi Triangulation

Posted by michael on from the two-edged-sword dept.

mikegroovy writes "WiFi software tracks you down: 'Positioning technology company Ekahau has released an updated version of its software, which allows devices to be physically tracked when they are connected to an 802.11 WLAN network.' Maybe connections that are made from the street(or outside of a predefined area) could be automatically disconnected... It may spell an end to warchalking."

22 of 229 comments (clear)

  1. Finally by rice_web · · Score: 2, Insightful

    I hate the thought of other users being able to access my wireless connection. Even though I rarely have important files that I'm concerned about, it's nice to have some security.

    --
    The Political Programmer
  2. Good God, are you Clueless? by Henry+V+.009 · · Score: 5, Insightful

    Hint: War-chalking happens because people are clueless about their networks. The problem is networks that let everyone on board by default without any encryption.

    1. Re:Good God, are you Clueless? by sys$manager · · Score: 3, Insightful

      It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?

    2. Re:Good God, are you Clueless? by Anonymous Coward · · Score: 2, Insightful

      so becuase a network isn't under the tightest security possible everyone has the right to go in it and do as they will? i know, i know: people *are* going to take advantage of those networks because they are there. but i don't think you can justify it by saying the security was lax.

    3. Re:Good God, are you Clueless? by cyberformer · · Score: 3, Insightful
      It takes me all of 30 seconds to program my VCR, but most non-techies can't do it.


      Anyway, 128-bit WEP (actually just 104 bits) isn't safe. The crack just takes twice as long.

    4. Re:Good God, are you Clueless? by Gruturo · · Score: 4, Insightful

      It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?

      It will take AirSnort all of 30 minutes to crack your 128Bit WEP encryption since it is so badly flawed that I'd rather go _without_ it.

      Really, _don't_ trust WEP. Search Google or Ask Slashdot about cracking it, have a look at what You'll find.

      The only reachable IP on my 802.11 net is the IPSEC gateway.

      --

      Vacuum cleaners suck. Kings rule.
    5. Re:Good God, are you Clueless? by LarsG · · Score: 5, Insightful

      Anyway, 128-bit WEP (actually just 104 bits) isn't safe.

      We all know that. But an AP with WEP enabled is the digital equivalent of a "no trespass" sign, while an AP with no security at all is either set up by a clueless newbie or is deliberately left open to allow other people to get Internet access (which I'll do once I go wireless in my apartment).

      In order to promote public accesspoints, I'd prefer that the law doesn't consider it trespass to use an unsecured AP for Internet access.

      --
      If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    6. Re:Good God, are you Clueless? by The+Fink · · Score: 2, Insightful
      How hard is it for people to do?

      It's not that it's hard, it's that the kinds of people who are generally setting these things up have been roped into doing so, and often don't have the first clue about security in general. Nor do they care - they're not usually frontliners who deal with security breaches on a day-by-day basis, and probably couldn't detect a security breach if/when it happened to them.

      Very few SMEs - at least in Australia - 'can afford' to hire a fulltime sysadmin with any level of security knowledge. Sad, yet true...

    7. Re:Good God, are you Clueless? by iggie · · Score: 2, Insightful

      No, I'm not clueless, and I let everyone on board my wireless LAN without any encryption or password protection on purpose. Also, besides giving away bandwidth that I pay for to people I don't know for free, I have been known on occasion to do this with software that I write. No kidding! I just put it up on a web site and people I've never met download it for nothing. Amazing!

    8. Re:Good God, are you Clueless? by Idarubicin · · Score: 4, Insightful
      It takes me all of 30 seconds to program my VCR, but most non-techies can't do it.

      This may an important consideration for home wireless networks, but no excuse for corporate networks. Any business that has a "non-techie" building their network is inviting a whole lot of trouble--most of which probably won't be coming to them through their wireless AP.

      --
      ~Idarubicin
    9. Re:Good God, are you Clueless? by RollingThunder · · Score: 4, Insightful

      You underestimate the people in marketing, sales, etc who have no techie traning, but are quite happy to go and buy a WAP, and plug that in at their office, so they can one-up their co-workers.

      That practice is one reason that even clued network admins need to regularly recheck their networks for AP's. Rogue ones will forever be a pain in the ass.

  3. end to warchalking? by cosyne · · Score: 5, Insightful

    Not likely. The systems that get picked up by war____ers are generally the ones that someone took out of the box and plugged into the wall. Anyone who bothers to set up a triangulation system would probably already be using MAC restriction or other security measures. (Technically, you can still see a secured network and mark its location, but you could do that with a triangulation-restricted network too).

  4. big brother? by Ishkibble · · Score: 1, Insightful

    this sound more like something the gonvermnet would be doing instead of some company. imagine the advertisement companies, you walk in front of a star-bucks, and a pop-up for star-bucks coffe pops up, and the same for gas and what not. it raises the question of which is better knowing where you/your labtop are Vs. personal privacy. i'm sure not a lot of you will see what i'm saying, but think about it

  5. Re:some additional info by ++good-duckspeak · · Score: 2, Insightful
    Not really clear on how much cooperation is needed from the "tracked device". The fact that the ekahu site lists requirements for such devices is a bit confusing.

    And yeah, yeah, triangulation and signal strength and stuff, but does this software do it the hard way or depend on the truthful clients?

    --
    Why is Triangle Man so MEAN?
  6. Silly, silly controls... by coupland · · Score: 3, Insightful

    Since a huge proportion of us who have publicly-accessible Wi-Fi networks do so by choice you have to wonder what the value of tracking users is. If people use my hub I'm okay with it as long as they're not abusing it, more power (or bandwidth) to them. I don't need to track people using my hub, if I didn't want them I would spend a few minutes reading about security and prevent people from using my hub. The only people who would need to track users would be corporations but their security departments are so damn paranoid they're barely ready to admit Ethernet may be secure, let alone cool shit like Wi-Fi.

  7. Re:Constantly diminishing signals are rare in RL by GigsVT · · Score: 2, Insightful

    Triangulation only needs to know the angle to the signal from two seperated points that are a known distance from each other. You know, like a triangle.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  8. Re:Where will it end? by LarsG · · Score: 2, Insightful

    My god, don't these people realize that everything is supposed to be free? (That's "free" as in I-should-be-free-to-take-whatever-I-want-without- paying-for-it", of course).

    That's not what warchalking is about. It is about marking open access points, not about breaking into networks.

    It should be legal to plug an AP into my DSL line, put a chalk mark on the side of the building and allow people nearby to use my connection for checking mail or the occational browsing.

    Is it shoplifting or trespass if your neighbour put a radio in the window and you listen to it while relaxing in your yard?

    Securing an AP is fairly trivial, and people who don't want the occational stranger to access their network should take the 30 seconds needed to enable WEP or password/MAC security.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  9. Re:Where will it end? by Anonymous+DWord · · Score: 4, Insightful

    the current guesstimate is that sales will drop about 20% due to online copyright infringement.

    Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party. CD sales went up when Napster was in its prime. What does that mean? Nothing. Maybe the fact that we're in a major recession and people don't have as much money to blow on stuff, or that the crap they're pushing for sale... naah, that couldn't be it. It must be those Music Pirates! Arrr!

    --
    "If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
  10. Not so by Anonymous Coward · · Score: 1, Insightful

    Such scalar fields can easily be integrated using quaternions, where the 4th dimension is time. Zipf's Law in this case actually helps find the solution path, as you merely have to choose some constant of integration that will agree with all possible paths.

    So a bit of heavy math is involved to get traction on the problem but hey, someone paid all those 19th century mathematicians to come up with these algebraic tools. We might as well use them when they apply.

  11. Heh. Not so quick guys. by jeremyacole · · Score: 2, Insightful
    I wouldn't say this will be the end of warchalking, more like a cool toy with some very practical (and very scary) applications.
    Even the very term "triangulation" implies that you'll need 3 access points to do it.
    • With 1 access point, all you can tell is a VERY rough "how far away are they". A lot of other factors affect signal strength and timing (reflections make a big difference), so this is not at all reliable.
    • With 2 access points, you can get a bit more accurate about where they are, but not *that* much because of all of the other factors.
    • With 3 access points, you can generally locate a signal rather well, because they can see more points, and in particular if the 3 APs are located in a triangular fashion, with the user in the middle, youcan quite accurately track them.
    The accuracy of the system will be almost entirely dependent on the number of access points that a user can see at a given moment, the more APs, the more accurate. Just like GPS.
  12. Don't forget the "Tri" in "Triangulate"! by SlimFastForYou · · Score: 3, Insightful

    Not the best option if you want security... Triangulation requires 3 WAPs in distinctly different spots. Most home users don't have a WAP in their kitchen, bedroom, and bathroom. It may be argued that universities have WAPs all over the campus. That may be so, but is a wardriver usually in the range of 3? I am no expert on campus WAP placement, but the only places I immagine could be triangulated would be roughly the center of the campus. So while multiple gradebooks are being accessed by a host with an unknown MAC address, the triangulation software will say "Not enough base stations to determine location".

  13. Re:not really the end... by kylegordon · · Score: 2, Insightful

    "Warchalking means exposing unsecure Networks. "

    Bollocks it does! I'm fed up hearing this negative view of warchalking coming from people who don't have a clue. I have a warchalk symbol outside my house to denote that I give free net access, not that I have 'an insecure network.' Warchalking is about telling others what is available, and it doesn't imply that the network is insecure or illegal in any way.

    No wonder warchalking is getting so much bad press these days. Next I'll be having the Police at my door, arresting me for being a hacker on my own network and telling others about the free net access I've found.

    Bloody idiots.