Slashdot Mirror
WiFi Triangulation
mikegroovy writes "WiFi software
tracks you down: 'Positioning technology company Ekahau has released an updated version of its software, which allows devices to be physically tracked when they are connected to an 802.11 WLAN network.' Maybe connections that are made from the street(or outside of a predefined area) could be automatically disconnected... It may spell an end to warchalking."
The 802.11b network at my school fails after 50 feet.
Don't throw away that chalk just yet!
Triangulation of EM is based on the assumption that the strength of a signal will diminish with the square of the distance from the source, or some other constant function with other signals.
When was the last time you were using wireless (especially through a wall) that had the same range from the access point in any direction?
I can't picture it working in a supermarket, with the metal shelving, compressors for the cold storage, etc. Sure, in a lab it'll work great, but with any kind of range or non-uniform building structures, not a chance.
You are, in fact, wrong. Wolfgang is right in his description of the relation between warchalking and wardialing. That covers the "war" aspect. The "chalking" aspect is derived from the marks hobos would use indicating safe places to sleep, houses with guard dogs to avoid, farmer's daughters to sleep with, etc... The nomadic lifestyle leaving marks for other nomads saying "hey, there's something interesting here."
Normally, then, the owner of the network would not be party to either the "war" or "chalk" methods.
This sig intentionally left justified.
And it implies that triangulation is not involved:
So perhaps if you bump the power of your signal from the outside they will think you are inside.
www.bannination.com Two things float to the top he
I can think of several ways it might work, but all of them present significant challengs. Relying on relative signal level would be ludicrous, because signal level changes dramatically with card orientation, reflections, and whatever's in the middle. Heck, I get significant variance in signal level on the fixed links between the antenna on my roof and neighbor's sites.
Using a GPS-like timing comparison might do the trick, but it's set up backwards. With GPS you have a bunch of atomic clocks in orbit, and one device correlates the relative signal phase between them. With APs, you have to have extremely accurate timing across all the APs, which is a very hard problem (I've researched it...). Once you have that, you can compare reception times of a packet from the device being tracked, and triangulate. Problem is 1 meter accuracy represents some scary clock accuracy numbers across several APs with just an Ethernet between them.
If anyone can think of any other way to pull this off (WITHOUT modifying the client, and ideally without any special hardware, i.e. implementable in the HostAP driver), post them here.
GStreamer - The only way to stream!
Triangulation works great in two dimensions, but when you use a third you have to do quadrangulation (is that even a word? I'll bet it is) like say you work for a company in a five story office building, when you triangulate where a person is in relation to you distance wise and in which general direction, but you don't really know where he is, maybe he's 15 meters in front of you and maybe he's 5 meters in front of you, but three floors down. They could both register as the same with triangulation. I will start the quadrangulating WiFi revolution.
Don't forget, arrival times (read: ping) can also be spoofed from the client side easilly (this might require mods to the NIC's driver). So even if arrival time based triangulation were implemented, it could also potentially be bypassed.
This is not a replacemet nor a supplement for security. I am unaware of any type of triangulation system that cannot easilly be spoofed by a sufficiently smart person.
This is a neat trick you can use for practical purposes (such as smart shopping carts in grocery store, cheep "GPS" in the city, etc.) but worthless for security, etc.
If anyone thinks i'm incorect, please reply. It would be interesting to hear other people's ideas on spoofing triangulations.
Two infinite things: your stupidity and mine. But I'm not sure about the latter. If my sig offends you, I'm sorry.
Actually, how long it takes to work through WEP depends on how much traffic you create. There are a few ways to use RC4 that really cut down on its security; WEP does most of these things.
You could set the laptop up to turn off the wireless card when not in use. They only know where you are if you use their network. And it shouldn't be too hard to block pop-ups on you own laptop/handheld that weren't associated with a webpage request on you end.
However, while this won't add much to the most secure systems, it would allow companies to reduce the hassle associated with maintaining a reasonably secure wireless system. For example, a company like Starbucks might want to offer internet access to customers inside the store, but keep people from using it in the unaffiliated bookstore next door. Or, a company might want to offer internet access to visiting consultants, customers, etc. without dealing with setting up each device. (Full disclosure: I have never used a wireless LAN, so I don't know how much trouble it is to connect to one that is properly secured. I would imagine it could become at least an annoyance.) If a company was willing to assume that the building was secure, they could allow access from any point withing the building. If you were paranoid, you could limit this to business hours.
Because they use chalk to make a )( symbol to designate an open AP.
As a sidenote, Schlotsky's restaraunts put up little plaques near the entrances to their stores with the open AP symbol. Such a nice thing to see, rather than the money hungry Starbucks shops charging by the minute for access.
For a brief moment, I questioned why I am paying for a landline feed and not just piggybacking bandwidth off of my hapless neighbors.
Last time I checked, airsnort and other wireless crackers needed on the order of millions of packets in order to determine the key for a weak key.
Maybe you generate that many packets in 30 minutes (NOT), but the researchers said that it would take about a day to get the key from a network of active office users, and a few hours if the network is maxxed out.
Your average home user won't generate that many packets in a week (except, perhaps, those playing quake) and only their neighbors will have the patience and opportunity to grab keys for a week without being caught.
You should change your WEP as often as you change your passwords. Doing these things will keep freeloaders and those who are looking for an easy to break into network out. If someone is determined enough to break into your network, it won't matter what you do, they'll manage a way in. Even you know that if your life depended on getting access to someones home network, even with ssh, ipsec, etc, you could do it through other means.
-Adam
This is all true. However, it is not really important for home users to enable WEP. Corporate users are the ones who need to enable it and they generate plenty of traffic, making it easy to crack their keys in a day.
I attended a hacking boot camp this summer and the final day we took a laptop, gps and a wireless nic antenna on a busride to map some networks. About 19% used encryption. Those who didn't included Motorola, the regional telco, the city police department, CompUSA, and the list goes on and on.
My point is that wireless has no place in any environment that requires security.
Yes, it will confuse it.
:-)
Their method will probably even fail if you switch WiFi cards. I've got a Compaq WL110 which has a range of about 10 feet. My Lucent card on the other hand sees the access point from 100 feet, without line-of-sight (I assume the radio waves bounce off the ceiling through the window; no other way to explain _that_ range).
My access point has antennas that can be moved into different polarisations, and in an off-colour configuration, access without line-of-sight becomes really spotty: it works in one place, and a few feet to the side it stops.
But it seems to me the point of the seller is not to track abusers, but rather to track known-good devices in a known area. That alone is a cool concept, if you see what contortions people go through now when designing warehouse positioning systems. I've seen the results of an automated fork lift running through the wall of a warehouse because the reflective pad that marked the end of the aisle was covered in grime.
Hmmmm, I can envision the next hobby: sit outside a warehouse with a 2.4GHz klystron, wait until you hear the fork lift come down the aisle, then switch on the jammer and watch the fireworks
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
TCP/IP has nothing at all to do with this, nor Zipf's law, nor any inverse square law, nor any kind of physical model. The system simply builds an empirical numerical model relating received power at the access points to location. As long as received power varies reproducibly with distance (not even necessarily monotonically) and you get enough independent measurements, that is possible.