Slashdot Mirror
WiFi Triangulation
mikegroovy writes "WiFi software
tracks you down: 'Positioning technology company Ekahau has released an updated version of its software, which allows devices to be physically tracked when they are connected to an 802.11 WLAN network.' Maybe connections that are made from the street(or outside of a predefined area) could be automatically disconnected... It may spell an end to warchalking."
Hint: War-chalking happens because people are clueless about their networks. The problem is networks that let everyone on board by default without any encryption.
"Ekahau reckons there is a market for networks used primarily for location-based purposes as opposed to carrying other data. "
Can't remember the last time I saw the word, "reckons" in a major publication. I reckon it was some time ago.
For some more info check out the company's website. Here's the page on EPE. Looks like pretty neat technology. Easy to set up and accurate to within 1 meter. I doubt warchalkers will be deterred though. :)
Karma: Excellent (In Soviet Russia, karma pimps YOU)
Not likely. The systems that get picked up by war____ers are generally the ones that someone took out of the box and plugged into the wall. Anyone who bothers to set up a triangulation system would probably already be using MAC restriction or other security measures. (Technically, you can still see a secured network and mark its location, but you could do that with a triangulation-restricted network too).
>It may spell an end to warchalking.
I thought that warchalking existed more for those who are offering wireless access to alert others than revealing the open status of another's network. Any warchalkers want to chime in? Are you guys mostly ID'ing your own WAPs or the WAPs of others?
The 802.11b network at my school fails after 50 feet.
Don't throw away that chalk just yet!
There are a lot of benefits to having this ability. At work, I can now equip our parking officers with wireless PDA's and soon I will be able to make sure that they are not sleeping in the lobby of some building instead of writing parking tickets. Maybe they will actually be out to ticket people parked illegally while attempting to warchalk from their vehicle! Now that's irony!
You should take a look at this article. Students at Dartmouth College have been using / developing wi-fi tracking systems for a while now. A nice way to track down your buddies at the campus.
One way to get around a measure like this is to obtain a surface which can reflect EM radiation at 2.4ghz, such as AMQ coated polycarbonates or crystalline-structured metallics. By using a small set of these "mirrors" at strategic locations, you could fool the software into thinking you're actually receiving from inside the CEO's office.
Since most modern triangulation techniques, including Ekahau's, depend on standard mathematical models of radius delta-reduction, it's trivial to set up your reflectors in such a way that the tracking mechanism can't deduce a logical place for your signal to originate from. Hopefully as location-spoofing becomes more commonplace, the government won't enact any laws restricting the use or registration of EM reflective surfaces.
Triangulation of EM is based on the assumption that the strength of a signal will diminish with the square of the distance from the source, or some other constant function with other signals.
When was the last time you were using wireless (especially through a wall) that had the same range from the access point in any direction?
I can't picture it working in a supermarket, with the metal shelving, compressors for the cold storage, etc. Sure, in a lab it'll work great, but with any kind of range or non-uniform building structures, not a chance.
Since a huge proportion of us who have publicly-accessible Wi-Fi networks do so by choice you have to wonder what the value of tracking users is. If people use my hub I'm okay with it as long as they're not abusing it, more power (or bandwidth) to them. I don't need to track people using my hub, if I didn't want them I would spend a few minutes reading about security and prevent people from using my hub. The only people who would need to track users would be corporations but their security departments are so damn paranoid they're barely ready to admit Ethernet may be secure, let alone cool shit like Wi-Fi.
I used to find people by pinging their computers! I'd ping a friend's laptop (using their Windows computer name), look at their IP, then go find them on campus. I think I scared a few people when I'd say "Stay right where you are" and walk over to the study room where they were hiding.
Although I guess using triangulation accurate to a meter would let me say "You're on my spot on on the couch. When I get back from class, you gotta move."
And it implies that triangulation is not involved:
So perhaps if you bump the power of your signal from the outside they will think you are inside.
www.bannination.com Two things float to the top he
I found a new open network near my girlfriends apartment,opened up my browser to /. and saw this as the lead story.
Perhaps I'd better log off now....
Where does the school board find them and why do they keep sending them to ME?
I can think of several ways it might work, but all of them present significant challengs. Relying on relative signal level would be ludicrous, because signal level changes dramatically with card orientation, reflections, and whatever's in the middle. Heck, I get significant variance in signal level on the fixed links between the antenna on my roof and neighbor's sites.
Using a GPS-like timing comparison might do the trick, but it's set up backwards. With GPS you have a bunch of atomic clocks in orbit, and one device correlates the relative signal phase between them. With APs, you have to have extremely accurate timing across all the APs, which is a very hard problem (I've researched it...). Once you have that, you can compare reception times of a packet from the device being tracked, and triangulate. Problem is 1 meter accuracy represents some scary clock accuracy numbers across several APs with just an Ethernet between them.
If anyone can think of any other way to pull this off (WITHOUT modifying the client, and ideally without any special hardware, i.e. implementable in the HostAP driver), post them here.
GStreamer - The only way to stream!
Triangulation works great in two dimensions, but when you use a third you have to do quadrangulation (is that even a word? I'll bet it is) like say you work for a company in a five story office building, when you triangulate where a person is in relation to you distance wise and in which general direction, but you don't really know where he is, maybe he's 15 meters in front of you and maybe he's 5 meters in front of you, but three floors down. They could both register as the same with triangulation. I will start the quadrangulating WiFi revolution.
the current guesstimate is that sales will drop about 20% due to online copyright infringement.
Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party. CD sales went up when Napster was in its prime. What does that mean? Nothing. Maybe the fact that we're in a major recession and people don't have as much money to blow on stuff, or that the crap they're pushing for sale... naah, that couldn't be it. It must be those Music Pirates! Arrr!
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
One way to do it is to determine the direction the signal is coming from using two known points. This is quite easy, and can be done with even basic direction finders. Imagine that point A and point B are directly east/west of each other. Now, draw a ray from point A outward at, say, 45 degrees. Draw another ray starting at point B at, say, 275 degrees. Where they meet is the location. This form requires only two points.
The other way requires three sites. You use a timing method to determine how far away they are. Imagine points A, B, and C (the location of the points is basically arbitrary, so long as they aren't too far apart). Draw a circle with a radis of one inch from point A (indicating the signal, determined by timing is, we'll say one mile away), and another with a two inche radis from point B. In most (but not all) circumstances, the circles will meet at two points. Thus, in most (but not all) circumstances, two will not be enough. Now draw a circle around C (I can't give you a radis length as I am unwilling to do the math in my head) to intersect with one of the other two intersections. If you've done it right, no matter how hard you try, assuming you've drawn perferct circles, the circle around point C will only meet with one of the two A/B circle intersections. This make any sense???
Whiteboard capturing devices use a similar principle. Two microphones are at opposite ends of the whiteboard and an ulrasound emitter is attached to the pen. When you move the pen the CPU unit attached to the mikes triangulates the postion of the pen and renders the digital image of the whiteboard. I always thought it was a simple and elegant solution compared to the touch sensitive whiteboards that cost much more. Another company now has a mini version of this technology for iPaq which attaches to a normal writing pad and allows you save anything you write on your iPaq.
That's what my boss thought, too. You should be able to crack a somewhat busy network using 64 bits in about eight hours with AirSnort. It took me about sixteen to recover the password (longer because it was just one host and me running `ping -f -c 1 wifi` from my desktop).
:-)
WEP will only deter the laziest script kiddie... Sorry.
Yes, it will confuse it.
:-)
Their method will probably even fail if you switch WiFi cards. I've got a Compaq WL110 which has a range of about 10 feet. My Lucent card on the other hand sees the access point from 100 feet, without line-of-sight (I assume the radio waves bounce off the ceiling through the window; no other way to explain _that_ range).
My access point has antennas that can be moved into different polarisations, and in an off-colour configuration, access without line-of-sight becomes really spotty: it works in one place, and a few feet to the side it stops.
But it seems to me the point of the seller is not to track abusers, but rather to track known-good devices in a known area. That alone is a cool concept, if you see what contortions people go through now when designing warehouse positioning systems. I've seen the results of an automated fork lift running through the wall of a warehouse because the reflective pad that marked the end of the aisle was covered in grime.
Hmmmm, I can envision the next hobby: sit outside a warehouse with a 2.4GHz klystron, wait until you hear the fork lift come down the aisle, then switch on the jammer and watch the fireworks
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
Microsoft Research did some work on this a couple of years ago - they called it RADAR.
The equations they use are pretty simple, and they seem to be getting very optimistic results. They, too, use signal-strength triangulation, together with a model of the local area (so you feed in how many walls are between you and the AP, for instance), and some processing based on recent history. That's to say, four out of the five latest samples have you outside on the pavement, and one of them has a 50 yards away in the eastern wing, you're probably still on the pavement.
Venkata N. Padmanabhan has some more papers on this on his homepage. Victor Bahl has a demonstration here but I guess it only works on IE.
TCP/IP has nothing at all to do with this, nor Zipf's law, nor any inverse square law, nor any kind of physical model. The system simply builds an empirical numerical model relating received power at the access points to location. As long as received power varies reproducibly with distance (not even necessarily monotonically) and you get enough independent measurements, that is possible.
Not the best option if you want security... Triangulation requires 3 WAPs in distinctly different spots. Most home users don't have a WAP in their kitchen, bedroom, and bathroom. It may be argued that universities have WAPs all over the campus. That may be so, but is a wardriver usually in the range of 3? I am no expert on campus WAP placement, but the only places I immagine could be triangulated would be roughly the center of the campus. So while multiple gradebooks are being accessed by a host with an unknown MAC address, the triangulation software will say "Not enough base stations to determine location".
The research group I work in used many of the same techquies that this software company uses to create Nibble which also can do positioning using Wifi; http://mmsl.cs.ucla.edu/nibble/. Free. GPL'd source is available too.
Things to note, however, about any 802.11 tracking software it that its accuracy is poor > 5 meters, unless you are using 5 or 6 *simultaneously* accessible access points (it even states this in the Ekahau manual). Tracking software can be thrown off by even seemingly minor enviornmental changes like crowds of people etc. Also some calibration is also required.
Don't worry about this shutting down free access points as it is way harder to do location tracking than it is to set up an encryption system (even really good VPN style encrytion) or a simple MAC address filter.
Mike
Rather than using signal strength for triangulation, you use it to record a "radio map", and compare your current position to the map. The basic steps are:
1) Walk around a room, recording the signal strength to each AP (so you get a file such as "Access Point #1, Avg signal: 96 AP#2, Avg signal: 74 ..."
). Netstumbler or other software can help you make this file.
Create a "profile" like this for every location you wish to map (roughly, one every square foot or meter). The number of profiles determines the granularity of the system, but too many profiles can cause "collisions" in the sense that different locations have similar profiles, for some reason or another. There are ways to combat this, one of which is to make an educated guess on the new location based on the last one. (i.e., the user could not have walked over 10m in one interval)
2) When a user connects, they can compare their current signal strength info ( such as AP#1, signal: 34 AP#2, signal: 74) to the map: the closest point is probably their location.
I did a simple euclidean distance calculation (taking each profile as a vector in some large space [cool how the pythagorean thm. generalizes, eh?]. There are many better ways, which I am researching this semester, but euclidean distance is fine for now.
I'm pretty sure this is why they must spend an hour per 10,000 square feet to "calibrate" the system. I had to do the same, but it was a *lot* slower; I need to make a tool to do this automagically.
This semester I am also looking to get my system working with an ipaq robot running familiar. It's the combination of the palm pilot robot kit and this positioning system. Hopefully, the little robot should know (roughly) where it is, and be able to be controlled via the internet.
Check out my webpage if you are interested in more details.