Slashdot Mirror

← Back to Stories (view on slashdot.org)

NatSci 802.11x WiFi Tracker Zeroes In On Users

Posted by timothy on from the triangulation-nation dept.

securitas writes "Techweb reports that IT admins can now track and physically locate 802.11x WLAN users within a few feet using the new Wi-Fi Tracker hardware from National Scientific, based on its DarkStar wireless product. NSC's site says it will also produce tracking-only 'tag or badge' formats so admins are not limited to tracking active WLAN users and equipment. The company is now shipping development kits to its first customers and a technical specs PDF is available. The product incorporates Ekahau triangulation software. This is reminiscent of an earlier Slashdot story about office surveillance using 802.11b triangulation to track and determine the location of wireless network users."

6 of 85 comments (clear)

  1. Re:What does it take? by Null_Packet · · Score: 5, Informative

    AFAIK, the signal strength metric from almost any card is different from any other, making it a highly arbitrary number from vendor to vendor. With that said, Kismet (www.kismetwireless.net) offers the ability to store signal strength and do some nifty triangulation with GPS.

    I am interested to see if the product in question can be used indoors for traingulation. Without a usable gps signal, you'd have to calibrate known locations and that seems out of the range of the Dark Star's ability.

    FWIW, I spoke at ToorCon in San Diego this last fall on the subject of using a directional antenna and a fluxgate (electronic) compass. We did some coding and quite a bit of hardware hacking, and we didn't get far because one sensor cost around $1400 in raw materials and hardware tests to get one built.

    Google for Cassandra or e-mail me if you're still interested.

  2. Not for wardrivers... by Anonymous Coward · · Score: 1, Informative

    If you can imagine, that the company is enough security wise to deploy such solution to catch wardrivers, it probably employs other anti-hacking measures that among other things include strong authentication & encryption schemes (SSL tunneling, IPSEC, ...). Since traffic protected in such manner can be passively detected, one can imagine that wardrivers will simply proceed to the next mark, since they are merely trying yo exploit unsecured || weakly secured (WEP) networks.

    Using this to catch wardrivers is as useless as killing mosquitos with elephant gun. Eventualy you get the job done, but it would be much cheaper and much more effective to simply buy a mosquito net.

    You could use such solution in honeypot, but when caughtm the user could simply claim ignorance, as there are no "ether" signs preventing you from "accidentaly" connecting to AP is it is completely open to the world (left on default settings).

    Anonymous Cowards Unite

  3. Re:IANAEE by rcw-home · · Score: 4, Informative
    I'm not an Electrical Engineer, but would this system be able to tell where I am located if I'm using something like a yagi or parabolic dish from several miles away?

    A directional antenna is like a flashlight. It's pretty easy to find someone shining a flashlight at you. To answer your second question, it's no harder to find someone using multiple flashlights.

    Once you know the general direction, you can drive there, and once you get close enough, there will be more than enough signal from the antenna's sidelobes to finish the triangulation.

    For what it's worth, you only need triangulation to determine range. It's possible to determine the direction of a signal without pointing directional antennas around while looking at signal meters. By putting two dipoles a known distance away from each other and comparing the phase of the returned signal (like humans do with their ears) they can determine direction - with a third dipole, or by rotating the array, they can determine whether the signal is in front or behind them.

    For more information on this, google search for some combination of "foxhunt", "radio direction finding", "RDF", or "TDOA".

  4. Re:What does it take by pagz · · Score: 2, Informative

    I work in the mobile computing lab at Rutgers ( http://www.cs.rutgers.edu/dataman )

    one of the projects I work on is indeed localization based. We were working on Berkeley's Mica MOTES and have an algorithm APS which can as the above poster stated use a relative coordianate system. However in reference to the article ranging based on signal strength is worthless (based on my own research and experience). Strength fluctuates too much to give a good equation for trianglulation. On the mote hardware the signal strength is a type decreasing amplitude sin function. So yes signal strength goes down as range increases but not cleanly. With a given strength you could be 5 feet, 13 feet or 35 feet away from the base station. This is probably not going to work very well in office use as metal also really screws with wireless signals (Anyone at MobiCom2003 see my APS demo there and wonder why the hell the board was proped up on coffee mugs? a metal band running around the table was carrying the radio signal around the damn table)

    So in short I really doubt this will be a boon to wireless sys admins

  5. Re:IANAEE by LostCluster · · Score: 2, Informative

    Well, such a system, in theory, would have at at least be able to detect monkey business when it sees it...

    A yagi from miles away would hit one access point, and only one access point. However, this system requires that all authorized transmitters hit at least two if not three access points. It's going to be sure where this person is, but it can be sure where this person isn't... Remember, the first step in dealing with a hack is realizing you've been hacked. The hacker's traffic flags itself for attention this way.

    A multi-antenna setup might stand a chance of properly simulating a spot on the map by sending the right signal strengths to the right access points. However, that ruse would have one critcal weakness... a physical check of the spot being highlighted on the map would find no user there. Again, no accurate clue as to where the hacker is coming from, but a definite indication that there is a hacker. Any other combination would result in a combination of signal strengths that result in an inability to resolve to a point, but that again results in a sign of trouble.

    Yeah, this system could be fooled... but coloring outside the lines would at least draw attention to a problem.

  6. Re:What does it take? by Anonymous Coward · · Score: 1, Informative

    your making it too complicated. In the world wars they used simple directional antenna's and estimated the signal's strength. Using just the direction the signal came from recorded by two or three base points you can find the location, if they didn't have the time to accuratly find the direction they would use the estimated signal strength that each point recorded to estimate the location. Doing some thing like this for a office shouldn't be too hard. Why try and use only one directional antenna, and signal strength? The only reason modern triangulation uses signal strength is because they try and use one self contained unit for easy of use. when your triangle becomes small enough you to hold in your hand it needs more data than just the direction.