Anonymizing Wi-Fi Device Project Unexpectedly Halted

An anonymous reader notes that a project to develop an anonymizing Wi-Fi device has been canceled under mysterious circumstances. The device, called Proxyham, was unveiled a couple weeks ago by Rhino Security Labs. They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location. But a few days ago the company announced it would be halting development and canceling a talk about it at Def Con, which would have been followed with a release of schematics and source code. They apologized, but appear to be unable to say anything further.

"In fact, all [the speaker] can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It's almost as if someone were trying to pretend the tool never existed." The CSO article speculates that a government agency killed the project and issued a gag order about it. A post at Hackaday calls this idea absurd and discusses the hardware needed to build a Proxyham. They say using it would be "a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges — but so will blowing up a mailbox with some firecrackers." They add, "What you’re seeing is just the annual network security circus and it’s nothing but a show."

Encryption across radio waves is illegal?

[hawguy]

It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations.

I think they mean that encryption on licensed Ham bands is illegal, since encryption over radio is perfectly legal (otherwise both Bluetooth and Wifi would be illegal).

Re:Encryption across radio waves is illegal?

[everett]

I haven't looked in to it, but the statement "They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location." makes me believe it would be using the portion of the amateur radio spectrum that borders the wifi range (as is used by HSMM) and thus encryption is not allowed.

Re:Encryption across radio waves is illegal?

[Forever+Wondering]

As a former ham: RTTY used to be [5 bit] Baudot. Using ASCII was considered encryption [and illegal]. Eventually, things changed and ASCII was allowed.

Re:Encryption across radio waves is illegal?

[Forever+Wondering]

If it were operating on a ham band, the user would need a ham license with the right classification (e.g. the higher the classification [the more difficult the test], the more frequencies you're allowed to use). Ham radio operators would object to their relatively small bands being encroached on.

More likely, the frequency was some "open" frequency, not assigned to anything or specified as needing no license [like WiFi or baby monitors, wireless [non-cell] phones, etc.]. [Overly] large swatches of radio spectrum are designated for military purposes.

It can't be encryption alone. Since WiFi hookups use encryption (e.g. ssh/ssl/tls), that isn't the likely objection. Perhaps, this was a knee jerk reaction at some gov't org (e.g. maybe James Comey made the phone call personally :-) that threatened dire consequences that have no [ultimate] legal basis. However, a protracted legal battle would be in the offing. Not something a mere mortal might be willing to opt for.

Re:Encryption across radio waves is illegal?

[Obfuscant]

I haven't looked in to it, but the statement "They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location." makes me believe it would be using the portion of the amateur radio spectrum that borders the wifi range (as is used by HSMM) and thus encryption is not allowed.

You're right, you haven't looked into it.

If you click on the link in TFA, you'll wind up looking at a Ubiquity M900 bridge product, which while it uses the 900 MHz band, is NOT an amateur radio device. Amateur radio has nothing to do with the discussion, therefore. And the amateur radio prohibition on encryption to hide content is irrelevant.*

Nine hundred megahertz is also not "low-frequency". It is in the ULTRA HIGH frequency (UHF) portion of the spectrum. It is lower than the normal 2.4GHz of WiFi, but low it is not.

It seems pretty clear that this entire fiasco is intended to draw attention to the author or his company. There is nothing illegal about using a license-free wireless bridging device to extend a network connection. There is nothing illegal about connecting to a public WiFi access point using a device within the normal coverage area of that AP, and that's where the connection is being made, no matter how far away the user happens to be. Imagine someone putting a laptop with a wired connection in range of the public WiFi point and accessing that laptop from Lithuania, e.g., to use the WiFi. Would anyone think that was illegal? Or try this one: I have a computer at home with a wireless connection to the public WiFi in the library next door. I put a modem on the system and dial in from a remote location. Am I breaking the law if I do anything remotely over the wireless connection? Of course not.

There's nothing to see here, it's a waste of time. "ProxyHam" is using COTS gear to do what it was designed to do.

* the "prohibition on encryption" is not as absolute as some try to claim. The prohibition is on hiding content because the amateur rules have restrictions on what content is legal, and the amateur radio service is mostly self-policing. Other hams have to be able to see your content to know if you're breaking the rules and should be reported. As everett mentions, there is something that used to be called "HSMM" (high speed multimedia), now referred to as "meshnet" or something like that. Users of that system, because it coincides with the license-free 2.4GHz WiFi band, regularly use WEP or WPA as an access control method. Because it is for "access control" and not "hiding the content", the FCC has not acted to shut such systems down.

The escape clause, so to speak, for that system is that it uses one of a few standard "passwords" that are published on various websites so, in theory, the wireless traffic can be monitored by others but the general public will be kept out.