Anonymizing Wi-Fi Device Project Unexpectedly Halted

← Back to Stories (view on slashdot.org)

Anonymizing Wi-Fi Device Project Unexpectedly Halted

Posted by Soulskill on Tuesday July 14, 2015 @09:36AM from the disallowed-technology dept.

An anonymous reader notes that a project to develop an anonymizing Wi-Fi device has been canceled under mysterious circumstances. The device, called Proxyham, was unveiled a couple weeks ago by Rhino Security Labs. They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location. But a few days ago the company announced it would be halting development and canceling a talk about it at Def Con, which would have been followed with a release of schematics and source code. They apologized, but appear to be unable to say anything further.

"In fact, all [the speaker] can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It's almost as if someone were trying to pretend the tool never existed." The CSO article speculates that a government agency killed the project and issued a gag order about it. A post at Hackaday calls this idea absurd and discusses the hardware needed to build a Proxyham. They say using it would be "a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges — but so will blowing up a mailbox with some firecrackers." They add, "What you’re seeing is just the annual network security circus and it’s nothing but a show."

21 of 138 comments (clear)

Min score:

Reason:

Sort:

Encryption across radio waves is illegal? by hawguy · 2015-07-14 09:41 · Score: 5, Informative

It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations.
I think they mean that encryption on licensed Ham bands is illegal, since encryption over radio is perfectly legal (otherwise both Bluetooth and Wifi would be illegal).
1. Re:Encryption across radio waves is illegal? by everett · 2015-07-14 09:44 · Score: 4, Informative
  
  I haven't looked in to it, but the statement "They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location." makes me believe it would be using the portion of the amateur radio spectrum that borders the wifi range (as is used by HSMM) and thus encryption is not allowed.
  
  --
  Sig withheld to protect the innocent.
2. Re:Encryption across radio waves is illegal? by willoughby · 2015-07-14 09:47 · Score: 2
  
  I tuned in to say the same thing. Police departments all over the US use encrypted radios every day. I bought a used Motorola Sabre II on Ebay for use on the Ham bands & it still had the encryption chip installed. I removed it because even if you're not using it it's a heck of a drain on the battery.
3. Re:Encryption across radio waves is illegal? by Chris+Mattern · 2015-07-14 10:05 · Score: 4, Insightful
  
  Which is presumably why they called it "Proxyham".
4. Re:Encryption across radio waves is illegal? by Forever+Wondering · 2015-07-14 10:07 · Score: 3, Informative
  
  As a former ham: RTTY used to be [5 bit] Baudot. Using ASCII was considered encryption [and illegal]. Eventually, things changed and ASCII was allowed.
  
  --
  Like a good neighbor, fsck is there ...
5. Re:Encryption across radio waves is illegal? by Forever+Wondering · 2015-07-14 10:39 · Score: 4, Informative
  
  If it were operating on a ham band, the user would need a ham license with the right classification (e.g. the higher the classification [the more difficult the test], the more frequencies you're allowed to use). Ham radio operators would object to their relatively small bands being encroached on.
  More likely, the frequency was some "open" frequency, not assigned to anything or specified as needing no license [like WiFi or baby monitors, wireless [non-cell] phones, etc.]. [Overly] large swatches of radio spectrum are designated for military purposes.
  It can't be encryption alone. Since WiFi hookups use encryption (e.g. ssh/ssl/tls), that isn't the likely objection. Perhaps, this was a knee jerk reaction at some gov't org (e.g. maybe James Comey made the phone call personally :-) that threatened dire consequences that have no [ultimate] legal basis. However, a protracted legal battle would be in the offing. Not something a mere mortal might be willing to opt for.
  
  --
  Like a good neighbor, fsck is there ...
6. Re:Encryption across radio waves is illegal? by Obfuscant · 2015-07-14 11:16 · Score: 5, Informative
  
  I haven't looked in to it, but the statement "They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location." makes me believe it would be using the portion of the amateur radio spectrum that borders the wifi range (as is used by HSMM) and thus encryption is not allowed.
  You're right, you haven't looked into it.
  If you click on the link in TFA, you'll wind up looking at a Ubiquity M900 bridge product, which while it uses the 900 MHz band, is NOT an amateur radio device. Amateur radio has nothing to do with the discussion, therefore. And the amateur radio prohibition on encryption to hide content is irrelevant.*
  Nine hundred megahertz is also not "low-frequency". It is in the ULTRA HIGH frequency (UHF) portion of the spectrum. It is lower than the normal 2.4GHz of WiFi, but low it is not.
  It seems pretty clear that this entire fiasco is intended to draw attention to the author or his company. There is nothing illegal about using a license-free wireless bridging device to extend a network connection. There is nothing illegal about connecting to a public WiFi access point using a device within the normal coverage area of that AP, and that's where the connection is being made, no matter how far away the user happens to be. Imagine someone putting a laptop with a wired connection in range of the public WiFi point and accessing that laptop from Lithuania, e.g., to use the WiFi. Would anyone think that was illegal? Or try this one: I have a computer at home with a wireless connection to the public WiFi in the library next door. I put a modem on the system and dial in from a remote location. Am I breaking the law if I do anything remotely over the wireless connection? Of course not.
  There's nothing to see here, it's a waste of time. "ProxyHam" is using COTS gear to do what it was designed to do.
  * the "prohibition on encryption" is not as absolute as some try to claim. The prohibition is on hiding content because the amateur rules have restrictions on what content is legal, and the amateur radio service is mostly self-policing. Other hams have to be able to see your content to know if you're breaking the rules and should be reported. As everett mentions, there is something that used to be called "HSMM" (high speed multimedia), now referred to as "meshnet" or something like that. Users of that system, because it coincides with the license-free 2.4GHz WiFi band, regularly use WEP or WPA as an access control method. Because it is for "access control" and not "hiding the content", the FCC has not acted to shut such systems down.
  The escape clause, so to speak, for that system is that it uses one of a few standard "passwords" that are published on various websites so, in theory, the wireless traffic can be monitored by others but the general public will be kept out.
7. Re:Encryption across radio waves is illegal? by gstoddart · 2015-07-14 11:22 · Score: 4, Insightful
  
  It can't be encryption alone
  Of course it wasn't.
  Do you really think a bunch of guys in dark suits didn't show up and basically threaten them with jail time?
  As paranoid as is sounds, these days I think it is entirely plausible that a national security letter or somesuch was used to say "if you tell anybody about this, we will put you in a deep dark hole ... whether it's for the rest of your life or marking the end of it is your choice".
  This technology will never see the light of day, unless it's used by some three letter agency full of fascists.
  Welcome to modern reality. Where all that crazy shit from the 80s is now true.
  
  --
  Lost at C:>. Found at C.
8. Re:Encryption across radio waves is illegal? by Obfuscant · 2015-07-14 11:36 · Score: 4, Insightful
  
  Do you really think a bunch of guys in dark suits didn't show up and basically threaten them with jail time?
  Yes.
  
  As paranoid as is sounds, these days I think it is entirely plausible that a national security letter or somesuch was used to say "if you tell anybody about this, we will put you in a deep dark hole ...
  It is using a commercially available product for the purpose it was designed. If it was that illegal to do, the FCC would have confiscated all of Ubiquity's product and levied a fine for violation of the FCC regulations.
  
  This technology will never see the light of day,
  You can buy them from more than 200 distributors worldwide. The genie is out of the bottle, the horse has left the barn. It's not the full system, but anyone with any technical proficiency in networking can put it together in their sleep almost.
  I have a system with a pair of COTS 5GHz bridge wireless boxes that does exactly the same thing this system is supposed to do. I fear no dark suits telling me to stop.
9. Re:Encryption across radio waves is illegal? by mysidia · 2015-07-14 13:06 · Score: 3, Interesting
  
  Encryption IS allowed on the Ham bands, within certain narrow constraints.
  You can use encryption to protect traffic used to control a system. You can use digital codes that leave the meaning of the message intact.
  Encryption with intent to obscure the meaning of the message is not allowed on the Ham bands. However, that does not mean the technology is not allowed to be built and communicated.
  For the purpose of demonstrating the technology, the demonstrators can get around the encryption rule by publishing the actual message and making the content a matter of public record, Then the purpose of performing the encryption is To make a personal demonstration of the technology to enthusiasts, and it cannot possibly be intended to obscure the meaning of the message, since the actual message content is being published openly and widely for all to see, and you can be clear on the decrypted message not being used for a pecuniary purpose ------ this is assuming that the presenter does not receive payment in exchange for demonstrating their work.
  The technology could be developed and experimented with for demonstration purposes, AND then if you want to use it, you could go purchase a license for some frequency ranges to use with the technology.
Gag orders by DoofusOfDeath · 2015-07-14 09:46 · Score: 4, Insightful

Gag orders and national security letters have no place in the Land of the Free.
This should be too obvious to even be worth saying.
1. Re:Gag orders by Noryungi · 2015-07-14 09:58 · Score: 5, Insightful
  
  Gag orders and national security letters have no place in the Land of the Free.
  This should be too obvious to even be worth saying.
  Except, of course, you are no longer in the "Land of the Free". Took you a while to realize it, I am afraid.
  As someone wiser than me said: "Freedom of the press is fine, as long as *you* have a printing press".
  The correct thing to do, then, would be to leak schematics and software on the Internet, and let the chips fall were they may. PGP got "opened" exactly in the same way, I expect this project to do the same.
  
  --
  The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
2. Re:Gag orders by Anonymous Coward · 2015-07-14 13:34 · Score: 2, Interesting
  
  The correct thing to do, then, would be to leak schematics and software on the Internet, and let the chips fall were they may. PGP got "opened" exactly in the same way, I expect this project to do the same.
  That was the correct thing to do. Now, "leaking" could get the developer(s) in much more [legal] trouble [they probably had to sign something prohibiting disclosure in any form]. More likely, and better now, would be for a developer not connected with the original group to recreate the design from scratch (ala Brian Benchoff)
  The joke's on them. I've been building these things and giving them away for years. There are multiple-hundreds of them out there right now. Wouldn't be surprised if their 'project' was a direct ripoff. I built the 1st one years ago to connect to my home router from work 5 miles away to bypass workplace internet filters.
Re:interesting.. by bsolar · 2015-07-14 09:56 · Score: 3, Insightful

Or maybe 100% vaporware without a feasible implementation in sight? Was a working prototype ever presented? Was a sound technical concept ever presented?
Not the CFAA, but possibly the FCC by l2718 · 2015-07-14 10:37 · Score: 2

Accessing an open WiFi connection using a repeater would not violate the CFAA -- the connection is open and your device would log on to it. You'd be using it the way it was intended. Of course, The DOJ claims that simply violating terms of service can make you a federal felon, but that's wrong. Read Prof. Orin Kerr's work for more on this
On the other hand, the FCC allows anyone to use the 900MHz band but tightly regulates what can be done there (for example, no "retransmission of .. signals emanating from ... radio station other than an amateur radio station", which likely does make this idea illegal. See 47 CFR Part 97.
1. Re:Not the CFAA, but possibly the FCC by DavidLeeLambert7357 · 2015-07-14 21:24 · Score: 2
  
  With a name like "proxyHAM", there's a reasonable suspicion that it was indeed operating on an amateur band.
  
  --
  Somehow I have three Slashdot UIDs, lowest is "lamber45" (658956)
Maybe is just simply didn't work :) by Hougaard · 2015-07-14 10:57 · Score: 2

So we'll pretend there is a coverup of some sort to "get of jail for free" :)
An easier solution by fred911 · 2015-07-14 11:49 · Score: 2

It's pretty trivial to make a Yagi from a Pringles can to point at an open AP. Change your MAC id and connect to a TOR node.
Mission accomplished

--
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Re:uhhhhh by bobbied · 2015-07-14 12:01 · Score: 4, Interesting

True this....
I'm one of those hams who would hunt you down for sport. Actually it IS a sport for some hams and we have competitions to see who of us can find hidden transmitters the fastest. We call it "Fox Hunting" and believe me, there are some folks who take this kind of thing very seriously and can find you, on or off the ham bands in pretty short order.
So, go ahead.... Interfere with the ham bands or some other radio service who knows to ask us for help, let us have some real fun. We'd be happy to find you and report you to the FCC...

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
maybe they were just bullshitting. by gl4ss · 2015-07-14 19:23 · Score: 2

maybe they were just bullshitting anyways.
like, come on, if it dependent on a device that sat near the wifi AP, it was hardly anything magical-special-super-anonymizer device in the first place. all it then was, would have been an unlicensed sort-of-long distance radio data link - which would have a whole other market mind you.
if they were implying that you could connect to the wifi ap from 2.5 klicks without anything special device near the wifi ap, then they were bullshitting.
so probably they were bullshitting because their product if it functioned as would have been likely, would have had a totally different market than what they were pushing it to.
just that it worked on unlicensed spectrum wouldn't have made it illegal to produce for markets where such use would have been legal.

--
world was created 5 seconds before this post as it is.
Re:Easily replicated with an SDR... by Phreakiture · 2015-07-15 01:21 · Score: 2

Part 15 reads almost the same for 900 MHz as for 2.4 GHz: You can use 1W if you are doing one of three things.
Thing 1 is to send a direct-sequenced spread spectrum signal (not in this case)
Thing 2 is to send a frequency-hopping spread spectrum signal, with a maximum dwell time of 400ms and a minimum of 50 channels in your spreading sequence (again, not the case here)
Thing 3 is to send a digital signal of at least 500 kHz RF bandwidth (which is likely to be the case here)
Additionally, there are bonuses for using good antennas (the FCC seems to want to encourage this). You do need to reduce your transmit power if you have a gainful antenna, but you only have to reduce power by 1dB for every 3dBi of antenna gain. For example, using a 3dBi antenna (for instance, a 5/8 wave) would double the strength of your transmitted signal, but would require you to turn down your transmitter power by 1 dB, making it roughly 800 mW rather than 1W. Put this together, and you get an effective radiated power (ERP) of ~ 1.6W.
In a more extreme case, imagine using a 24dBi directional antenna: You get a 2^8 boost in your signal from the antenna, and only have to cut your power by 8dB. Actual transmitter power ends up at 160mW, but the boost from the antenna gives you an ERP of ~40W.

--
www.wavefront-av.com