Anonymizing Wi-Fi Device Project Unexpectedly Halted

An anonymous reader notes that a project to develop an anonymizing Wi-Fi device has been canceled under mysterious circumstances. The device, called Proxyham, was unveiled a couple weeks ago by Rhino Security Labs. They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location. But a few days ago the company announced it would be halting development and canceling a talk about it at Def Con, which would have been followed with a release of schematics and source code. They apologized, but appear to be unable to say anything further.

"In fact, all [the speaker] can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It's almost as if someone were trying to pretend the tool never existed." The CSO article speculates that a government agency killed the project and issued a gag order about it. A post at Hackaday calls this idea absurd and discusses the hardware needed to build a Proxyham. They say using it would be "a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges — but so will blowing up a mailbox with some firecrackers." They add, "What you’re seeing is just the annual network security circus and it’s nothing but a show."

Encryption across radio waves is illegal?

[hawguy]

It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations.

I think they mean that encryption on licensed Ham bands is illegal, since encryption over radio is perfectly legal (otherwise both Bluetooth and Wifi would be illegal).

Re:Encryption across radio waves is illegal?

[Obfuscant]

I haven't looked in to it, but the statement "They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location." makes me believe it would be using the portion of the amateur radio spectrum that borders the wifi range (as is used by HSMM) and thus encryption is not allowed.

You're right, you haven't looked into it.

If you click on the link in TFA, you'll wind up looking at a Ubiquity M900 bridge product, which while it uses the 900 MHz band, is NOT an amateur radio device. Amateur radio has nothing to do with the discussion, therefore. And the amateur radio prohibition on encryption to hide content is irrelevant.*

Nine hundred megahertz is also not "low-frequency". It is in the ULTRA HIGH frequency (UHF) portion of the spectrum. It is lower than the normal 2.4GHz of WiFi, but low it is not.

It seems pretty clear that this entire fiasco is intended to draw attention to the author or his company. There is nothing illegal about using a license-free wireless bridging device to extend a network connection. There is nothing illegal about connecting to a public WiFi access point using a device within the normal coverage area of that AP, and that's where the connection is being made, no matter how far away the user happens to be. Imagine someone putting a laptop with a wired connection in range of the public WiFi point and accessing that laptop from Lithuania, e.g., to use the WiFi. Would anyone think that was illegal? Or try this one: I have a computer at home with a wireless connection to the public WiFi in the library next door. I put a modem on the system and dial in from a remote location. Am I breaking the law if I do anything remotely over the wireless connection? Of course not.

There's nothing to see here, it's a waste of time. "ProxyHam" is using COTS gear to do what it was designed to do.

* the "prohibition on encryption" is not as absolute as some try to claim. The prohibition is on hiding content because the amateur rules have restrictions on what content is legal, and the amateur radio service is mostly self-policing. Other hams have to be able to see your content to know if you're breaking the rules and should be reported. As everett mentions, there is something that used to be called "HSMM" (high speed multimedia), now referred to as "meshnet" or something like that. Users of that system, because it coincides with the license-free 2.4GHz WiFi band, regularly use WEP or WPA as an access control method. Because it is for "access control" and not "hiding the content", the FCC has not acted to shut such systems down.

The escape clause, so to speak, for that system is that it uses one of a few standard "passwords" that are published on various websites so, in theory, the wireless traffic can be monitored by others but the general public will be kept out.

Re:Gag orders

[Noryungi]

Gag orders and national security letters have no place in the Land of the Free.

This should be too obvious to even be worth saying.

Except, of course, you are no longer in the "Land of the Free". Took you a while to realize it, I am afraid.

As someone wiser than me said: "Freedom of the press is fine, as long as *you* have a printing press".

The correct thing to do, then, would be to leak schematics and software on the Internet, and let the chips fall were they may. PGP got "opened" exactly in the same way, I expect this project to do the same.