WiFi Triangulation 233
mikegroovy writes "WiFi software
tracks you down: 'Positioning technology company Ekahau has released an updated version of its software, which allows devices to be physically tracked when they are connected to an 802.11 WLAN network.' Maybe connections that are made from the street(or outside of a predefined area) could be automatically disconnected... It may spell an end to warchalking."
range? (Score:3, Interesting)
The 802.11b network at my school fails after 50 feet.
Don't throw away that chalk just yet!
Constantly diminishing signals are rare in RL (Score:5, Interesting)
When was the last time you were using wireless (especially through a wall) that had the same range from the access point in any direction?
I can't picture it working in a supermarket, with the metal shelving, compressors for the cold storage, etc. Sure, in a lab it'll work great, but with any kind of range or non-uniform building structures, not a chance.
Re:Good God, are you Clueless? (Score:3, Interesting)
Normally, then, the owner of the network would not be party to either the "war" or "chalk" methods.
No Triangulation , Just bump the power for War (Score:4, Interesting)
And it implies that triangulation is not involved:
So perhaps if you bump the power of your signal from the outside they will think you are inside.
How does it work? (Score:5, Interesting)
Using a GPS-like timing comparison might do the trick, but it's set up backwards. With GPS you have a bunch of atomic clocks in orbit, and one device correlates the relative signal phase between them. With APs, you have to have extremely accurate timing across all the APs, which is a very hard problem (I've researched it...). Once you have that, you can compare reception times of a packet from the device being tracked, and triangulate. Problem is 1 meter accuracy represents some scary clock accuracy numbers across several APs with just an Ethernet between them.
If anyone can think of any other way to pull this off (WITHOUT modifying the client, and ideally without any special hardware, i.e. implementable in the HostAP driver), post them here.
What about this (Score:5, Interesting)
Re:Good God, are you Clueless? (Score:2, Interesting)
This is not a replacemet nor a supplement for security. I am unaware of any type of triangulation system that cannot easilly be spoofed by a sufficiently smart person.
This is a neat trick you can use for practical purposes (such as smart shopping carts in grocery store, cheep "GPS" in the city, etc.) but worthless for security, etc.
If anyone thinks i'm incorect, please reply. It would be interesting to hear other people's ideas on spoofing triangulations.
Re:Finally (Score:2, Interesting)
Actually, how long it takes to work through WEP depends on how much traffic you create. There are a few ways to use RC4 that really cut down on its security; WEP does most of these things.
Re:big brother? (Score:2, Interesting)
However, while this won't add much to the most secure systems, it would allow companies to reduce the hassle associated with maintaining a reasonably secure wireless system. For example, a company like Starbucks might want to offer internet access to customers inside the store, but keep people from using it in the unaffiliated bookstore next door. Or, a company might want to offer internet access to visiting consultants, customers, etc. without dealing with setting up each device. (Full disclosure: I have never used a wireless LAN, so I don't know how much trouble it is to connect to one that is properly secured. I would imagine it could become at least an annoyance.) If a company was willing to assume that the building was secure, they could allow access from any point withing the building. If you were paranoid, you could limit this to business hours.
Re:What is warchalking about? (Score:4, Interesting)
As a sidenote, Schlotsky's restaraunts put up little plaques near the entrances to their stores with the open AP symbol. Such a nice thing to see, rather than the money hungry Starbucks shops charging by the minute for access.
Re:Uh oh (Score:5, Interesting)
For a brief moment, I questioned why I am paying for a landline feed and not just piggybacking bandwidth off of my hapless neighbors.
Re:Good God, are you Clueless? (Score:3, Interesting)
Maybe you generate that many packets in 30 minutes (NOT), but the researchers said that it would take about a day to get the key from a network of active office users, and a few hours if the network is maxxed out.
Your average home user won't generate that many packets in a week (except, perhaps, those playing quake) and only their neighbors will have the patience and opportunity to grab keys for a week without being caught.
You should change your WEP as often as you change your passwords. Doing these things will keep freeloaders and those who are looking for an easy to break into network out. If someone is determined enough to break into your network, it won't matter what you do, they'll manage a way in. Even you know that if your life depended on getting access to someones home network, even with ssh, ipsec, etc, you could do it through other means.
-Adam
Re:Good God, are you Clueless? (Score:1, Interesting)
I attended a hacking boot camp this summer and the final day we took a laptop, gps and a wireless nic antenna on a busride to map some networks. About 19% used encryption. Those who didn't included Motorola, the regional telco, the city police department, CompUSA, and the list goes on and on.
My point is that wireless has no place in any environment that requires security.
Re:Assimetric aerial (and a new hobby) (Score:5, Interesting)
Their method will probably even fail if you switch WiFi cards. I've got a Compaq WL110 which has a range of about 10 feet. My Lucent card on the other hand sees the access point from 100 feet, without line-of-sight (I assume the radio waves bounce off the ceiling through the window; no other way to explain _that_ range).
My access point has antennas that can be moved into different polarisations, and in an off-colour configuration, access without line-of-sight becomes really spotty: it works in one place, and a few feet to the side it stops.
But it seems to me the point of the seller is not to track abusers, but rather to track known-good devices in a known area. That alone is a cool concept, if you see what contortions people go through now when designing warehouse positioning systems. I've seen the results of an automated fork lift running through the wall of a warehouse because the reflective pad that marked the end of the aisle was covered in grime.
Hmmmm, I can envision the next hobby: sit outside a warehouse with a 2.4GHz klystron, wait until you hear the fork lift come down the aisle, then switch on the jammer and watch the fireworks
parent post is complete nonsense (Score:3, Interesting)