Your Wi-Fi is Mine

Increasingly, those with evil intentions are targeting personal computers over wireless networks, either by passively monitoring the traffic or by setting up a duplicate network for a “man-in-the-middle” attack. Though people should probably know better by now, Gene Bransfield’s presentation at this year’s DEF CON, “War Kitteh”, demonstrated just how prevalent weak or un-encrypted Wi-Fi networks still are in 2014, and how nobody wants to talk about it… unless cats are involved.

War Kitteh is the adorable spin on “WarDriving”, the mapping out of all Wi-Fi networks in a certain geographical area. A previous iteration of “WarDriving with a spin” is Warbiking, taking WarDriving to a more eco-friendly space. By staying mobile — usually in a car — the WarDriver extends his or her coverage area and is more likely to come across an insecure wireless network.

Gene Bransfield of Tenacity Solutions kept the basic components of WarDriving: Wi-Fi monitor, GPS, and a “vehicle”. However, Bransfield’s use of cats demonstrated that the InfoSec community, though vibrant and internally communicative, had failed to demonstrate the importance of security to the general public. To remedy this, he decided to use the lovable and meme-worthy medium of cats for his demonstration. Hence, “War Kitteh”. The cat wandered the streets with an off-the-shelf GPS-enabled collar enhanced by a Spark Core, mapping the Wi-Fi networks it passed by. Specifically, Bransfield was searching for unprotected or weakly protected Wi-Fi networks. The test proved that the required technologies can easily be toted by pets, as the device is small and light enough to be completely wearable by the average housecat without overburdening it. In addition, Bransfield created “Denial of Service Dog”. Instead of man’s best friend, DoS Dog is a TV’s worst nightmare. Attached to a harness on the dog was a modified TV-B-Gone, allowing the wandering pet to automatically turn off TVs within its range. Though not practically useful (outside of some good, annoying fun), the dog certainly adds to the category of “weaponized pets”.

Why is this talk being so widely shared (and talked about?) Yes, because of the cats… but also, in Bransfield’s words, because there are a “lot more open and WEP-encrypted hot spots out there than there should be in 2014.” Of the 23 wireless networks he found, about one third of them were weakly (or not!) encrypted. With a huge amount of personal data and payment information transmitted over wireless connections, the lack of basic security — and testing for basic security — can have serious implications. And what can conference attendees learn? The Internet loves cats, so maybe incorporate one into your next highly technical, very important presentation.

A fuller description of what Bransfield found and the technology he used can be found at Naked Security here or at Wired here, with a video feature on PC Mag.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *