Hacking together a plush surveillance unicorn
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 17 | |
| Author | ||
| License | CC Attribution - NonCommercial - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/50514 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
5
11
12
17
00:00
Software developerEvent horizonTheory of relativitySpeech synthesisData miningBit rateRight angleInternet der DingeLevel (video gaming)Lecture/Conference
00:40
Event horizonSoftware developerBitQuicksortMassRoboticsPlastikkarteEvent horizonDifferent (Kate Ryan album)Multiplication signUniform resource locatorOffice suiteTheory of relativityInternet der DingeMeeting/Interview
02:14
Event horizonProduct (business)PhysicalismMassSinc functionUniform resource locatorRiflingQuicksortFreewareRight angleJSON
03:15
Software developerEvent horizonInformationSoftwareQuicksortAreaAsynchronous Transfer ModeIdentifiabilitySoftware protection dongleArithmetic progressionAddress spaceTrail
04:58
Term (mathematics)Software developerEvent horizonInformationVideoconferencingAreaPresentation of a groupMusical ensemble
05:36
Term (mathematics)Condition numberSoftware developerEvent horizonComputer hardwareInformationSoftwareProfil (magazine)Analytic continuationMusical ensembleData transmissionAddress spaceCloud computingArithmetic progressionLattice (order)Point cloudUniform resource locatorSource code
07:08
Information securitySoftware developerEvent horizonPoint cloudInformationSoftwareProfil (magazine)Real-time operating systemLine (geometry)Price indexQuicksortTrailWhiteboardWebsiteMultiplication sign2 (number)Identity managementFamily
09:58
Software developerEvent horizonPlastikkarteExecution unitInformationType theoryProfil (magazine)Musical ensembleArithmetic progressionCoefficient of determinationLoginQR code
10:38
Software developerEvent horizonInformationReal-time operating systemConnected spaceReal numberFamilyUniform resource locatorFacebookVideo game
11:14
Software developerEvent horizonGoodness of fitCalculationDemo (music)AreaProcess (computing)Closed set
11:52
Software developerEvent horizonTriangulation (psychology)TouchscreenMultiplication signResultantOpen setRegulator gene
12:15
PlastikkarteSoftware developerEvent horizonSoftware testingUser profileComputer hardwareInformationSoftwareBuildingProfil (magazine)Drop (liquid)BitLine (geometry)MereologyPhysical systemResultantQueue (abstract data type)EmailQuicksortAreaGoodness of fitDependent and independent variablesProcess (computing)Binary filePresentation of a groupInformation securityMultiplication signUniform resource locator2 (number)Software protection dongleSoftware developerInternet der DingeVideo gamePiMeasurementAddress spaceRight angleComputer animation
Transcript: English(auto-generated)
00:08
Hi everybody, I'm Klaus. I'll start off by saying that I'm actually experiencing an IoT related problem right now, because a friend of mine who does a lot of public speaking
00:20
suggested that I should definitely use like a heart rate tracker to check my heart rate while I was on stage, because it could be pretty interesting. And I didn't charge it this morning, so it's actually low on battery, but it seems like it's still running. And right now my heart rate is 82 if anybody's interested.
00:42
Okay, the reason I'm here now is because a month ago I was attending an event in Oslo, which is the Arctic IoT challenge. It's the first of its kind in Oslo. It's basically, it's a hackathon that goes from Thursday to Sunday, but you
01:01
have three days of working together in a team to create something cool that's IoT related. And we had six teams competing, making different things. Some were controlling robots, some were making drones, some were creating things for the home, smart things for the home. A lot of cool things going on.
01:24
And this is me with my team, and we decided that we wanted to do something a bit different. And up before the conference, no, the hackathon, we were thinking about what should we do, what should we make. And we
01:44
sort of came up with the idea that we wanted to maybe do something a bit satire, playing on our own like naive interest in technology and all of these cool things that you can put on the cloud, as opposed to
02:01
the for-profit companies who are actually making these things and driving technology forward. So we came up with the fictional company called Evil Corp. And what Evil Corp does is that they provide free Wi-Fi for the masses. It's like very altruistic. They create these Wi-Fi
02:24
hotspots that they will put out in different locations and allow people to connect to them and get free Wi-Fi. And Evil Corp is of course not doing this just because they're kind. They're doing it because
02:43
they want to earn some money, and since they're giving their product away for free, they sort of have to do something else. So what they're doing is that they're tracking the data that's available freely in the air from people around their Wi-Fi hotspots. And of course we had to have a physical product
03:07
that Evil Corp can put out there in the physical locations like shopping malls etc, where consumers are congregating, and it looks something like this. This is a Wi-Fi hotspot. If you take a closer look at it, you'll probably
03:22
notice that it has like a Raspberry Pi strapped to it on one side, and on the other side it has a battery pack. And attached to the Raspberry Pi it has Wi-Fi dongles. And the cool thing about these Wi-Fi dongles is that first of all, they're cheap. You can buy them for $2 from China, and
03:45
second, they support something called monitor mode. And basically what that means is that you can use these dongles to access information in the network that you really don't really need to be accessing. In particular, we're
04:00
very interested in mobile phones that everybody has in their pockets when they're walking out and about. And the cool thing about mobile phones is that if they're Wi-Fi enabled, they're looking for wireless networks that they know already, and they're trying to connect to these wireless networks.
04:24
How that basically works is that the mobile phone will send out something called a probe request. And the probe request contains information that's more or less innocent. It contains a MAC address, a unique identifier for the phone. It contains an SSID of the
04:44
network, the known network that the phone is looking for. And this is sort of just broadcast. You can pick up on it. And that's what we did. On the first day of the hackathon, we put together three of these devices, and we put them out in the area where we were working.
05:04
I don't think I have sound, but it's okay. Since I don't have sound, there's going to be a surprise at the end that doesn't make any sense. This is the place that we were at at the venue. So in every corner, we put out one of these devices on the first day. And what basically
05:25
happens is that everybody who's at the hackathon are not the wire show, and they'll just be walking around all day long with their mobile phones in their pocket. And we'll be collecting information. This is Benny Hill, by the way. We had fun Benny Hill music in the presentation here. So that makes a lot of sense.
05:45
So people are walking around with their mobile phones in their pockets, and their mobile phones are unwittingly transmitting information about them being there, first of all, because if they aren't there, then there's no transmission going on. And it's transmitting information about what networks they're
06:04
looking for. And it's transmitting information about the phone itself, the hardware address, so that we can pick this up and do something with it. So our devices are now in the corner of the room, in the corners of the room, and we're starting
06:22
to pick up a lot of information. These probe requests are sent out continuously. If your mobile phone is looking for Wi-Fi, they'll just be blasting out these probe requests. And we can pick them up and we can send them to a central location, a cloud, a piece of cloud software that we wrote, that will just take all of this information
06:40
and start building profiles, building a profile for each unique device that we see. So basically, you walk around the room and you send out these probe requests, and we can get information from all of the different places that you've been, and we can add them to one centralized profile, because we have your unique address. And so we
07:03
build this profile on each and every device, and then we push it on to a dashboard. It looks something like this. If we just take a look first on the left-hand side here,
07:21
each and every one of these three columns is one of these beacons that we've put in the corner of the room. And every line here represents a device that we are currently seeing. So whenever somebody new comes into the room, they'll show up here more or less immediately, like within a second. And we keep this updated. Every
07:43
time new information comes in, it's pushed to this dashboard in real time. They also have a signal strength indicator for each of the beacons that see them, so that we can sort of use that to say something about how close are they to the beacon.
08:00
So this is sort of interesting in itself. You have information about a device that comes and goes, so you can keep track of how it moves, where it has been at a certain time. And you think, okay, well, that's not too bad, because it's anonymous data, and it doesn't really matter that much. So the next step here is to go from
08:21
having anonymous movement data to actually try to identify that person and have an actually identified person moving around and tracking that instead. So if we take a look on the side here, we have actually the profile. The profile is very basic. It's
08:41
made up of the names of the networks that people's phones are looking for. And you would think that that would be pretty innocent information, but it turns out this is actually in itself quite rich. It can be, at least, for some of these people who are working around here, the phone was leaking information
09:03
about maybe the name of the employer that they work for, maybe even their own name, if they have their own home Wi-Fi using their own name. That sort of information. For me, personally, I found my phone the first day, and it had information about the name of
09:20
my father's company. It suggested that I'd been on a boat, suggested that I'd been in New York. It suggested that I am from Denmark. I traveled to Denmark and visited family. All of these things are clues that you can pick up on. And it's surprisingly easy to go from anonymous data to at least
09:41
being in a situation where you can make an educated guess about the identity of the person. But we, of course, were not satisfied with just having this semi-identity information. We wanted to do something more. So we came up with a tool for enriching our profiles. And basically, the idea is that
10:04
if we are going to give this away for free out in shopping malls or whatever, we want people to sign up for it and give us some information about themselves. So we created this. And basically, again, we had some really cool music here, but no. The
10:22
idea is that you scan a QR code here, and you punch, and you log in. You log in with just punching in your name, basically. And we immediately are able to tie that information to your profile here. So Hans Anna has just typed in his name, and we've already picked it up and pushed it to the dashboard. And if we go here, we'll see that when he
10:41
updates his information, so do we. And this is pretty cool. But imagine that you've swapped out just the name with maybe a Facebook Connect or something. That would probably be easier to do. And now you have the real-time location data connected to information
11:00
about who is this person in real life, who is their friends and family. These are their pictures. These are their interests. Could we sell something to them? I don't know. Pretty interesting stuff. Last but not least, we have an attempt at triangulation, which is basically taking the signal
11:23
strength of each of these hubs that we are collecting information from and trying to do a calculation based on the signal strength. If you have this good signal strength here and here, that should put you in maybe this area. And to be perfectly honest, this didn't really work, not at the
11:44
venue that we were at. It was a closed room, not very big, and we had just too much dodgy data. I can show you because we have a small demo here. We made a tool for calibration. And you can also trigger these probe requests. So every time we
12:02
press there, we get an update on the screen. And you can see this is pretty much just garbage. And we use this tool for calibrating or trying at least to calibrate the triangulation. I think that it would probably be possible to get a lot better results if you were out maybe in the open at a larger place. Something like
12:22
that would probably help a lot. Anyway, we were three guys. We put this together over three days. And when we chose the subject, we knew that it was possible to do these things. These things aren't new. They've
12:41
been around for a long, long time. Your mobile phones are leaking information all the time. And there are many companies out there building tools that use that information for really useful applications. Like if you go to the airport and it says there's five minutes of waiting time, that could be something like
13:00
this used to see who's coming and going and how long are they staying in this area and using that information to calculate the queue. People use it to measure traffic, those sort of things. Plenty of useful scenarios for this sort of technology. But it's also kind of scary to see that three guys with three days at their
13:26
disposal and with hardware that cost less than $100 are actually capable of putting together something like this. It was surprisingly easy to do. And the technology is widely available.
13:40
Anybody could go out and pick up a couple of Raspberry Pis or a couple of Wi-Fi dongles and start putting this together. And tie that up together with a battery pack, drop it out in garbage bins around town and you've actually built a pretty good surveillance system. And I guess that's probably the takeaway here.
14:01
We have all of this cool new technology that's fun to make and fun to use. But every time we're introducing all of these exciting opportunities, we're also introducing opportunities for abuse. And already technology is part of everything that we do every day. And with
14:23
the introduction of IoT devices in our homes, on our bodies, these things, opportunities for abuse are just going to explode. There's going to be so much more of it. So I think that the takeaway here is that damn, this was easy. We as developers have a lot of responsibility
14:43
that when we make stuff, we do it with a bit of deliberate thought about security measures, those sort of things. It's been very uplifting to be here today and hear people talk about it. It seems like the red line that goes through everything here has actually been security. So that's very comforting to know.
15:02
These are a couple of profiles that we put together at the conference. And when I made this presentation on the last day, the guy who was after me speaking, he actually recognised his profile on the right there. So that was kind of funny. I'll just end
15:22
off by saying that ARCTIC IoT Challenge was a month ago. So there's 11 months till next time, I guess. It was a ton of fun. So if you guys are interested in IoT, I suggest that you make note of that web address there right now. And you remember that for next year. Maybe go in, I don't know
15:42
if you can sign up for a mailing letter or something. It's going to be great fun. It's only going to get bigger. And I would love to see everybody next year. Any questions? Actually, I don't know.
16:11
I'm guessing it's probably trying to reach a specific network and get a response. Do you know, Asper? So basically what you're
16:34
saying is it does it to speed up the process of connecting to the Wi-Fi network. That's great. So we actually have a situation
16:41
here where it's more important to get connected to the Wi-Fi a couple of seconds faster. But at the same time, just giving away a lot of information about it. That's cool. Anybody else? Okay. Thank you.