Get out the tin foil: canny burglars are using wireless sniffers to suss out the homes worth paying a visit to.
Google had a bit of a spat recently; vehicles taking Street View images were apparently recording WiFi hotspot locations and more. Privacy concerns aside, how would that information be useful?
Way too often, social networking and hacking are hyped as the route to achieve a compromise. What about more simple motivations for criminals? What about theft from your house of personal and corporate stuff, such as laptops and smartphones? How might one use technology to improve the burglar's chances?
Consider a row of houses. Which one do you burgle? The places without alarm boxes on the front?
Maybe not: laptops, smartphones, media centres and game consoles are easy to sell on. What if the burglar were to walk down the street with a wireless scanner running on a mobile device, and could work out who had all the tech toys? It's easy to find the location of access points and you could reason that an access point running stronger encryption and non-default SSID is likely to have more valuable hardware attached, as the resident is likely to be tech-savvy.
What about using wireless broadcasts to figure out whether someone is at home? Even without the encryption key, a wireless sniffer can show volume of wireless traffic. Varying traffic levels suggest that you're home, and static levels suggest that you're less likely to be. Continuous high levels of traffic suggest that you're into filesharing, so you're likely to have some tasty kit there to watch/listen to it on.
Even worse, the media access control (MAC) address of the client's wireless chipset is broadcast. Most wireless sniffers indicate the hardware vendor related to that MAC address. ‘Intel' is handy, but ‘Apple' is amazingly useful MAC info for the criminal!
It would be so easy to leave a sniffer hidden in a parked car for a few nights, map out who has what in which house in your street – and when the best time to burgle them was.
Yet there are other routes to establish your location. Twitter can be used to capture geographic coordinates: http://pleaserobme.com used location-aware Tweets to map users' movements. Facebook and many social networks are location-aware, too.
Fortunately, pleaserobme.com is no longer publishing the data, but it proves a scary point.
What about where you are in your house? This is more speculative, but wireless alarm systems use 868MHz to communicate on. Given poor crypto issues seen recently, it wouldn't take that much to work out which of the wireless alarm room monitors in your house were currently triggered. Are you in the living room watching TV, or asleep in bed?
I would be interested if anyone could think of a route to work out if you were home, based on mobile phone RF emissions. Who doesn't have a mobile at home with them when they are? No phone present = nobody home (other than Luddites!).
Finally, we hear of government agencies carrying out data-gathering by clamping power feeds to buildings, and using ‘van Eck' monitoring to remotely scrape screens and keyboards. This type of information-mining is over the top for domestic users, but there are interesting developments afoot.
I support the implementation of smart meters by utilities: the ability to reduce peak loads and emissions is immense and the opportunity for the domestic consumer to reduce bills is also significant. But what about the data that the meter gathers – power usage by time of day, aka ‘which houses here have plasma TVs, and their occupants are out all day?'.
That is why UK utilities are taking security of smart meters so seriously – unlike some overseas utilities that have rushed smart meters in to the market, and are now suffering the consequences.
What should you do as an individual? Think seriously about any location-based data you disclose: what about setting up a random data broadcast on your home wireless network? Or you could cover your residence in tin foil and make your very own Faraday-caged house...