CreepyDOL, Raspberry Pi used for monitoring and tracking... Not the original purpose. (via Bendan O'Connor)
With the NSA and Snowden's exploits omnipresent in daily conversation, many people have been wondering about how much of their private life is being monitored. We may know that the government is keeping tabs on all of our phone calls and e-mails, but what about the hackers? It seems that nobody may truly know who is tracking them or when and where it may be happening, however, security researcher, Brendan O'Conner has just showed the world a way it is possible.
Using 10 Model A Raspberry Pi's with Wi-Fi adapters and additional sensors, O'Conner was able to build a system which would monitor and track people through their wireless devices. While connected to a secure wireless network, the system, which O'Conner dubbed “creepyDOL,” is capable of retrieving personal information such as pictures and e-mail addresses. While connected to an insecure network, the system was able to pick up all types of sensitive information. This included the type of device being used to browse the web, the operating system being used, and even what web pages he had recently visited. He also showed that tracking a device's location was also possible. Using pings sent from smart phones, CreepyDOL could track locations of devices that were not even connected to a network.
O'Conner noted, “It eliminates the idea of 'blending into a crowd.' If you have a wireless device, even if you’re not connected to a network, CreepyDOL wil see you, track your movements, and report home.” He also added, “It's terrifyingly easy and it could be used for anything depending on how creepy you want to be.”
O'Conner used a data visualization system to keep track of all the information coming in. Securing each Pi in a sleek black box a surveillance network can be deployed anywhere he may wish. Including the Pi and the sensors, each box came to a total cost of about $57 USD. Although O'Conner mentions that he can track anyone's information, he limited his experiments to tracking himself due to a federal law. Indeed, he notes that many other security researchers have been prosecuted in the past due to exploiting security flaws. “I haven't done a full deployment of this because the United States government has made a practice of prosecuting security researchers,” he commented.
During this week, O'Conner will be presenting his findings during a security conference in Las Vegas. He is also going to describe how consumer products currently have no security against these threats. Anyone with the knowledge, time, and reason to track someone's personal information may easily do so. Hopefully, this information will help change the way our future products are made and keep the everyday consumer safe from the world of creepers.
Raspberry Pi was supposed to be a force for good, O’Conner... what have you done?
C
See more news at: