Jump to content

Pineapples growing in Seattle.

xrad

By xrad
in Security

 Share

Recommended Posts

xrad Newbie

xrad

Posted
Posted (edited)

If you guys haven't heard, Seattle has its own version of pineapples throught the city.

Because of outcry by the citizens this week, they claim the have turned them off, but people are still seeing the ssid's.

http://www.komonews.com/news/local/Police-deactivating-controversial-WiFi-network-in-Seattle-231692161.html

http://rt.com/usa/seattle-mesh-network-disabled-676/

There are lots of links I just threw in a few, can you imagine what those puppies can do.

Edited by xrad
Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

I think that was city wide WiFi access, not a "Pineapple" type setup. But that would create one hell of a target rich environment.

Also:

The SPD told The Stranger previously that the system was not being used, but anyone with a smart phone who wandered through the jurisdiction covered by the digital nodes could still notice that their devices were being discovered by the internet-broadcasting boxes, just as a person’s iPhone or Android might attempt to connect to any network within reach.

You can tell that your cell phone is being discovered by this device? That doesn't make much sense at all now does it. Devices will only connect to saved or known networks. So unless they are naming their SSID "linksys" I doubt people were connecting to them.

Link to comment
Share on other sites
xrad Newbie

xrad

Posted
  • Author
Posted

I think that was city wide WiFi access, not a "Pineapple" type setup. But that would create one hell of a target rich environment.

Read the articles, people noticed earlier this year the system was "Karma-ising" people's devices.

In fact dhs funded the project, and the company that makes it claims it can do way more than just open wifi.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted (edited)

Read them. I didn't see those comments of people noticing their devices connecting unless I overlooked it. And even if they did connect, it's because their device has the network saved and of course if it's a city wide mesh, it will have the strongest signal. Not to mention, the fancy device in your pocket that makes phone calls and text messages knows your location all the time, especially if you own an Apple device (consolidated.db).

Edited by Mr-Protocol
Removed comment about link that was removed by OP
Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted
According to reports from Kiro 7 News, the mesh network devices can capture a mobile user’s IP address, mobile device type, apps used, current location and even historical location down to the last 1,000 places visited.

Umm impossible unless they connect. Later on in that same webpage..

Page 65 of the public document details the information-collecting capabilities of the Mesh Network Mesh System (NMS), revealing its ability to collect identifying data of anyone “accessing the network.” Although the document details an alert system for reporting unauthorized access, a public user guide from a similar Aruba software program lists the ability to collect “a wealth of information about unassociated devices,” validating fears of local residents who walk through the mesh network’s perimeter.

Unassociated devices meaning your phone looking for WiFi, using the MAC to identify what is is, and yes able to track roughly where it's going.

The same can be down with cell towers with a subpoena...

“The NMS also collects information about every Wi‐Fi client accessing the network, including its MAC address, IP address, signal intensity, data rate and traffic status,” the document reads. “Additional NMS features include a fault management system for issuing alarms and logging events according to a set of customizable filtering rules, along with centralized and version‐controlled remote updating of the Aruba Mesh Operating System software.”

Source: http://www.infowars.com/exclusive-snowden-level-documents-reveal-stealth-dhs-spy-grid/

Side note: I wouldn't call it a "Leak" when it's probably just a public records request away from getting the document anyways.

http://www.foia.gov/about.html

http://www.atg.wa.gov/OpenGovernment/default.aspx

Sunshine Laws, etc.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

From my understanding of the 7-ish articles I've read. It was meant for law enforcement only. Meaning people should not be connecting to it anyways. As well as alert systems to admins for those who do connect. It was not meant for city wide WiFi. Although I thought Seattle had a city wide WiFi at one point. Even then I'm sure there is a warning banner which you click "Accept" and forfeit all your rights to your privacy, which again, is legal since they own the network and are warning you that the information is subject to monitoring.

Link to comment
Share on other sites
xrad Newbie

xrad

Posted
  • Author
Posted (edited)

Have you read this one,

http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845

I'm definitely not the expert here, so maybe I'm reading it wrong.
But it says Aruba's own guide.........
"The user's guide for one of Aruba's recent software products states: "The wireless network has a wealth of information about unassociated and associated devices." That software includes "a location engine that calculates associated and unassociated device location every 30 seconds by default... The last 1,000 historical locations are stored for each MAC address."
Edited by Mr-Protocol
Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

Have you read this one,

http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845

I'm definitely not the expert here, so maybe I'm reading it wrong.

But it says Aruba's own guide.........
"The user's guide for one of Aruba's recent software products states: "The wireless network has a wealth of information about unassociated and associated devices." That software includes "a location engine that calculates associated and unassociated device location every 30 seconds by default... The last 1,000 historical locations are stored for each MAC address."

Just did. And please re-read all of my previous responses. A simple solution, disable your WiFi on your devices, they can't track you using the WiFi beacons from your device searching for a signal. There was/is a system like this on my college campus where the network admin could locate any device on campus, has rogue detection and everything this network has. It's not new technology. It is just being geared towards law enforcement which could use that tracking to see patrol patterns. While yes they could track you, but you have agreed to terms when using your mobile device that the broadcast beacons and tower connections it makes is not private information. To sum up this entire topic with one word: paranoid.

Link to comment
Share on other sites
xrad Newbie

xrad

Posted
  • Author
Posted (edited)

Just did. And please re-read all of my previous responses. A simple solution, disable your WiFi on your devices, they can't track you using the WiFi beacons from your device searching for a signal. There was/is a system like this on my college campus where the network admin could locate any device on campus, has rogue detection and everything this network has. It's not new technology. It is just being geared towards law enforcement which could use that tracking to see patrol patterns. While yes they could track you, but you have agreed to terms when using your mobile device that the broadcast beacons and tower connections it makes is not private information. To sum up this entire topic with one word: paranoid.

We can for sure agree on the paranoid part Mr-Proocol, for sure, enough paranoia from the people that live there to ask/demand it be turned off.

I did re-read, I was also pointing this out you stated:

Quote

According to reports from Kiro 7 News, the mesh network devices can capture a mobile users IP address, mobile device type, apps used, current location and even historical location down to the last 1,000 places visited.

Umm impossible unless they connect. Later on in that same webpage..

But the last article does state associated and unassociated device:

"The user's guide for one of Aruba's recent software products states: "The wireless network has a wealth of information about unassociated and associated devices." That software includes "a location engine that calculates associated and unassociated device location every 30 seconds by default... The last 1,000 historical locations are stored for each MAC address."

I thought it was a very interesting subject.

I thought was pertinent to this community, and privacy, and thought I would share.

Clearly, I guess I was mistaken, won't happen again.

Edited by xrad
Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

It is fine to share it. But I was merely pointing out the flaws in the news articles and how it really works. The original postings made it seem like the local law enforcement was using this mesh to have people's devices maliciously connect to their network and pull down all sorts of information from their device, which is not true. If you turn off WiFi on your cell phone and don't connect to their street name SSID, the only way they can "track" you is by pulling cell tower locations which would need at the very least a subpoena. Or from pulling all your information from public facebook/twitter/instagram/foursquare/socialmedia updates with geo location or location tagging lol.

Link to comment
Share on other sites
xrad Newbie

xrad

Posted
  • Author
Posted (edited)

It is fine to share it. But I was merely pointing out the flaws in the news articles and how it really works. The original postings made it seem like the local law enforcement was using this mesh to have people's devices maliciously connect to their network and pull down all sorts of information from their device, which is not true. If you turn off WiFi on your cell phone and don't connect to their street name SSID, the only way they can "track" you is by pulling cell tower locations which would need at the very least a subpoena. Or from pulling all your information from public facebook/twitter/instagram/foursquare/socialmedia updates with geo location or location tagging lol.

Cool....

Now that we have that out of the way.......the original post has always been....

Wouldn't you love to just play with one of those to see what they can do?........lol

Edited by xrad
Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

Access point plus this product is what is mentioned in the article: http://www.arubanetworks.com/products/airwave-network-management

I actually used to have a bunch of the AirMagnet sensors which is the hardware and all the fancy cool features were software on a centralized server which I didn't have.

http://www.flukenetworks.com/enterprise-network/wlan-design-analysis-and-security

Info I found out about my sensors https://forums.hak5.org/index.php?/topic/17419-airmagnet-5010-hackable/

It's basically a more powerful version of your typical access point with 2 radios which passes information to a centralized server which makes the pretty graphs.

Link to comment
Share on other sites
xrad Newbie

xrad

Posted
  • Author
Posted

Thanks for the informative debate and links, Mr-Protocol. I intend to read that.

That's why I'm here, to try to learn from you guys.

I might make it tough on you, and be a bit annoying asking questions to your answers, but I am learning a lot.

Thanks again

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...