Saturday, August 09, 2014

Using Your Cat To Hack Your Neighbor's Wi-Fi

   I thought that you might like to see what kind of crap people like us can come up with when we get bored.

  By Retroactive Genius

As someone who is in the employ of 3 cats, I understand that it's a quid pro quo arrangement: I provide food, a home, visits to the vet and household items to destroy;  the cats provide me, my family (and the dog) with endless pleasure, affection, amusement and a (less desirable) supply of dead mice, rats and birds.

Now, security researcher Gene Bransfield has developed a way to get your cats to bring home more than dead mice, rats, birds and other forms of wildlife that were too slow. Bransfield has created a 'WarKitteh' collar equipped with:

...a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery—everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with, at most, some simple crypto-cracking tools.

First, there was wardialling, cycling through phone numbers with a modem to find vulnerable computers; we all remember WarGames, right?

Then came Wi-Fi and 'wardialling' became 'wardriving', which involved driving (or even walking) through a neighborhood with a good antenna/receiver to find vulnerable networks.

Wardriving led to 'warchalking',  a 'code' that would be chalked up on the side of a building to indicate an open or weakly encrypted Wi-Fi network (in much the same way that hobos used chalk marks to indicate a place where people were generous or not).

Bransfield has taken the next logical step and attached his hacked collar to his wife’s grandmother’s cat, Coco. The 'upgraded' cat, wearing the 'Warkitteh' collar, would roam and detect vulnerable Wi-Fi setups. Bransfield made the 'Warkitteh' collar for less than $100.

Initially, said Bransfield, he’d outfitted the Wi-Fi hacking cat as sort of a cute stunt. The security engineer thought it would make for an amusing topic to entertain the hacker-filled audience at this year's DEF Con; but he said he was surprised at the experiment’s success.

Bransfield told Wired Magazine:

“My intent was not to show people where to get free Wi-Fi. I put some technology on a cat and let it roam around because the idea amused me. But the result of this cat research was that there were a lot more open and WEP-encrypted hot spots out there than there should be in 2014.”

Over three hours, Coco, the Wi-Fi hacking cat, found 23 Wi-Fi hotspots and over a third of them were unsecured or used easily hackable WEP instead of the more secure WPA encryption.

WEP encryption has been laughably easy to crack for years, which is why people were urged to switch to WPA or WPA2 encryption. But even the latter two, if not properly configured, can be cracked relatively easily by a linux tool called Reaver. Reaver is even available for Android smartphones (if your phone has the right wireless chip).

Bransfield says that although he came up with the weaponized cat experiment (he admits the term weaponized is tongue-in-cheek) for fun, he like to think that the results will alert more people to the importance of Wi-Fi security.

“Cats are more interesting to people than information security. If people realize that a cat can pick up on their open Wi-Fi hotspot, maybe that’s a good thing.”

Kittehs, God love 'em: can it be long before they're hacking into your credit card account and ordering tuna and catnip by the pallet-load?

Originally posted to Retroactive Genius on Sat Aug 09, 2014