
Detect and disconnect WiFi cameras - thelostagency
http://julianoliver.com/output/log_2015-12-18_14-39
======
hammock
Title was edited from the original to censor the mention of Airbnb (a YC
company)? Really, Dang?

~~~
morgante
The "in that AirBnB you’re staying in" is totally superfluous and is mere
outrage fodder.

~~~
enraged_camel
Not really. The script was written as a result of the recent AirBnB stories
about hosts spying on and recording their guests. The relevance is direct and
immediate, and taking it out of the title is shameless editorializing.

~~~
jzwinck
The very first vignette in the very first link
([http://fusion.net/story/49806/beware-houseguests-cheap-
home-...](http://fusion.net/story/49806/beware-houseguests-cheap-home-
surveillance-cameras-are-everywhere-now/)) is about someone who was spied on
when staying for free at some person's apartment. Not AirBnB.

Journalists often concoct an "ongoing" narrative to make it sound like there
is a big trend when there are only one or two anecdotes. Write a weak article
with one example, follow it up with a second article with a second example,
then write a third article proclaiming that something is "sweeping the
nation," linking to what "we previously reported."

The linked title could just as well have said "when you're staying in a
stranger's home," but that doesn't carry as much currency as "AirBnB." I think
that's clickbait, albeit subtle.

------
bkjelden
Say someone is renting out a room on AirBNB, and they also have some dropcams
monitoring the perimeter of their house.

Someone rents the room, and runs this script, disabling the cameras.

During the stay, the property is burglarized, and there is no surveillance
footage of the crime because the renter disabled the cameras.

That seems like an incredibly messy legal situation. Would the renter even be
able to exonerate themselves? They disabled the cameras, it almost feels like
they inadvertently framed themselves for a crime they didn't commit.

~~~
eyeJam
To commit a criminal offence, one needs the criminal act (actus reus) and the
guilty mind (mens rea). If someone deactivated the security system (actus
reus) with the intent (mens rea) of helping someone else burglarize, that
would definitely be a crime. However if someone deactivated the security
system and without criminal intent helped a criminal, then it would be a much
murkier issue. Most countries have various offences on the books for criminal
negligence to deal with this situation.

On the other hand if the homeowner or the insurer wished to SUE someone for
disabling the security system and thereby facilitating the loss of property,
that someone would most likely be fucked. Civil liability doesn't require the
accused to be the sole cause of the damage; one can be a contributory cause
and still get roasted for huge damages. _IANAL and this comment is not legal
advice_

~~~
piker
(1) According to the article, disabling the wireless camera itself may be a
crime in the US. If so, there are a host of ways the participant could face
criminal liability under the described facts.

(2) Civil liability _does_ require, generally, causation--cause-in-fact and
proximate cause. The cause-in-fact test is a simple "but-for" assessment: but-
for our guy disabling the wireless, would the robbery have happened? In this
case, yes, in the absence of our guy disabling the wireless, the bad guy would
have still robbed the house. Disabling the wireless did not cause the robbery,
the criminal was acting independent and without knowledge of the wireless
camera's being disabled. Proximate cause is a more complicated legal standard,
but since cause-in-fact is missing here, our guy isn't liable, and your second
point is probably incorrect.

~~~
eyeJam
Disabling the cameras would make it much harder to identify and catch the
thief and therefore recover the stolen property. And so, on a balance of
probabilities, 'but for' disabling the cameras the damage (loss of property)
would not have occurred.

I see what you're saying, but there's a strong argument to be made for finding
the camera-disabling guest negligent. If I was advising a client I would never
state things as matter-of-factly as you did, but maybe its okay in the court
of HN.

~~~
piker
And "but-for" the police's inability to catch the bad guy, the plaintiff would
have recovered his stolen goods as well, right? And "but-for" the Chief hiring
the detective in charge of the case, the plaintiff would have been more likely
to recover his property. And on and on. He should sue them all as well.

A lawyer who doesn't quite yet understand factual causation or the limitations
imposed by proximate cause would do well to hedge an answer like this with a
client. A knowledgeable lawyer, however, would win this on SJ.

[edits: typos]

------
singularity2001
And don't forget to report those cameras to the authorities, since in many
countries it is completely illegal to film people without their consent (in
private places).

~~~
patcheudor
Interestingly enough, it's also completely illegal in the US to de-auth a WiFi
client which is exactly what this is doing and the disclaimer is hardly
accurate:

"It may be illegal to use this script in the US."

There's no "may" about it. It is illegal:

[https://www.fcc.gov/document/warning-wi-fi-blocking-
prohibit...](https://www.fcc.gov/document/warning-wi-fi-blocking-prohibited)

Two wrongs really don't make a right. Without physically locating the camera
you have no idea what is being deauthed. It could be a camera monitoring a
locked (unavailable to the guest) room or even a neighbors camera. Not
everyone out there is a perv and there are entirely legitimate and expected
uses for WiFi cameras which are not creepy.

It would be better to locate the camera and if in a location where privacy is
expected, simply call the police because who knows how many other victims
there may have been and who knows how creepy the person who put it there is.

~~~
prutschman
The relevant text of the FCC enforcement advisory you just linked to is:

"No hotel, convention center, or other commercial establishment or the network
operator providing services at such establishments may intentionally block or
disrupt personal Wi-Fi hot spots on such premises, including as part of an
effort to force consumers to purchase access to the property owner's Wi-Fi
network. Such action is illegal and violations could lead to the assessment of
substantial monetary penalties."

------
andersonmvd
One easier way to detect (without jamming afterwards), for iOS at least, is to
install the "Fing" app, connect to the wifi and scan the network. Then you
will know the connected devices and their names. Chances are that cameras will
have easy to recognize names on them. EDIT: you'll get the MAC address too, so
you can compare if they match camera companies.

~~~
aaronem
For those who don't own an iOS device, or don't feel it is the best tool to do
this kind of analysis: The standard tool on OS X or Linux appears to be
Kismet[1], which, while I haven't actually used it and so can't vouch for it
firsthand, appears to be quite capable. I don't know what, if any, equivalent
tool exists for Windows, and since I don't own a Windows laptop, I also don't
really care.

Edit: Having now installed Fing and looked at what it does, it seems to
basically just look at its assigned IP and netmask to determine the address
space of the local network, and then perform an nmap-style ping scan to see
what doesn't time out. When it gets a packet back, it uses the MAC address to
identify the type of device, and a PTR lookup with the DHCP-provided DNS
server to obtain a hostname. These are pretty cool capabilities to have on a
handheld device, of course, but if you can't or won't install Fing, you can do
pretty much everything it does with a 15-line Perl script on any device that
can connect to the wireless network.

[1] [http://www.kismetwireless.net/](http://www.kismetwireless.net/)

~~~
darkr
Yeah, kismet and/or airscan are pretty much the two go-to tools for wifi
security auditing.

Kali Linux (can run from a bootable live image) has these two plus a whole lot
more useful tools for doing this kind of thing.

------
hannob
Beside the legal issues I fear that this is a risk in a way that it could
create a false sense of security. I.e. non-technical people thinking "this
will make sure I'm not filmed" while this isn't the case. There can be cameras
not affected by the script, cameras with cables, cameras with their own
storage etc. pp. Of course everyone here will say "that's obvious", but I'm
not sure this is obvious for everyone.

~~~
coob
Non technical people are going to run shell scripts?

~~~
yareally
It's more likely someone will naively create a gui wrapper app that does it
for them.

------
georgemck
Just need to have two separate networks: one for guests, other for security.
Security network has its own hidden SSID.

This is not an AIRBNB issue, it's a privacy issue anywhere you go...

~~~
simoncion
Because clients connected to a "hidden" SSID broadcast -in cleartext- that
AP's SSID in many frames that they and the AP transmit as a normal part of
operation, [0] deactivating SSID broadcasts gains you no security, a _fair_
bit of inconvenience, and -potentially- reduced battery life when you move out
of range of the AP as the client spams "are you here?" messages, rather than
taking the absence of SSID broadcasts as a sign that it's out of range of the
AP.

Now, you _could_ "hide" your SSID to reduce the number of SSIDs that appear in
a WiFi network browser in a congested area... but that's a thing that -IMO-
doesn't get you much for the hassle.

For security, either use WPA2-Personal in AES/CCMP-only mode with a long,
randomly-generated password, or WPA2-Enterprise [1] in the same mode.

[0]
[https://en.wikipedia.org/wiki/Network_cloaking#False_Sense_o...](https://en.wikipedia.org/wiki/Network_cloaking#False_Sense_of_Security)

[1] Maybe even with client authorization through certs! :D

------
TazeTSchnitzel
I like the massive fanfare the script makes when it finds a camera.

------
kazinator
If you're seriously worried about this issue/threat, you have to take into
consideration non-Wi-Fi cameras also! Not to mention microphones.

~~~
brownbat
Agreed, this is a pretty narrow slice. Though if you're seriously worried
about all forms of surveillance, you can end up heading down a deep rabbit
hole pretty fast.

Consider "The Thing:"
[https://en.wikipedia.org/wiki/The_Thing_(listening_device)](https://en.wikipedia.org/wiki/The_Thing_\(listening_device\))

------
forgottenpass
That disclaimer bugs me. Just admit you don't know what the fuck you're
talking about and to consult a lawyer before using on equipment the user
doesn't own and control. Instead it misleads the uninformed, and shows the
slightly-informed you skimmed half a news article once.

~~~
wutbrodo
Can you clarify the problem you have with the disclaimer? The important parts
of the disclaimer seem to be the lines "this might be illegal, make sure to
check, use with caution" as well as mention of de-authing being the potential
problem. Those seem to me to be enough for an informed user to be able to do
their research and enough for an uninformed user (or those unconfident in
their ability to research it) to be sufficiently scared away.

~~~
forgottenpass
Heres why:

> Due to changes in FCC regulation in 2015,

It wasn't a change in regulation. There was an enforcement advisory that the
FCC considered interfering with WiFi connections to be interference under 47
USC 333. That's not a new law or regulation, it's just the FCC publicizing
that they have already and will take further action over new way to violate a
law.

> it appears intentionally de-authing WiFi clients, even in your own home,

The radio spectrum is a public resource, even when it radiates through your
home. I can't use a stingray just because the phones are being used in my
house either. I can understand why some people might disagree with the public
resource nature of RF. But it's neither clear if the author is trying to pick
that bone for real, nor am I here to defend that classification. Just pointing
it out.

> is now classed as ‘jamming’. Up until recently, jamming was defined as the
> indiscriminate addition of noise to signal - still the global technical
> definition.

Jamming is used colloquially to refer to all interference under 47 USC 333.
But with a little googling I don't see the FCC using the term "jamming" for
this style of WiFi interference. The law is written the way it is because
spoofing deauth messages is just one of the many ways to cause interference
without "jamming."

> It’s worth noting here that all wireless routers necessarily ship with the
> ability to de-auth, as part of the 802.11 specification.

I don't think I understand that it's "worth noting." There is a large
difference between an access point managing it's clients, and a rogue actor
spoofing messages to mislead those clients that the message came from the AP.
The fact it's part of the spec is the only reason this tool works at all, and
the concept of layer 2 interference isn't particularly hard to grasp,
especially when that's the explicit purpose of the tool.

Also:

>The very fact this code exists should challenge you to reconsider the non-
sane choice to rely on anything wireless for home security. More so, WiFi
jammers - while illegal - are cheap. If you care, use cable.

There are a great many things in my life that someone could fuck up if they
wanted to break the law that are much more important than my wifi based home
security. Even with this tool, the greatest threats to wifi devices are still
lousy wifi performance before interference, and lousy residential internet
connections.

I don't need someone with a baseball bat loitering around the parking lots I
use to pester me about my car. That doesn't "challenge me to reconsider the
non-sane choice" of using a mode of transportation that is just so darn easy
to damage with a baseball bat.

------
awqrre
To disable all cameras that only save data to the "cloud", like dropcam and
many others, you can also just temporarily disconnect the cable or phone wire
on the outside of the house.

~~~
banku_brougham
I like this because presumably it is not illegal to do so.

~~~
notwhereyouare
If you read the article at the end the author says it's legality is
questionable due to FCC changes that include kicking somebody off the wireless
as jamming them

~~~
awqrre
Dropcams could be illegal in many states in this case since they can record
audio... but laws should be updated to include video. (see two-party/all-party
consent states:
[https://en.wikipedia.org/wiki/Telephone_recording_laws#Unite...](https://en.wikipedia.org/wiki/Telephone_recording_laws#United_States)
)

------
theoh
As someone with a bit of familiarity with the world of contemporary art, I
think it's important to see this as a provocation, not something intended for
real world use. One might find Oliver's other projects (e.g. the "transparency
grenade", which is an actually transparent acrylic grenade that "blowns open"
wifi insecurity) to be a bit irresponsible or less sensitive than you would
expect from a "critical engineer".

------
mapgrep
Cool but some questions on the command line args:

Call be dumb but I have no idea what my wireless NIC is called and that's the
first arg to the script.

How do I find out the handle for my wireless network card (I didn't even know
it had a name), but also does anyone know why the script can't self detect
that? Don't most people only have one?

Ditto for the SSID, couldn't the script just figure out what SSID I'm
connected to?

Asking as much for self education as anything else...

~~~
mschuster91
On Linux, run ifconfig as root. The problem is that there's no naming
convention for NIC names. Some systems use ethX for both wired and wireless
systems, some ethX/wlanX, and some use wlx-(macaddress) unique name.

~~~
finnn
Why would you need to to root to see the list of network cards? ifconfig as
non-root, or just ip addr, works fine.

Note that newer debian versions seem to have moved ifconfig to sbin so it's
not in a normal user's $PATH

------
Sephr
Wouldn't 802.11w protected management frames prevent this script from working,
as long as the homeowner has that enabled on their router?

------
ck2
Except a $10 spare smartphone can be turned into a wifi camera very easily.

So it only works if they are using one of those two off the shelf cameras.

~~~
pavel_lishin
Are there any guides to doing this? We're about to have a baby, and don't want
to drop a few hundred bucks on a baby video monitor system - I'd rather just
ziptie a phone to the shelf above the crib.

~~~
JabavuAdams
Q: Why do you want a baby monitor?

We got one as a gift, but hardly used it. Of course both my kids are little
Darth Shnorkulas.

I just can't really think of a scenario where the monitor helps. I mean I've
had those panicked moments where I'm like "Is my kid dead, and I've just been
sitting here playing computer games?" But either get up and check, or just
keep playing. They almost never die.

~~~
pavel_lishin
My favorite part of asking any technical question is the mandatory "you don't
actually want to do what you're asking us how to do" :)

Pretty much most of what people said in response; if the baby's asleep and I'm
cooking in the kitchen while watching a YouTube video and boiling something,
it'd be nice to have a window displaying the kid in the corner so I can tell
when it wakes up. Plus, it might be nice to tune in from work and watch it
sleep. Plus, the wife wants one.

Given that dedicated hardware ones are expensive, I'd like to try it with one
of the old phones we have laying around - if I come to agree with you that
it's unnecessary, I won't have wasted $200 on something that really has no
other purpose.

~~~
JabavuAdams
> My favorite part of asking any technical question is the mandatory "you
> don't actually want to do what you're asking us how to do" :)

As I was writing my response, I realized that I was doing this, but it amused
me. So yeah, touché.

------
SuperKlaus
The original link isn't forwarding right from http to https, working link:
[https://julianoliver.com/output/log_2015-12-18_14-39](https://julianoliver.com/output/log_2015-12-18_14-39)

------
awqrre
Very similar to:
[https://julianoliver.com/output/log_2014-05-30_20-52](https://julianoliver.com/output/log_2014-05-30_20-52)

------
05
That's why you put security cameras on a separate VLAN..

~~~
rosege
what I was thinking

------
xgbi
Why not just scan for cameras and simply tell that there are some cams in the
local network?

You can then search for them and simply place some cloth on it? Might be more
legal.

------
nick_name
> arp-scan -I $NIC --localnet

If the camera runs on a separate network to which you don't have access to,
the script wouldn't work.

------
stevefeinstein
You're missing the point people! Don't record other people who are renting
your house, or tell them you're going doing it. Detecting and disabling a
camera on the network (and assuming it's on the same subnet as any wifi you
are authorized to use) is ass backwards.

