Hacker News new | comments | ask | show | jobs | submit login
Detect and disconnect WiFi cameras (julianoliver.com)
311 points by thelostagency on Dec 19, 2015 | hide | past | web | favorite | 133 comments

Title was edited from the original to censor the mention of Airbnb (a YC company)? Really, Dang?

That's against Hacker News policy to only use the actual title of the article (even if it's a worse one.)

I wonder if integrity will win out.

Yep there have been many submissions critical of AirBnb that were silently removed from the front page in the past.

I am surprised this is still holding up.

One could make a plausible case there's a bit of click bait in the original title because there is nothing specific to AirBnB in the script; the use of hidden cameras is not part of their business; nor are AirBnB rentals a unique market for hidden cameras.

Anyone who clicks on the link can read the title and decide its relevance to the hack. The primary people whose needs aren't accommodated by the change are those whose interest is triggered by "AirBnB."

The "in that AirBnB you’re staying in" is totally superfluous and is mere outrage fodder.

Not really. The script was written as a result of the recent AirBnB stories about hosts spying on and recording their guests. The relevance is direct and immediate, and taking it out of the title is shameless editorializing.

The very first vignette in the very first link (http://fusion.net/story/49806/beware-houseguests-cheap-home-...) is about someone who was spied on when staying for free at some person's apartment. Not AirBnB.

Journalists often concoct an "ongoing" narrative to make it sound like there is a big trend when there are only one or two anecdotes. Write a weak article with one example, follow it up with a second article with a second example, then write a third article proclaiming that something is "sweeping the nation," linking to what "we previously reported."

The linked title could just as well have said "when you're staying in a stranger's home," but that doesn't carry as much currency as "AirBnB." I think that's clickbait, albeit subtle.

I doubt it's explitly up to Dang, I remember seeing this same sort of thing back when PG was running the show too. And even if it is up to Dang's discretion..

Why would YC want to propagate negative content corresponding to their ventures?

As far as I'm aware, HN never promised to let us (the users) rule the roost this way. And they've never promised freedom from censorship.

To be clear, I don't mean any of this in a critical way. It simply is what it is.

I thought there was an announcement a few months back explicitly talking about editorial independence at HN.

That's a good point! I also recall the announcement [0] and related HN discourse [1].

Reviewing it now, it looks to me like they declared editorial independence without going into much detail. I especially don't see anything about guaranteeing the preservation of things that may harm the YC or affiliated brands.

[0] http://blog.ycombinator.com/two-hn-announcements

[1] https://news.ycombinator.com/item?id=10298512

Say someone is renting out a room on AirBNB, and they also have some dropcams monitoring the perimeter of their house.

Someone rents the room, and runs this script, disabling the cameras.

During the stay, the property is burglarized, and there is no surveillance footage of the crime because the renter disabled the cameras.

That seems like an incredibly messy legal situation. Would the renter even be able to exonerate themselves? They disabled the cameras, it almost feels like they inadvertently framed themselves for a crime they didn't commit.

To commit a criminal offence, one needs the criminal act (actus reus) and the guilty mind (mens rea). If someone deactivated the security system (actus reus) with the intent (mens rea) of helping someone else burglarize, that would definitely be a crime. However if someone deactivated the security system and without criminal intent helped a criminal, then it would be a much murkier issue. Most countries have various offences on the books for criminal negligence to deal with this situation.

On the other hand if the homeowner or the insurer wished to SUE someone for disabling the security system and thereby facilitating the loss of property, that someone would most likely be fucked. Civil liability doesn't require the accused to be the sole cause of the damage; one can be a contributory cause and still get roasted for huge damages. IANAL and this comment is not legal advice

(1) According to the article, disabling the wireless camera itself may be a crime in the US. If so, there are a host of ways the participant could face criminal liability under the described facts.

(2) Civil liability does require, generally, causation--cause-in-fact and proximate cause. The cause-in-fact test is a simple "but-for" assessment: but-for our guy disabling the wireless, would the robbery have happened? In this case, yes, in the absence of our guy disabling the wireless, the bad guy would have still robbed the house. Disabling the wireless did not cause the robbery, the criminal was acting independent and without knowledge of the wireless camera's being disabled. Proximate cause is a more complicated legal standard, but since cause-in-fact is missing here, our guy isn't liable, and your second point is probably incorrect.

Disabling the cameras would make it much harder to identify and catch the thief and therefore recover the stolen property. And so, on a balance of probabilities, 'but for' disabling the cameras the damage (loss of property) would not have occurred.

I see what you're saying, but there's a strong argument to be made for finding the camera-disabling guest negligent. If I was advising a client I would never state things as matter-of-factly as you did, but maybe its okay in the court of HN.

And "but-for" the police's inability to catch the bad guy, the plaintiff would have recovered his stolen goods as well, right? And "but-for" the Chief hiring the detective in charge of the case, the plaintiff would have been more likely to recover his property. And on and on. He should sue them all as well.

A lawyer who doesn't quite yet understand factual causation or the limitations imposed by proximate cause would do well to hedge an answer like this with a client. A knowledgeable lawyer, however, would win this on SJ.

[edits: typos]

The US has lots of "strict liability" offences that don't require mens rea. The mere act is enough to constitute an offence.

Even more clearcut, all the cameras in all the neighbouring flats get disabled (this is actually the reason why jamming is illegal -- EM radiation doesn't know to respect property boundaries).

It looks like the script uses arp-scan to detect cameras. That is an ethernet-level tool so it will detect only devices on the wifi network your computer is connected to, not all networks within range.

Yep, you're right. An 802.11 client broadcasts the MAC address in every frame in plaintext, so a more straightforward approach would be to use `airodump-ng` to list the cams. The innocent bystander practical & legal concerns were probably the reason author did it this way.

This particular script is not really a jammer in the traditional sense. It's simply a de-auth command to a specific device on a specific network. So with a little care you could ensure you were only dropping the indoor cameras.

The FCC considers sending deauth packets "jamming" according to https://apps.fcc.gov/edocs_public/attachmatch/DA-15-113A1.pd...

Its more subtle than that.

The FCC considers sending deauth packets to networks you are not supposed to be in control of jamming.

So, still a bad thing here, but not quite the same reason.

De-authing the camera from the wireless network isn't necessarily going to stop it from recording. Manything for instance will pile up footage offline and sync it when it gets an internet connection again... should probably be clarified in the article that it's not stopping the recording but merely disrupting the internet connection of the camera

> Would the renter even be able to exonerate themselves?

If you can convince the cops to do their job, then yes?

If my apartment was burgled when I was at work and my new roommate had the day off, the cops would -hopefully- do some investigation to determine if anyone else might have possibly entered the space, as well as checking and enquiring with pawn shops and grey-market street vendors for my stolen goods.

The cops are not going to go looking for your lost stuff for you. I know this from experience.

And don't forget to report those cameras to the authorities, since in many countries it is completely illegal to film people without their consent (in private places).

Interestingly enough, it's also completely illegal in the US to de-auth a WiFi client which is exactly what this is doing and the disclaimer is hardly accurate:

"It may be illegal to use this script in the US."

There's no "may" about it. It is illegal:


Two wrongs really don't make a right. Without physically locating the camera you have no idea what is being deauthed. It could be a camera monitoring a locked (unavailable to the guest) room or even a neighbors camera. Not everyone out there is a perv and there are entirely legitimate and expected uses for WiFi cameras which are not creepy.

It would be better to locate the camera and if in a location where privacy is expected, simply call the police because who knows how many other victims there may have been and who knows how creepy the person who put it there is.

The relevant text of the FCC enforcement advisory you just linked to is:

"No hotel, convention center, or other commercial establishment or the network operator providing services at such establishments may intentionally block or disrupt personal Wi-Fi hot spots on such premises, including as part of an effort to force consumers to purchase access to the property owner's Wi-Fi network. Such action is illegal and violations could lead to the assessment of substantial monetary penalties."

Clarification: Sending deauth packets on networks you control is fine. The issue the FCC is taking is with systems that send deauth packets to other networks.

In the US is legal to monitor babysitters / house cleaners with hidden cameras. Just don't record bathrooms etc.

Stepping aside from legality, and speaking purely from ethics, there's a big difference between "hiring someone to provide a service for your own private home" and "renting out a temporary place of residence for someone".

Ethically speaking I'd say it's completely okay to monitor the former, whether that service is a plumber or a babysitter, and whether the monitoring is done with a camera or your own human eyes. Those service personnel shouldn't be expecting privacy while they provide services, anyway.

Ethically speaking I'd say it's wrong and a violation of privacy to monitor the latter, regardless of whether it is done with camera or eyes, without prior warning. This is because providing a place of residence implies providing some level of privacy. Forget cameras, you shouldn't generally enter a tenant's place of residence even with your human eyes, without letting them know in advance (e.g. at the very least by knocking).

> Those service personnel shouldn't be expecting privacy while they provide services, anyway.

Jeez. Not sure how to respond. I think for me it is not 'complete okay' to waiver your privacy whenever you provide paid services to some overlord.

Do you expect privacy in the workplace?

Do you expect privacy when you're in a shopping mall?

You're in a building controlled by someone else, no renting going on. What is your rule for when privacy is expected?

> Do you expect privacy in the workplace?

Yes. And I am in the position to demand it, or take another position. So we get a privacy divide within society: cleaners, waiters etc don't have an expectation of privacy, those higher up do.

> Do you expect privacy when you're in a shopping mall?

No, everybody can walk in and out at any time.

> You're in a building controlled by someone else, no renting going on. What is your rule for when privacy is expected?

Well, you have touched upon that yourself in your previous question: if a place is open to public you can not expect privacy obviously. When you are in a private place, the default should be to expect privacy unless explicity noticed otherwise.

I feel like you are actually advocating some 1984 here on freakin' HN!

You're a plumber in my house. I feel like I fully have the right to watch you as you repair my plumbing. You're a babysitter in my house. Babysitting my hypothetical baby. I feel like I would have the right to watch over that baby's treatment in someone else's hands. If you aren't going to let me watch over the quality of your services, I would just find someone else to provide those services.

At some point, once we have established a degree of trust, I would probably watch over you less and less. This is quality control, not a privacy violation.

I do agree that within a single organization, such as a software company, employees need to have some level of privacy from each other in order to work efficiently and happily. That is also facilitated by an environment of mutual trust established by the company itself. That's a very different situation from an individual contracting the services of another individual, who are not a priori related to each other.

> I feel like I fully have the right to watch you as you repair my plumbing.

If you are present: yes.

I just realized the fight against surveillance is not particular with the NSA/GHQC and or the government.

It will be a fight within.

I feel like this is a completely different area though. Would you ever rent services from someone saying: "I'll do the work in your house, but you can't look" ? I get the general idea of "I don't waive my right for privacy when I enter someone's house", but for work I just don't see any use case.

If I can't see what you're doing in my house, you're not working in my house. What's the reason I'd ever want/need the opposite?

> Would you ever rent services from someone saying: "I'll do the work in your house, but you can't look"?

For a second there, I thought I was in another proprietary software vs. free software thread...

It's awfully easy to forget how one's circles aren't representative of most people. I think the general public are a lot more worried about terrorism and whatnot than they are about surveillance. Bashing the surveillance services is not a vote-winner.

I'm not advocating anything. Also note that I might take issue with cameras even in areas where I don't expect to have privacy.

In what way do those 'higher up' have privacy? Even a CEO is commonly able to be monitored by HR.

The CEO has it's own office. He can close the door. If he wants, there will be no surveillance.

He even has an employee hired to protect his privacy: his secretary, which sits in front of this door. 'No sorry, mister Buffet is not in right now'.

The cleaner, the factory worker etc has to work in public places an thus can ben surveilled 100% of the time?

> I'm not advocating anything

You are at least condoning surveillance of everything that is under YOUR control. 'My property', 'I am paying for this'. Expressing your opinion like this in this context can only be explained as advocacy.

>You are at least condoning surveillance of everything that is under YOUR control. 'My property', 'I am paying for this'.

Those are not words I said.

I just wanted to know how you drew the line.

Which has helped me understand you better. I think you define the word 'privacy' differently than I do. I am against surveillance in many areas where I do not expect 'privacy'. You also draw a similar distinction, where you're okay with someone physically watching a plumber but not setting up a camera.

> Even a CEO is commonly able to be monitored by HR.

What do you consider "being monitored" in this context? The CEO answers to the board. Would I be naive in assuming the CEO is so far above HR and IT that monitoring him wouldn't be within their jurisdiction without the board requesting something specifically behind the CEO's back?

> Yes. And I am in the position to demand it, or take another position.

Really? I'm a software engineer and I certainly don't expect my employer to not look at me when I'm working.

Most people don't have a reasonable expectation of privacy at their office, including "higher ups."

> Do you expect privacy in the workplace?

Somewhat, yes. Benefits of being a European, I guess.

I'd say that if you're renting to someone else, it's still your property so you should be free to monitor it, but not disclosing the presence of cameras or other monitoring devices should be illegal.

Ownership is a bundle of rights. In the U.S., if you have rented out a property you "own" to another person, you do not have the right to enter that property without prior notice or consent of that person.

Again, legality aside, even if it were legal, I'd say it's unethical to do so without consent or at the very least, prior notice.

What about house guests in bedrooms where they ought to have a reasonable expectation of privacy?

The US is obviously a very fucked up place.

The US is a fucked up place because they want to make sure a babysitter doesn't shake their baby to death or a housecleaner doesn't break or pocket something without admitting it? Hyperbole much?

Hrmf, and your sentence isn't a hyperbole?

I mean, if we extend your logic, we should monitor everyone at all times because someone might just accidentally do something to hurt your child right? You never know why an extremely rare event like you mentioned could happen.

Everyone is usually being monitored when around children of strangers; we just usually do so with human eyes instead of cameras. Babysitting is an exception, but why should it be?

That's... just not really true. Maybe in some parts of extreme helicopter parenting, but it's really not a global truth. If what you say is true in US then perhaps the upper poster wasn't so wrong about the state of the country :/.

The implication wasn't that parents are watching the kids at all times when they're with others, but that someone was. There are almost no situations in which kids are left alone with someone other than their parents, apart from babysitting.

JoshTriplett is right, I was talking about other people, not necessarily parents. Also, I'm not from the US.

A camera doesn't stop either of those things, it just shows them happening.

Which stops them from happening again.

Edit: also, cameras don't have to be secret. Knowledge that they're being recorded can often stop it happening the first time.

So the camera is the thin line between the stranger killing the child or not? Sounds pretty fucked up.

(I realize this isn't really addressing your intended meaning, but the ambiguity is there in what you said, which is pretty...)

Pretty what? All sentences are ambiguous if you try hard enough. If you could tell what the meaning was, why are you insulting a strawman while actively admitting it is a strawman?

Pretty fucked up. I wasn't insulting a strawman, I was pointing out the mindset that thought the camera was saving babies lives.

(which obviously they aren't, they are documenting instances where vetting the sitter fails, not keeping marginal sitters in line)

A camera can find mistreatment before it turns critical, and then the sitter is replaced.

That is protecting the baby's health, which sometimes reaches the level of saving lives.

Your logic only works if camera footage goes unwatched until the day the babysitter exits the business.

Edit: And that 'thin line' remark is 100% a strawman. I don't know how you can admit it isn't the "intended meaning" and yet claim it's not a strawman.

The statement about the intended meaning is there in an attempt to avoid this conversation. I was not putting the argument in their mouth, I was being bombastic in my criticism of their phrasing. If I was raising it as a serious argument, you are right, I probably wouldn't try to undermine it 10 words later.

One easier way to detect (without jamming afterwards), for iOS at least, is to install the "Fing" app, connect to the wifi and scan the network. Then you will know the connected devices and their names. Chances are that cameras will have easy to recognize names on them. EDIT: you'll get the MAC address too, so you can compare if they match camera companies.

For those who don't own an iOS device, or don't feel it is the best tool to do this kind of analysis: The standard tool on OS X or Linux appears to be Kismet[1], which, while I haven't actually used it and so can't vouch for it firsthand, appears to be quite capable. I don't know what, if any, equivalent tool exists for Windows, and since I don't own a Windows laptop, I also don't really care.

Edit: Having now installed Fing and looked at what it does, it seems to basically just look at its assigned IP and netmask to determine the address space of the local network, and then perform an nmap-style ping scan to see what doesn't time out. When it gets a packet back, it uses the MAC address to identify the type of device, and a PTR lookup with the DHCP-provided DNS server to obtain a hostname. These are pretty cool capabilities to have on a handheld device, of course, but if you can't or won't install Fing, you can do pretty much everything it does with a 15-line Perl script on any device that can connect to the wireless network.

[1] http://www.kismetwireless.net/

Yeah, kismet and/or airscan are pretty much the two go-to tools for wifi security auditing.

Kali Linux (can run from a bootable live image) has these two plus a whole lot more useful tools for doing this kind of thing.

In the past I used inSSIDer to view nearby networks, checking to see how capable it is led here:


Which points to (pdf):


If you think Fring offers cool capabilities from a handheld device, you should check out Kali Nethunter[0]

[0] https://www.kali.org/kali-linux-nethunter/

Fing scares me. I know theoretically any app I install could be scanning my network but Fing actually says it is scanning my network.

On the Fing page it says: "Fing does not collect nor sends any detail about your environment, your accounts or your network to anybody. And that's guaranteed!"

Yet on the Fingbox page it says: "By installing Fing on a desktop workstation and logging into your account, you can perform operations on remote networks through the Fingbox cloud."

Those 2 things sound in conflict.

They are two seperate parts of the product. You can run Fing stand alone or you can subrscribe to and use the Fingbox cloud.

I've got to hand it to Fing, they've convinced people to pay through the nose for something we used to do for free.

Nmap. You want nmap.

Fing is free. You only have to pay for their "enterprise cloud" offering. There is no nmap for the iPhone.

Talk about not easy to use. I am not ashamed to say I can't figure this software out and I'm a software developer. What am I supposed to do in the case that it demands I set a target? Localhost? It'll tell me all about what I'm connected to. That tells me what my router is connected to but that isn't necessarily what I want. 90% of output is just what it is doing. Oh you initialised, completed, initialised, completed, Unable to split netmask from target expression, script post-scanning, Read data files from: /usr/local/bin/../share/nmap.

I have no immediately identifiable use for this.

True, the syntax is cryptic and unintuitive. Target is a subnet in CIDR notation, i.e. The other various options describe the scan to perform. You can do simple pings, a full portscan, a quick portscan of the few most popular ports, and enable various IDS-evasion behaviors.

Fing provides something of a value-add by wrapping its sort of functionality in a nice UI. It's just amusing to see people discover Fing as though it were the first or only tool of its kind.

nmap is a universal stalwart of network security since the late 90s. It is the classic "hacking tool" long predating Metasploit, and Hollywood VFX people have even figured this out - it features in hacking scenes in Matrix Reloaded, Battle Royale, Bourne Ultimatum, and Elysium. I suspect ease of use has never been a priority, since its target audience is fellow open-source-savvy l33t haxxors.

Beside the legal issues I fear that this is a risk in a way that it could create a false sense of security. I.e. non-technical people thinking "this will make sure I'm not filmed" while this isn't the case. There can be cameras not affected by the script, cameras with cables, cameras with their own storage etc. pp. Of course everyone here will say "that's obvious", but I'm not sure this is obvious for everyone.

Non technical people are going to run shell scripts?

It's more likely someone will naively create a gui wrapper app that does it for them.

They're called scriptkiddies: they have just enough technical know-how to hang themselves, more or less. Enough to copy and paste lines into a terminal window.

hah. On a serious note, wonder how long before someone converts this an app.

-edit- oops, didn't see the other comment to the parent comment.

Ironic that you're going to worry about legal issues while renting an illegal hotel room. Considering AirBnB is all about pushing boundaries and outright disregard for the law, the use of this script seems completely apropos.

You know, there is life beyond your own city. Hotels aren't granted a monopoly over short-term rentals everywhere.

Indeed, but it's the illegal rentals which have made AirBnB successful and led to its giant valuation. There were legal rental sites before AirBnB, but none rose to such heights. AirBnB got rich by flaunting the laws on most of their listings.

But you weren't talking about AirBnB, you were talking about the guest. Even if AirBnB became more successful due to also having illegal rentals, it's faulty to assume the guest is in one.

Flaunt roughly means to show off. I think you mean flouting the law.

(edit: Nevermind, I see flaunt has both meanings)

The second meaning is an error, really, and gets flagged with usage notes.

"4. The use of flaunt to mean “to ignore or treat with disdain” ( He flaunts community standards with his behavior) is strongly objected to by many usage guides, which insist that only flout can properly express this meaning. From its earliest appearance in English in the 16th century, flaunt has had the meanings “to display oneself conspicuously, defiantly, or boldly” in public and “to parade or display ostentatiously.” These senses approach those of flout, which dates from about the same period: “to treat with disdain, scorn, or contempt; scoff at; mock.” A sentence like Once secure in his new social position, he was able to flaunt his lower-class origins can thus be ambiguous in current English. Considering the similarity in pronunciation of the two words, it is not surprising that flaunt has assumed the meanings of flout and that this use has appeared in the speech and edited writing of even well-educated, literate persons. Nevertheless, many regard the senses of flaunt and flout as entirely unrelated and concerned speakers and writers still continue to keep them separate."

I love learning stuff like this. It reads like Fowler (especially the ironic "Once secure in .." example).

> Considering the similarity in pronunciation of the two words,

The only similarity I hear is that they both begin with fl and end in t. But the vowel between is quite different, in British English RP at least.

Different levels of legal violation. Using your logic it would be okay to say, "ironic that your going to worry about legal issues with raping someone when you sped to work."

In your analogy, is it the rape or speeding that's equivalent to forcibly disconnecting a wifi client?

Just need to have two separate networks: one for guests, other for security. Security network has its own hidden SSID.

This is not an AIRBNB issue, it's a privacy issue anywhere you go...

Because clients connected to a "hidden" SSID broadcast -in cleartext- that AP's SSID in many frames that they and the AP transmit as a normal part of operation, [0] deactivating SSID broadcasts gains you no security, a fair bit of inconvenience, and -potentially- reduced battery life when you move out of range of the AP as the client spams "are you here?" messages, rather than taking the absence of SSID broadcasts as a sign that it's out of range of the AP.

Now, you could "hide" your SSID to reduce the number of SSIDs that appear in a WiFi network browser in a congested area... but that's a thing that -IMO- doesn't get you much for the hassle.

For security, either use WPA2-Personal in AES/CCMP-only mode with a long, randomly-generated password, or WPA2-Enterprise [1] in the same mode.

[0] https://en.wikipedia.org/wiki/Network_cloaking#False_Sense_o...

[1] Maybe even with client authorization through certs! :D

I like the massive fanfare the script makes when it finds a camera.

If you're seriously worried about this issue/threat, you have to take into consideration non-Wi-Fi cameras also! Not to mention microphones.

Agreed, this is a pretty narrow slice. Though if you're seriously worried about all forms of surveillance, you can end up heading down a deep rabbit hole pretty fast.

Consider "The Thing:" https://en.wikipedia.org/wiki/The_Thing_(listening_device)

That disclaimer bugs me. Just admit you don't know what the fuck you're talking about and to consult a lawyer before using on equipment the user doesn't own and control. Instead it misleads the uninformed, and shows the slightly-informed you skimmed half a news article once.

Can you clarify the problem you have with the disclaimer? The important parts of the disclaimer seem to be the lines "this might be illegal, make sure to check, use with caution" as well as mention of de-authing being the potential problem. Those seem to me to be enough for an informed user to be able to do their research and enough for an uninformed user (or those unconfident in their ability to research it) to be sufficiently scared away.

Heres why:

> Due to changes in FCC regulation in 2015,

It wasn't a change in regulation. There was an enforcement advisory that the FCC considered interfering with WiFi connections to be interference under 47 USC 333. That's not a new law or regulation, it's just the FCC publicizing that they have already and will take further action over new way to violate a law.

> it appears intentionally de-authing WiFi clients, even in your own home,

The radio spectrum is a public resource, even when it radiates through your home. I can't use a stingray just because the phones are being used in my house either. I can understand why some people might disagree with the public resource nature of RF. But it's neither clear if the author is trying to pick that bone for real, nor am I here to defend that classification. Just pointing it out.

> is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition.

Jamming is used colloquially to refer to all interference under 47 USC 333. But with a little googling I don't see the FCC using the term "jamming" for this style of WiFi interference. The law is written the way it is because spoofing deauth messages is just one of the many ways to cause interference without "jamming."

> It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

I don't think I understand that it's "worth noting." There is a large difference between an access point managing it's clients, and a rogue actor spoofing messages to mislead those clients that the message came from the AP. The fact it's part of the spec is the only reason this tool works at all, and the concept of layer 2 interference isn't particularly hard to grasp, especially when that's the explicit purpose of the tool.


>The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.

There are a great many things in my life that someone could fuck up if they wanted to break the law that are much more important than my wifi based home security. Even with this tool, the greatest threats to wifi devices are still lousy wifi performance before interference, and lousy residential internet connections.

I don't need someone with a baseball bat loitering around the parking lots I use to pester me about my car. That doesn't "challenge me to reconsider the non-sane choice" of using a mode of transportation that is just so darn easy to damage with a baseball bat.

To disable all cameras that only save data to the "cloud", like dropcam and many others, you can also just temporarily disconnect the cable or phone wire on the outside of the house.

Wouldn't that stop you using their Wifi, presumably included as part of the listing? That's probably another surveillance risk to be fair, but I think most people expect it and tolerate that risk.

I like this because presumably it is not illegal to do so.

If you read the article at the end the author says it's legality is questionable due to FCC changes that include kicking somebody off the wireless as jamming them

Dropcams could be illegal in many states in this case since they can record audio... but laws should be updated to include video. (see two-party/all-party consent states: https://en.wikipedia.org/wiki/Telephone_recording_laws#Unite... )

Whether you like it or not, it appears that everything that helps privacy will soon become illegal.

As someone with a bit of familiarity with the world of contemporary art, I think it's important to see this as a provocation, not something intended for real world use. One might find Oliver's other projects (e.g. the "transparency grenade", which is an actually transparent acrylic grenade that "blowns open" wifi insecurity) to be a bit irresponsible or less sensitive than you would expect from a "critical engineer".

Cool but some questions on the command line args:

Call be dumb but I have no idea what my wireless NIC is called and that's the first arg to the script.

How do I find out the handle for my wireless network card (I didn't even know it had a name), but also does anyone know why the script can't self detect that? Don't most people only have one?

Ditto for the SSID, couldn't the script just figure out what SSID I'm connected to?

Asking as much for self education as anything else...

You can see your wireless card's name in the network management widget details' dialog/pane, or simply run 'iwconfig' in a terminal.

The script could automate the discovery of both information but that would make it larger and much more error prone.

Your comment is nice, it shows how Linux Desktop nowadays is so easy to use, one does not have to worry about technical details.

On Linux, run ifconfig as root. The problem is that there's no naming convention for NIC names. Some systems use ethX for both wired and wireless systems, some ethX/wlanX, and some use wlx-(macaddress) unique name.

Why would you need to to root to see the list of network cards? ifconfig as non-root, or just ip addr, works fine.

Note that newer debian versions seem to have moved ifconfig to sbin so it's not in a normal user's $PATH

Just heads up ifconfig is considered deprecated and ip addr show is the correct command on many modern distros.

Wouldn't 802.11w protected management frames prevent this script from working, as long as the homeowner has that enabled on their router?

Except a $10 spare smartphone can be turned into a wifi camera very easily.

So it only works if they are using one of those two off the shelf cameras.

Are there any guides to doing this? We're about to have a baby, and don't want to drop a few hundred bucks on a baby video monitor system - I'd rather just ziptie a phone to the shelf above the crib.

No need for a guide. I've done this several times and it's very simple. Assuming you have an Android, use the following app: IP Webcam https://play.google.com/store/apps/details?id=com.pas.webcam

It will be accessible on the local network via web browser (it starts a web server on the phone) or client app on another phone (e.g. tinyCam Monitor).

Q: Why do you want a baby monitor?

We got one as a gift, but hardly used it. Of course both my kids are little Darth Shnorkulas.

I just can't really think of a scenario where the monitor helps. I mean I've had those panicked moments where I'm like "Is my kid dead, and I've just been sitting here playing computer games?" But either get up and check, or just keep playing. They almost never die.

My favorite part of asking any technical question is the mandatory "you don't actually want to do what you're asking us how to do" :)

Pretty much most of what people said in response; if the baby's asleep and I'm cooking in the kitchen while watching a YouTube video and boiling something, it'd be nice to have a window displaying the kid in the corner so I can tell when it wakes up. Plus, it might be nice to tune in from work and watch it sleep. Plus, the wife wants one.

Given that dedicated hardware ones are expensive, I'd like to try it with one of the old phones we have laying around - if I come to agree with you that it's unnecessary, I won't have wasted $200 on something that really has no other purpose.

> My favorite part of asking any technical question is the mandatory "you don't actually want to do what you're asking us how to do" :)

As I was writing my response, I realized that I was doing this, but it amused me. So yeah, touché.

Some children sleep in rooms that have decent sound insulation, and the parents want to know if the child is awake and distressed. (You don't start sleep training a child who is under 6 months.)

Don't worry, you'll know when they're awake and distressed. I tend to let kids cry for at least a minute before intervening, well, unless they're old enough to be asking for help.

The alternative is madness and leads to divorce or murder-suicide.

EDIT> Actually, I just made that number up. It's all context. My main warning / peeve is that our unrealistic standards of care as modern, educated, intelligent, self-improvement-minded parents actually leads to a shitty child-rearing experience that produces somewhat shitty children, rather than a more laissez-faire approach. Crying is like the weather. We don't always have to fix it.

I agree with you, and hope I'll be strong enough as a parent to not always come running when my kid starts crying.

When the child is under 6 months you probably don't want to delay when the child is crying. Under 6 months they cry to communicate a need - they're hungry; they need changing; they're in pain; they're cold' they're lonely.

Most people think it's a good idea to address those needs.

Even the people who like sleep training think you probably shouldn't start when the child is under 6 months.

There are a couple of people who think you can start sleep training under 6 months (Ferber; Gina Ford), but even Ferber sets a minimum age of 4 months.

If you are going to go down the "cry it out" route you will want to carefully investigate the different systems. Some of them have been discredited as harmful and cruel. Ferberization (or Gina Ford, they're pretty similar) is about the harshest system that a modern parent could get away with, but you need to be aware that a lot of people hate this method.

A: In our case we have twins and when they were babies, if one was rousing, we could put her back to sleep without having the other one wake up (and create a wakeful feedback loop).

I saw a great app that turned old iOS devices into baby monitors. It wasn't the one I link to below, but you get the idea. Another weird hack was to buy a pair of cheap phones with unlimited minutes or unlimited to one number on one of them. Dumb phones are best as the battery is better. Then just call the phone and leave the call running. Unlimited range as long as you have cell signal. Telcomes here in NZ got wise and limited the minutes of a call. Cloud Baby Monitor https://appsto.re/nz/N99Yz.i

Search either app store for 'baby monitor' and take your pick. I can't remember the name of the one we settled on when my son was born earlier this year but all of the ones I tried worked reasonably well.

So says the script's own front matter, and it is at least better than nothing.

The smartphone can also be its own WiFi network that beams an IP camera's output to the owner. No way to stop that with this script.

The original link isn't forwarding right from http to https, working link: https://julianoliver.com/output/log_2015-12-18_14-39

That's why you put security cameras on a separate VLAN..

what I was thinking

Why not just scan for cameras and simply tell that there are some cams in the local network?

You can then search for them and simply place some cloth on it? Might be more legal.

> arp-scan -I $NIC --localnet

If the camera runs on a separate network to which you don't have access to, the script wouldn't work.

You're missing the point people! Don't record other people who are renting your house, or tell them you're going doing it. Detecting and disabling a camera on the network (and assuming it's on the same subnet as any wifi you are authorized to use) is ass backwards.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact