Nice idea, but rather risky
Hipsters and selfie addicts beware: infosec man Steve Lord has crafted a tool designed to sever your line of addiction to Instagram by quietly blocking it over public Wi-Fi. The British security bod built the Raspberry Pi Zero-powered "hipster slayer" out of nothing more than off-the-shelf components and "questionable life …
Risky - dunno.
Half-baked and ineffective as described? Definitely.
If you kill the wifi cleanly and immediately upon DNS lookup it will just switch to cellular. You need to mark "an idiot" by collecting his DNS packets, then wait until he establishes a TCP connection to anywhere (the first connection after the lookup is likely to be instagram or f*book) and only after that kill the WiFi mid-session so it buggers up the TCP connection.
"This can only work in an area with weak cell signals"
So a music festival, then. As described in article. Where the concentration of people in a relatively small area is too big a job for the local cell infrastructure.
Though to be honest in my experience the bigger problem faced at events is battery life. It's quite funny watching half a dozen people fight over the single proprietary apple connector at a charging point and then being given evil looks as you waltz up with your phone with a standard connector and have so many to choose from...
The point being "connection" is a luxury if you can't take the pictures in the first place. So if you really want to annoy people, have exactly one apple connector at the event and set up a coffee shop nearby to watch the fallout. (I am in no way thinking of Big Feastival 2015 where there was a Lavazza stall that had done exactly this, honest)
or alternately he's a freedom fighter, depends on your viewpoint, and the circumstances.
Warning - Contains gross simplifications
Adult = A freedom fighter for traditional family values.
Child = Terrorist disrupting their fun.
I can see a ready market in Schools.
My favourite jape was by the guy who discovered his neighbours were leeching his wi-fi connection, so he redirected their traffic via a proxy that turned all the images upside down.
I setup one of these once but directed any page requests to the local Apache server and Rick Rolled them... Great fun watching the kids going from the school bus stop in the afternoon looking for Wi-Fi.
Fun idea but ...
You would be getting into legally questionable territory with spoofing. Right now the device just makes a polite request to the WiFi connected mobile/laptop/tablet to "get lost", its up to the connected device to preform the actual disconnect.
By spoofing a web site or redirecting the connection you get into legal areas covered by cyber security laws, unauthorized use of a system, intrusion, and other legal grey areas.
Better to just get a device to drop the connection. No one gets hurt and you can rightfully claim that you have done nothing to intercept or tamper with data on another persons device.
That said I want one of these things. Not sure what I would do with it but I'm sure I would think of something.
"if someone's using your WiFi without permission - which iirc was the purpose of the upside-down-ternet? - then they've committed the unauthorised use and intrusion, not you? THe disconnect thing is cleaner, yes, but you aren't tampering with authorised user's data ....."
Well yes, but that's common sense speaking.
And indeed there might be no harm attributable to someone dealing with unauthorised access this way BUT, I would never do this because it would open a (small) potential legal liability. Not in disrupting someones service but in you potentially being responsible for what those people access and do over your connection.
Consider that a key claim of the plaintiff's in the
MPAA Roadshow vs iiNet case was that iiNet was responsible for any illegal actions of the people using their network because they had the visibility to identify offending traffic and the power to stop it.
If you had a claim against you for, say sharing copyrighted content over you connection, your ability to assert that you are not liable due to the infringement being conducted by an unauthorised person utilising your connection would be likely be hampered if it was shown that you not only had mechanisms in place to control access to the connection but that some of those mechanisms were put in place specifically to detect and affect unauthorised users and traffic.
Maybe you would still be successful in that argument but I would think it would be a much harder sell!
I think this is about using such a device in a place like a public library where the wi-fi is not encrypted. So the signal from your box is being mistaken from the signal from the library's wi-fi system that you're connected to.
The solution is, of course, to switch to encrypting the wi-fi, and just arrange in a different way for everyone to be able to use it.
If you are 'adjusting the connection speed', on what basis are you doing so? The point is that to do anything to access you classify as unauthorised, you must first identify what that is. And if you have done that and can then affect it, you could also block it and a plaintiff (i.e. the RIAA/MPAA) may well argue that you have proven that you could have blocked the traffic and thus prevented anyone else using your connection for illegal activities. BUT YOU DIDN'T.
I think that concept - that you should be responsible for what others do through your connection - is f%$king absurd but that doesn't mean that it wouldn't see you in a harrowing legal battle to prove that. You would probably win the case but proving that you at least had the capability and technical knowledge to block the traffic would make such a case far more likely to pass muster.
Would it be possible to spoof a connection and deliver a mocked up error page saying "Get a life" or something like that?
Something like a 404.1 - Life not found.
Most likely causes:
There is an error in your brain.
If you clicked a link, you may be out of date.
Things you can try:
Cutting off that silly beard.
Going outside without your phone to search for one.
Or a proxy replacing the uploaded photo or video with another?
Better yet, adapt the idea of upside-down-ternet, and use ImageMagick to mess with the photo that's being uploaded. You could do something obvious, like overlay it with amusing text; something subtle, like a mild Gaussian blur ("Man, all my selfies from the festival are crap! I need a new phone."), or something in the middle - like UDT's flipping the image upside down ("How wasted were you? You were holding the phone upside down the whole time.")
Oh, the possibilities. Overlay part of the image with an extreme closeup of a fingertip. Mess with the gamma. If you really want to spend some computing power, do face-identification, then swap faces on the people. (This last is doable - I've seen automated face-swapping done on images. Results are hilarious.)
I have to stop thinking about this. It's too damn tempting.
Though, now that I think about it, I don't know whether any of the clients for these services can be coaxed into downgrading to insecure connections, or into accepting server certificates they shouldn't. So MITMing them might not be feasible. (UDT only worked with unsecured HTTP, which was fine because nearly everything that wasn't commerce or banking was unsecured in those days.)
You will destroy life as we know it!
I want one too.
Most of the management droids at my company use wartsapp and complain constantly because I'm not a 'Team Player' and they have to use other means to contact me with their meaningless little notices, the HR bloke being one of the most irritating and least useful.
I am in a team of one, perfect for me.
Just be a refusenik and say NO to all anti-social media sites.
Block them at your home router. The family when they come visiting will stay a lot less time... Yay!
Your life will be a lot less stressful because you aren't constantly checking to see what your so called friends are saying about you... How we existed before Facebook etc I really don't know.
These sites are just as addictive (IMHO) as drugs. People once hooked find it almost impossible to get off them.
That's why they are blocked on my home WiFi.
Refuseniks Rule Ok!
"That's why they are blocked on my home WiFi."
It's your WiFi and you're obviously free to block whatever you want. Stopping other people visiting sites that they want to does sound a bit like control freakery though. So you're stopping your wife/girlfriend/boyfriend and or children (if you have any of them) visiting sites that you don't like. When other people are using your WiFi then you are to a certain degree being their 'ISP by proxy'. Wouldn't you moan if your ISP blocked access to sites you wanted to go to?
When other people are using your WiFi then you are to a certain degree being their 'ISP by proxy'.
My router, my rules. Also applies to ad networks trying to route packets in.
If people are paying for connectivity, they can expect sites to be blocked or not according to their wishes. If they don't, tough shit.
Imagine how productive could humans beings be without those two time wasters.
I doubt there'd be a significant difference. The historical record shows that human ingenuity is virtually unlimited when it comes to wasting time.
Not that this forum is any sort of evidence for that thesis, of course. We're doing important work here. Important work.
"In this case it's Instagram, things like political Islam, men's wedges, and rugby."
I have to admit that on my mental Venn diagram of social media users, politicised Islamists and rugby players, there's not a huge amount of overlap.
Hipsters/Islamists... other than epic beards, do they have much in common?
Is Daesh going for the "we were cutting peoples' heads off and throwing gays off buildings before it was cool" excuse?
"I have to admit that on my mental Venn diagram of social media users, politicised Islamists and rugby players, there's not a huge amount of overlap."
Are you sure about that? Rugby players, yes, but ISIS and Daesh are huge users of social media for recruitment to their causes, so much so that the Pentagon thinks it's a big enough problem to oppose with counter-propaganda.
There's quite a bit of overlap there, and the potential of this device to thwart those efforts cannot be understated!
I would say the chap who invented this thing is likely to get a visit from some men in black suits and dark sunglasses pretty soonish...
> after 15 years of wrecking the middle east
> daesh (which happens to be the same as ISIS btw) in need of ideological recruitment
The Pentagon ALWAYS thinks that there are huge problems that need to be opposed with counter-propaganda which is somewhere between annoying (complete amurrica-centric bullshit being foisted on unsupecting locals) and frankly toxic (enabling nasty nazi bastards and/or pretending to see
sovietsPUTIN wherever unamericanism mushrooms), thus becoming a huge fucking problem for mankind.
This is the same (basic) activity that got a major hotel chain in the US in trouble. They were sending deauth packets to personal hotpots and it get them a hefty fine from the FCC. Part of the problem was that they were turning around and trying to *sell* the same people access to the hotel WiFi.
Interesting choice of hardware, though. The Pi0 has be out for less than a week.
While that's true, they were in a fixed location and had complaints. If you have one of these devices in your pocket and trigger it randomly, you probably won't get caught. I'm sure the manager at the local Starbucks will just assume there's some problem with the Wifi or the customer's equipment.
Didn't some US hotel get on the wrong side of the FCC for pretty much doing this? They were sending deauth packets to anything trying to use a mobile hotspot in the hotel in an attempt to encourage everyone to pay to use the hotel WiFi instead. All this guy has done is slimmed it down and made it more selective about what it attacks.
The hotel chain was trying to force users to connect via their expensive hotel connection.
This is not doing that by a long chalk. I'd love one of these in my Backpack. Walk along the road with a 'No social media bubble' surrounding you. Brilliant.
Sigh, one can dream can't one?
They're wedges... for men.
(Which are apparently a kind of footwear that "are making a comeback in 2010s ").
What business is it is of his or any of us how much time someone wants to spend sending pictures of themselves to their mates? That's their problem not yours. Same as it's not my business to find random junkies and try to get them of their poison of choice.
The problem today, too much obsession with other's business. I suggest this self-righteous twat and his gadget find something far more productive to do with his talents than bothering people who aren't bothering him!
"Aren't you ever bothered by a selfie-stick-wielding hipster"
And of course none of those will simply snap that picture(s), connectivity or not, leaving the software to auto-upload it wherever as soon as it gets a connection - which in this case is as soon as they eventually move a few meters away (not something they'll know to do before they actually would have decided to do it anyway)? That did nothing to prevent the action itself you seem to condemn; or is it just five-year-old level "YEAH! I really showed them this time!" vengefulness mixed in with some smug sense of superiority...?
The problem today, too much obsession with other's business.
No, the real problem today is too much complaining on the Internet. I'm so tired of people posting messages in site forums just to say this or that is "the problem today", or to pick nits in one another's statements.
Incidentally, you want "others'" there - apostrophe after the "s".
Err you seem to have missed the real implications of what this guy has done, namely used the inherent connection management features of 802.11 and TCP/IP in a way that demonstrates just how insecure they are.
The laugh (at the zealots expense) is that IPv6 will make little real difference to the success of this style of attack.
relatively simply combine this principle with a hostlist or two from one of the better adblockers, so that every time someone's device (on the open WLAN) accessed a hostname associated with serving ads, the device fall off the WiFi?
Christmas is coming. Go on. You know the world needs it.
That's backwards - the adverts are pushed to you, so you'd block the whole Internet, pretty much, as everything serves ads. A deauth on that simply knocks everyone local offline, even those with adblockers.
Meanwhile, the Web server(s) sending ads won't care one dot.
"That's backwards - the adverts are pushed to you, so you'd block the whole Internet, pretty much, as everything serves ads."
Depends. If the goal is to remind people of the Web as it was before the advertisers took it over... surely there are still two or three ad-free sites around?
In the 1960s the equivalent problem was people in public places such as beaches with transistor radios. There were also companies that sold untested or dropout electronic components dirt cheap.
It was easily possible with no more than a couple of transistors, a few resistors, a bit of ferrite rod, a small capacitor or three and a battery, to make a simple wobbulator that took out the usual offending bit of medium wave in a radius of maybe 20M. This in an old crisp packet tucked under a rock or in a bush would cause approaching offenders to fiddle with the radio and eventually move to somewhere where there was a "better signal". If recovery was not possible at the end of the stay, it could be written off. Of course in those days there were no conferences where you could present "proof of concept" for stuff like this.
Not of course that I or anyone I knew would ever have done such a thing.
Man, remember when you'd go to a festival and half the attendees would have easel and canvas out, painting their self-portraits? That was annoying.
Or you'd be sitting around the hall, listening to the bard, and half the guys were composing their own epics instead of paying attention.
Biting the hand that feeds IT © 1998–2021