Everywhere you go, your cell phone is constantly looking for wifi access points. What you might not realize is this: those requests come with a lot of extra data. In particular, they are shouting out all the other wifi access points you’ve been connecting to. This makes it possible for a hacker with a little know-how to make a map of places the device’s owner has been.
So, for example, if a wife were suspicious about her husband, she could check the queries his cell phone was making and see if his past logins square with places she’d expect him to visit (around work and home). Does he have a lot of inexplicable logins in Greenpoint, for example? Because everyone knows there’s only one reason to go to Greenpoint.
It has taken some know-how to listen in on the secrets shouted by mobile phones until recently. The creative agency Branger_Briz collaborated with computational artist Brannon Dorsey to create Probe Kit, software that makes it easy to convince passing mobiles to connect via wifi and maps of other places those devices have connected. The team plans to release the open source software across platforms shortly.
The team first exhibited an installation based on the software at the eMerge Americas Conference in Miami in May. It turned every mobile the passed by into a butterfly, collecting its data and showing it as a beautiful swarm of collected devices (each of which with a map hidden inside). They will show it for the second time at the 14th IEEE International Symposium on Mixed and Augmented Reality in Fukuoka, Japan, starting on September 29.
“We wanted to illustrate how simple it is to collect personal network data and how much can be inferred from that data,” said Branger_Briz Creative Director Nick Briz, in prepared remarks. “It isn’t difficult for institutions with the right tools to collect and leverage much of your personal information.”
The code is up on GitHub now.
Here’s a look at a map generated by one person who passed by a Probe Kit powered hub:
Here’s how it works: your phone only shouts out the IDs of wifi hot spots your phone has logged into. That’s enough, however, to make a map, because Probe Kit checks those IDs against records built up online through a hacker technique called wardriving, a crowd-sourced database of the location of wifi networks.
In order to generate interest in the topic, the team built an eye-catching user interface, where each mobile device that the system “catches” is turned into a virtual butterfly. By clicking on the butterfly, the Probe Kit operator can learn more about their travels. When displayed on a large screen, Probe Kit creates amazing swarms of butterflies, each of which holds somewhat private information about real people who unknowingly interacted with the system.
Here’s a GIF of a mobile getting collected as a new Probe Kit butterfly.
The team is not the first to run a hack in order to make people more conscious about the vulnerability created by our devices’ desperation for wifi. In late 2014, Glenn Wilkinson mounted a wifi spoofer onto a drone, flew it over London and was even able to steal credentials for sites like PayPal and Amazon, without anyone knowing that their device had connected with anything.
By the way, your phone is also constantly shouting out its unique ID to any real or fake cell tower that will listen, as well, making it simple for the government and criminals to track you.
Hackers attempts to dramatize the vulnerabilities of mobile devices don’t seem to be making much difference, however, as long as device makers keep making devices that make sharing our data as easy as possible.