Germany Finds Kismet, Custom Code In Google Car 237
theodp writes "While waiting for a hard disk of Wi-Fi data that Google says its Street View cars gathered by mistake, the Hamburg Information Commissioner's office performed tests on a Google Street View car in a controlled environment with simulated wireless networks and issued the following statement: 'For the Wi-Fi coverage in the Street View cars, both the free software Kismet, and a Google-specific program were used. The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.' Interestingly, a 2008 academic paper — Drive-by Localization of Roadside WiFi Networks (PDF) — describes a similar setup, and its authors discuss how they 'modified Kismet, a popular wireless packet sniffer, to optionally capture all packets received on the raw virtual interface.' Computerworld reports that lawyers in a class-action suit have amended their complaint to link a Google patent app to Street View data sniffing."
WTF (Score:3, Interesting)
You can be sued for listening to signals bombarding you without your consent?
Heres an idea ... don't want people to hear your private conversations? STOP SHOUTING IT SO EVERYONE WITHIN 300m or more can hear you!
Whats next? They'll charge people with treason and throw them into the oven because someone over heard them standing in the middle of Berlin screaming state secrets?
Re:WTF (Score:4, Interesting)
You can be sued for listening to signals bombarding you without your consent?
Old news [securityfocus.com]
If I did what google did... (Score:5, Interesting)
Tsk tsk (Score:4, Interesting)
Is this how they can do wifi location detection? (Score:5, Interesting)
I know a little bit about IP geolocation, but when I got an iPod touch and fired it up for the first time on my home network I was *stunned* to see that it pinpointed my location to within one or two houses when using the Google Maps app despite having no GPS and no other identifiable information entered into the device. Maybe they are using this data to drive geolocation based on SSID instead of IP? Can anyone explain how else IP geolocation can be so accurate?
There are worse intercepts besides a few wifi pkts (Score:1, Interesting)
I still dont understand why the German government has is knickers in a twist over all of this. ISP's look at the traffic moving through them. Some even route a copy to be anylized by a cluster of pcs like with the NSA trunk intercept at AT&T in San Francisco. Whats a few packets (given that the car sampling the wifi is moving) really add up to? Wouldnt all the back to base monitoring, etc in various applications be a bit more of a concern?
Something I've had a hard time understading... (Score:2, Interesting)
Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.
I don't understand what they were hoping to gain from this information?
According to our research, 72.438% of people don't secure their wireless.
According to our research, (I'm assuming they got mac addresses too, right?) 83.4% of all wireless consumer routers in Germany are Linksys routers.
WTF does that have ANYTHING AT ALL to do with mapping streets?
Oh, and for the people getting all up in arms because "people are shouting this information freely and anyone can hear it"...that's patently FALSE. There's maybe 1% of the population that has the know-how or the desire to do that. It is NOT AT ALL event remotely the same as standing in the middle of the street yelling at someone where anyone can hear you. You have no choice but to over hear if you happen to be in the area. You do, however, have a choice in downloading packet-sniffing software and using it on someone's wireless network, unsecured or not.
Re:Wow brainy argument! (Score:5, Interesting)
Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued.
You should, absolutely. Just as if you were overhearing a walkie talkie. If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.
Re:So how can the computer do it then? (Score:2, Interesting)
Not to rain on your parade, but 01 is the little endian binary encoding of 2. Little endian means least significant byte (or in this case, bit) first, which is the 0.
Google Denies It, Looks for Scapegoat (Score:5, Interesting)
Re:Not really illegal, but wreaks of dishonesty (Score:3, Interesting)
And no, using kismet does not show that the data collection was intentional. There are many uses for any network monitoring tool, even those tools that CAN capture lots and lots of data.
Re:Is this how they can do wifi location detection (Score:3, Interesting)
I'm not sure how google does it but the iPod uses skyhook wireless location services. If you read the blurb from their website they tell you about how they use clustering to self heal their location network in between readings, which don't need to happen very often.
I've moved house a few times and taken my routers with me and i've watched the iPod maps app switch between the old location and the new one for a few days depending on how many other networks it can see. After a few days, though, the system has "healed" itself and consistently finds the correct location.
Re:Something I've had a hard time understading... (Score:2, Interesting)
If you don't know how to operate your equipment properly, maybe you shouldn't be using it. If you do, don't be surprised when it doesn't behave as you expect.
I personally DO know how to operate my equipment properly. I am not up in arms over this because it affects me personally, but because people who don't know any better.
As I said in an earlier post, my wifi is secured and hidden. Does that mean someone couldn't sniff the traffic coming from it and decrypt it? Of course not. Would it make it harder to do? Sure.
In your analogy, you're saying that if you connect to a web server and get a response, it's reasonable to assume you have permission to use that web server. Sure. But what if you do port scans and find an obscure port "reserved" for something other than http or https traffic and connect that way? Are you headed down a slippery slope there or is it just fine, even if the owner of the web server didn't intend for you to connect to that port?
(I'm just asking, I really don't have a horse in this race.)
Re:Wow brainy argument! (Score:3, Interesting)
Everytime I understand what someone says in French, I'm both intercepting their signal and decoding it.
What's the difference between one language broadcast in sound waves, and another broadcast in radio waves?
I'm not sure how I feel about this one way or the other, but it doesn't seem clear cut to me.
Re:Wow brainy argument! (Score:3, Interesting)
And by the same logic, if you don't want to be mugged on the street you should stay at home.
They are broadcasting this information either through ignorance or by their own will, they are making this information available to the public. So to bring the use of theft as a comparison back to relevancy, the question I have to ask you is this:
If someone is throwing money out of their window onto a public sidewalk, do you feel the public the right to take that money?
If someone did take the money, do you think it would be fair to charge them with theft?
Finally, have you ever found money in the street and kept it?
To me, it's the difference of finding a credit card on the street and finding cash on the street.
For a Credit Card. This has been authorized for use for specific individual(s) and to use this item, a person must intentionally misrepresent themselves knowing that if they were to present their real identity, they would be denied access. i.e. encrypted wireless communication.
For cash. Something that everyone is authorized to use. I see no problem. i.e. unencrypted wireless communication.