Forgot your password?
typodupeerror
Google Patents Privacy Software Wireless Networking Your Rights Online

Germany Finds Kismet, Custom Code In Google Car 237

Posted by Soulskill
from the target-hotspot-comes-into-play-tapped dept.
theodp writes "While waiting for a hard disk of Wi-Fi data that Google says its Street View cars gathered by mistake, the Hamburg Information Commissioner's office performed tests on a Google Street View car in a controlled environment with simulated wireless networks and issued the following statement: 'For the Wi-Fi coverage in the Street View cars, both the free software Kismet, and a Google-specific program were used. The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.' Interestingly, a 2008 academic paper — Drive-by Localization of Roadside WiFi Networks (PDF) — describes a similar setup, and its authors discuss how they 'modified Kismet, a popular wireless packet sniffer, to optionally capture all packets received on the raw virtual interface.' Computerworld reports that lawyers in a class-action suit have amended their complaint to link a Google patent app to Street View data sniffing."
This discussion has been archived. No new comments can be posted.

Germany Finds Kismet, Custom Code In Google Car

Comments Filter:
  • by Dunbal (464142) * on Friday June 04, 2010 @03:29PM (#32462424)

    The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.

          No. It makes it very difficult and tedious and impractical to analyze. It is not, however, impossible.

    • So does this make them the 1st or the 10nd type of person?
    • As long as you know what machine it was written for. Maybe google has their own custom chip to do all this processing.

      Joking aside, I've done assembly decoding. It's definitely not easy but it is possible.

    • Re: (Score:3, Funny)

      That is so 1.

    • We can debate semantics all day. "very tedious and impractical" is effectively the same things as impossible.
      • by idontgno (624372)

        If "tedious and impractical" == "impossible", then I must do about a million impossible things a week at work.

        If "tedious and impractical" == "effectively impossible" to you, I'd have to characterize you as a quitter. Especially if the "effectively impossible" thing is the only way to accomplish something worthwhile, like malware forensics or watchmaking.

    • Actually, from the summary, it seems the big question is whether the Google code is something unique or just a modified version of Kismet and if that's the case, a quick analysis of the binary should provide some insight.

  • WTF (Score:3, Interesting)

    by BitZtream (692029) on Friday June 04, 2010 @03:30PM (#32462456)

    You can be sued for listening to signals bombarding you without your consent?

    Heres an idea ... don't want people to hear your private conversations? STOP SHOUTING IT SO EVERYONE WITHIN 300m or more can hear you!

    Whats next? They'll charge people with treason and throw them into the oven because someone over heard them standing in the middle of Berlin screaming state secrets?

    • Re:WTF (Score:4, Interesting)

      by Hatta (162192) on Friday June 04, 2010 @03:35PM (#32462514) Journal

      You can be sued for listening to signals bombarding you without your consent?

      Old news [securityfocus.com]

    • by Anonymous Coward

      Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued. Ditto with so many governmental wireless traffic. Hell, you cant even photograph someone on the street, esp. cops - see yesterdays posts, without their permission, and you are ok with one entity picking up every signal in every neighbourhood ???

      Common man - use some brains before you just type some crap !

      • by Hatta (162192) on Friday June 04, 2010 @03:45PM (#32462652) Journal

        Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued.

        You should, absolutely. Just as if you were overhearing a walkie talkie. If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.

        • Authoritarian government around the world are nodding in agreement.

        • Why stop at walkie-talkies? Logically, there is some form of microphone/amplifier/signal-processing which can detect any word spoken, even if you are in a tinfoil vault in your basement.

          If your door isn't secure against my axe, is it still wrong for me to go into your house?
        • by westlake (615356)

          You should, absolutely. Just as if you were overhearing a walkie talkie. If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.

          John Smith sees only his wireless home network - not a broadcast.

          His first attempt at networking --- anything.

          Is it really so surprising that he doesn't tamper with the factory defaults?

          But who should be accepting responsibility for these defaults if not the geeks who programmed them?

        • by evilviper (135110)

          If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.

          We tried that, so decryption tech was outlawed, but people around here hate that law with a passion.

          So, you're saying: "If you want privacy on the air-waves, you need to go to great lengths to use theoretically unbreakable encryption. Otherwise, accept that everyone can listen to every word."

          Sufficiently draconian for your taste?

      • Re: (Score:3, Insightful)

        by poetmatt (793785)

        it's one thing to intercept, it's another to decode.

        Neither are impossible, and both are hard to prove unless someone admits it or is caught in the act.

        As was noted, this is broadcasted unencrypted information they obtained. Anyone else could have. Going after google is just going after the easy target.

        • Re: (Score:3, Interesting)

          by Damek (515688)

          Everytime I understand what someone says in French, I'm both intercepting their signal and decoding it.

          What's the difference between one language broadcast in sound waves, and another broadcast in radio waves?

          I'm not sure how I feel about this one way or the other, but it doesn't seem clear cut to me.

          • What's the difference between one language broadcast in sound waves, and another broadcast in radio waves?

            One takes a lot more effort than the other. Our eyes and ears vs a man-made apparatus.

      • You CAN photograph people, even cops. The cops abused their authority and made shit up to say that you can't. They were wrong.
      • by Obfuscant (592200)
        Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued.

        You can. I've done it for years. At least, while analog cell was still running. Never been sued. Even after ECPA.

        Of course, I also never divulged the content of what I heard, so nobody knew I was doing it. I heard some good stuff, too.

    • Heres an idea ... don't want people to hear your private conversations? STOP SHOUTING IT SO EVERYONE WITHIN 300m or more can hear you!

      Tell that to the cable, satellite TV, and cell phone industries.

    • Re: (Score:3, Insightful)

      I know! What next? People whining because their government is installing cameras all over their towns? I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!

      • by BitZtream (692029)

        True.

        I really don't have a problem with it. I also understand that when I'm in public, I'm IN PUBLIC VIEW.

        Its really not hard unless you're an idiot.

        If you don't want people to know you're doing something, do it in the privacy of your own home. Don't get pissed off when someone sees you do something in a public place.

        • Re: (Score:3, Insightful)

          by Dogtanian (588974)

          I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!

          True. I really don't have a problem with it. I also understand that when I'm in public, I'm IN PUBLIC VIEW. Its really not hard unless you're an idiot. If you don't want people to know you're doing something, do it in the privacy of your own home. Don't get pissed off when someone sees you do something in a public place.

          He said filmed, not seen. There's a difference... in fact, there's an absolutely *massive* difference that's really not hard to see "unless you're an idiot".

          In fact, there's a difference between being seen by ordinary people in a public place- as has happened for thousands of years, and which set our expectations of what "in public" means- and what has happened within less than the past generation which means that you may be viewed and recorded remotely.

          I find all these "anything you do in public is fai

    • I think they are very nice and friendly and then they hunt Google spies down [youtube.com].

  • by morphotomy (1655417) on Friday June 04, 2010 @03:35PM (#32462526)
    If I did what google did I could be charged with unauthorized access to a system. Why is there no criminal trial here?
    • by Lunix Nutcase (1092239) on Friday June 04, 2010 @03:38PM (#32462560)

      Because you're not a multinational corporation with $20+ billion in revenue and a whole division of lawyers?

    • by ukyoCE (106879)

      Um, there IS a trial/inquest here. Why do you think Germany is looking at this information? And isn't the US House looking into it as well?

      So as silly as it is, yes there is a trial. And yes, it is equally ridiculous when individuals are criminalized for doing the same thing.

    • by _Sprocket_ (42527)

      Really? You expect to be arrested for running Kismet? What country do you live in?

    • Re: (Score:3, Informative)

      by yyxx (1812612)

      The question of whether passive reception of WLAN packets constitutes "unauthorized access" is legally not settled in the US. Actually, it really isn't legally settled in Germany either, but it is now being settled as part of this anti-Google hysteria.

      From a practical point of you, nothing would happen to you because nobody would ever find out. People have been recording WLAN packets for years and nobody noticed or cared.

  • Tsk tsk (Score:4, Interesting)

    by stevegee58 (1179505) on Friday June 04, 2010 @03:37PM (#32462550) Journal
    They're not being evil now, are they?
    • They're not being evil now, are they?

      It depends - the government should disassemble the code and see if the evil bit is set.

    • Re: (Score:3, Insightful)

      by merreborn (853723)

      They're not being evil now, are they?

      Collecting data isn't (necessarily) evil. Abusing it is.

      For example, google's well known for finding web pages that were intended to be private, but never properly locked down -- phpmyadmin installations, router admin pages with no passwords, etc. [hackersforcharity.org]

      Finding those things isn't evil. Were google to, say, forcibly install software on every unsecured router their crawlers found, *that* would be evil.

      Are they being evil? Maybe. But data collection itself isn't necessarily ev

  • by jeffmeden (135043) on Friday June 04, 2010 @03:38PM (#32462566) Homepage Journal

    I know a little bit about IP geolocation, but when I got an iPod touch and fired it up for the first time on my home network I was *stunned* to see that it pinpointed my location to within one or two houses when using the Google Maps app despite having no GPS and no other identifiable information entered into the device. Maybe they are using this data to drive geolocation based on SSID instead of IP? Can anyone explain how else IP geolocation can be so accurate?

    • Re: (Score:3, Informative)

      To the best of my knowledge, Apple's wi-fi based geolocation is based on Skyhook's offering in the area. [skyhookwireless.com]

      It is quite plausible to assume that Google, since they were already going to the expense of running the cars, figured that they could grab their own geolocation dataset for virtually no additional cost. However, their massive corporate wardrive episode is hardly the first of its kind, as Skyhook's products demonstrate.
    • by Hurricane78 (562437) <deleted.slashdot@org> on Friday June 04, 2010 @03:59PM (#32462882)

      A company named Skyhook Wireless is doing this. They are continuously driving trough whole continents with cars, mapping out wifi routers/stations/etc.
      They are what gives the iPhones/iPods their navigation (they have to real GPS). They are behind Maps Booster which plugs right into the Symbian (Nokia & others) geolocation APIs. (I bought it for 3€, and while it is less exact than GPS here, it also works inside buildings. Plus it makes first-time GPS satellite locking much faster.)

      I wonder how this is different from what Google does, though.

      But I don’t have a problem with SSID logging anyway. I mean, people who rely on SSIDs for security, really are idiots anyway. It’s not worse than knowing an IP. I can’t see where privacy could be a concern here. And I’m extremely strict about my privacy rules.
      I think it’s a good service. Hell, how could I not think that paying 3€ for someone to drive across every street on the continent is a good deal?

      P.S.: No, I’m not affiliated. And I repeat: It’s not very exact here. I am lucky if I get 50m accuracy. While my A-GPS can get down to 3m. (Oh, and if anyone of you know a service that requires no further hardware, and can get down below 50 cm [ideally below 10cm], please contact me! :)

      • by radish (98371)

        The original iPhone didn't have GPS, all the more recent models do have.

        • Ah, OK. Thank you for clarifying that. :)

          • by AHuxley (892839)
            Re "I wonder how this is different from what Google does, though." Mapping was legally ok, wifi mapping was legally ?.
            Keeping data was not ok and Google knew that and talked about not keeping any data while doing its wifi collection.
    • For your case, its WiFi location not IP. IP gets you to within a 'region' generally. Where region is an arbitrary sized area defined by how much effort was put into SWIPping your IP address range.

      For most cable modem subscribers in a large city, the IP range will get you to within the range of the city.

      In my case, it gets you to within range of two states as thats as far as TWC goes at this point with my current IP block.

      IP based location is only as good as the admins and systems that manage the address

  • Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.

    I don't understand what they were hoping to gain from this information?

    According to our research, 72.438% of people don't secure their wireless.

    According to our research, (I'm assuming they got mac addresses too, right?) 83.4% of all wireless consumer routers in Germany are Linksys routers.

    WTF does that have ANYTHING AT ALL to do with mapping

    • by 0100010001010011 (652467) on Friday June 04, 2010 @03:49PM (#32462722)

      Google location API. Doesn't matter if the network is secure or not.

      "Hey I found AA:BB:CC:DD:EE at this location"

      Person with iPod Touch or other device with wireless only sends to google: "Hey I see access points AA:BB:CC:DD:EE, AA:BB:CC:DD:FF and AA:BB:CC:DD:00" Google goes: "Yea, you're around here".

      Go to google maps [google.com] with a new version of Firefox or Chrome. Click on the button that just has a circle in it. It'll ask for permission to send your location and should show you where you are on the map.

    • Re: (Score:3, Insightful)

      I have no idea what use snippets of unencrypted data from unsecured networks would be. There just isn't much there that isn't either blatantly illegal and/or terrible PR that you can't learn just by having one of the world's larger Ad networks.

      SSIDs, though, make a lot more sense. Wi-fi APs, while by no means completely static, provide an incredibly dense network of individually identifiable radio transmitter nodes. If your receiver knows its location(via GPS fix from a good GPS unit), and knows what APs
    • by Hatta (162192)

      Collecting data on the location of open networks can allow google to pinpoint your location based on what SSIDs are around you. It also will allow you to plan a trip such that an open network is available along the way. Two valid and useful applications of this data.

      Oh, and for the people getting all up in arms because "people are shouting this information freely and anyone can hear it"...that's patently FALSE. There's maybe 1% of the population that has the know-how or the desire to do that.

      If you don't

      • Re: (Score:2, Interesting)

        by Em Emalb (452530)

        If you don't know how to operate your equipment properly, maybe you shouldn't be using it. If you do, don't be surprised when it doesn't behave as you expect.

        I personally DO know how to operate my equipment properly. I am not up in arms over this because it affects me personally, but because people who don't know any better.

        As I said in an earlier post, my wifi is secured and hidden. Does that mean someone couldn't sniff the traffic coming from it and decrypt it? Of course not. Would it make it harder t

      • by mzs (595629)

        I had to comment, I clicked on redundant when I wanted to click on insightful. I am sorry, I wish we still had to click a moderate button at the very end for a page. This should remove the bad moderation.

    • Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.

      Than you are a fool who doesn't know how these things work and why anyone would do anything.

      WTF does that have ANYTHING AT ALL to do with mapping streets?

      Essentially, providing street view (the car's original purpose) has nothing to do with mapping streets either. The maps were already there. They've been there for a while. Going around and taking a snapshot every 3 houses doesn't help the map be a map any better. I don't understand why you are having problems understanding that what they were doing has little to nothing to do with the map part of the map.

      Street view

    • Each person is responsible for they way that they use, configure, or fail to maintain equipment that is in there domain and control. Ignorance is no excuse.

      If I take a backhoe and cut a water/sewer/phone/fiber line in my yard, the utility company is not going to say 'oh, that's ok, you just didn't know how to use the equipment...' Fuck no, they are going to hold me liable, and any court challenge will go their way.

      In addition to liability for actions there is also liability for the failure to act. If I
      • Re: (Score:2, Insightful)

        by Em Emalb (452530)

        How is not securing your wireless indicative of not being able to "operate" machinery properly?

        If I leave my front door open and you steal from me, that doesn't mean you're not a thief does it?

        • If your wireless is open and you don't want it to be, you're not operating your equipment 'properly' (from your own perspective) and hoping that you can go after anybody who uses the open system by defending your own ignorance. Not a sound strategy. A deliberately open system is not distinguishable from an accidentally open system unless the network is called "PLEASE USE ME".

          I dealt with this in a very long post here [slashdot.org]. Granted, this is based on a 'using a neighbor's wireless' scenario, but I think it sti
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.

      Its called making a map. You travel around, and note features and details. SSIDs are a mapable feature. Knowing that SSID xyz is visible from 123 anystreet and from 125 anystreet, but fades out by the time you reach 127 anystreet helps you to define a location.

      I don't understand what they were hoping to gain from this information?

      As some others have mentioned previously, by correlating physical locations with visible SSIDs they gain the ability to provide maps and directions to people using devices with WiFi instead of GPS.

      According to our research, 72.438% of people don't secure their wireless.

      According to our research, (I'm assuming they got mac addresses too, right?) 83.4% of all wireless consumer routers in Germany are Linksys routers.

      WTF does that have ANYTHING AT ALL to do with mapping streets?

      It has nothing to do with anything... its just a su

  • by DontLickJesus (1141027) on Friday June 04, 2010 @03:41PM (#32462604) Homepage Journal
    There isn't anything inherently illegal about what they did, unfortunately. Encrypt your networks folks. However, being a professional user of the Kismet application I would contend that using Kismet shows that all the data collection was far from "accidental".
    • Re: (Score:3, Insightful)

      by DeadCatX2 (950953)

      I dunno...maybe if it was aircrack or even wireshark, I would be worried, but I don't see the big deal about Kismet. After all, they were looking for SSIDs/MACs.

      I still don't see the big deal about this. If someone photographed you standing in front of your living room window, would you scream "invasion of privacy!!!!!!111eleven" or would you just close the blinds?

      Even better analogy...if someone aimed a camcorder out of their window and drove past while aiming it around and saw you for a couple of second

    • Re: (Score:3, Interesting)

      by Mr. Freeman (933986)
      What do you mean "unfortunately". It's almost as though you think that having a law against it will stop EVERYONE from intercepting your data. You DO realize that criminals will still analyze your data, right?

      And no, using kismet does not show that the data collection was intentional. There are many uses for any network monitoring tool, even those tools that CAN capture lots and lots of data.
    • Re: (Score:3, Insightful)

      I agree. Google looks really a lot worse in my eyes not because they picked up some packets, but because they lied about their intent to pick up some packets. It's very Clintonesque. I could care less if Billy C. got some action from an intern, but it was the lying about it that made it heinous.

      If you're caught, just admit it. Looking bad in the eyes of some dumb luddites is not worse than looking like a sleazy liar to absolutely everybody.
      • by evilviper (135110)

        It's very Clintonesque. I could care less if Billy C. got some action from an intern, but it was the lying about it that made it heinous.

        If you're caught, just admit it.

        You know, if Clinton followed your advice, he never would have been elected in the first place. There was a scandal about him having an affair before he was elected. His lying was effective enough that most people didn't believe it, and voted for him.

        As always, the only thing he did wrong was to get caught. Honestly, who keeps a soiled dre

    • by _Sprocket_ (42527)

      The case of it being "accidental" could depend on their intentions. Was Google interested in the data they sniffed in itself or is it a byproduct of the network mapping they were doing. I used to run Kismet on my drives home every day from work just to see what SIDs I find along my route. By default, Kismet was dumping those packets to disk. Once in awhile, I'd go back and dump those files and clean up. I shuffled quite a bit of data that I never looked at and I wouldn't be surprised if Google wasn't t

      • Re: (Score:3, Insightful)

        by TapeCutter (624760) *
        "The case of it being "accidental" could depend on their intentions."

        DBA #1 : "What fields do they want?"
        DBA #2 : "You'll never know until the projects over, give them everything and let them work it out."
  • by eldavojohn (898314) * <eldavojohn.gmail@com> on Friday June 04, 2010 @03:55PM (#32462812) Journal
    For what it's worth Google claims that patent is totally unrelated [computerworld.com] and they're also trying to find someone they can pin this on so their multinational company doesn't take any of the heat. Remember, it's just one engineer behind this and once we find Scapegoaty McSeverancePackage this can all be put behind us and you can rest assured that Google is back to Do No Evil status. Ha.
  • Kismet (Score:4, Funny)

    by Itninja (937614) on Friday June 04, 2010 @04:12PM (#32463072) Homepage
    I guess it was just destiny for this to happen.
  • The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.

    He went on to add, "and our binary-only DRM scheme is unbreakable, since we don't release the source code, mwahahaha!"

I'd rather just believe that it's done by little elves running around.

Working...