Germany Finds Kismet, Custom Code In Google Car 237
theodp writes "While waiting for a hard disk of Wi-Fi data that Google says its Street View cars gathered by mistake, the Hamburg Information Commissioner's office performed tests on a Google Street View car in a controlled environment with simulated wireless networks and issued the following statement: 'For the Wi-Fi coverage in the Street View cars, both the free software Kismet, and a Google-specific program were used. The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.' Interestingly, a 2008 academic paper — Drive-by Localization of Roadside WiFi Networks (PDF) — describes a similar setup, and its authors discuss how they 'modified Kismet, a popular wireless packet sniffer, to optionally capture all packets received on the raw virtual interface.' Computerworld reports that lawyers in a class-action suit have amended their complaint to link a Google patent app to Street View data sniffing."
So how can the computer do it then? (Score:5, Insightful)
The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.
No. It makes it very difficult and tedious and impractical to analyze. It is not, however, impossible.
Re: (Score:3, Funny)
Re: (Score:3, Funny)
zero-one, please.... all you little endian people who count the wrong way around...
Re: (Score:2, Interesting)
Not to rain on your parade, but 01 is the little endian binary encoding of 2. Little endian means least significant byte (or in this case, bit) first, which is the 0.
Re: (Score:2, Informative)
Yes, I know that. Hence the joke 01 (zero one), which is the big endian encoding of 2. However humor does not transmit well over the internet, apparently.
Re: (Score:3, Informative)
Huh? 01 in little or big endian encoding is the encoding for decimal 1, not 2. In either encoding, 2 is encoded as 10. We haven't had reverse-bit-order CPUs in decades. Endianness defines the order of bytes, not the order of bits within a byte.
In big endian notation, 1 can be encoded in a 16-bit value as 00000000 00000001, whereas in little endian notation, it would be encoded as 00000001 00000000. Big endian notation is the order that we naturally use for mathematics. Little endian only makes sense i
Re: (Score:2)
As a mathematician, I find big endian to make no sense whatever.
Little endian is how bits in a byte work, brings uniformity, and allows me to do interesting conversions / extended arithmetic using that uniformity.
Big endian allows, in one particular way, byte order as stored in a computer to reflect "how some humans read". Big enders might as well argue for EBCDIC.
Were we only houhynhyms...
Re: (Score:2)
Also BCD! The E and IC just slipped in there on the endians, I swear. Dunno what's wrong with me today.
Re: (Score:3, Informative)
Little Endianess came about because mainframe designers wanted to extend their architecture to multiple bytes per word in a backwards compatible way. Intel copied the architecture for its 8088 CPU (in fact I think that the 4004 and 8008 might have been based on them too, at least at the instruction set level) and eventually also the 16 bit stuff.
IMHO x86 is the perfect example of an inferior product that came to dominate the market anyway. For 15+ years now CPUs have not executed x86 code directly but rathe
Re: (Score:2)
all you little endian people who count the wrong way around...
Do you write the current year as 0102?
Re: (Score:2)
Re: (Score:3, Funny)
Do you write the current year as 0102?
I prefer 0x0A14.
Re: (Score:3, Funny)
If you're going to be anal, at least know what the F you're talking about.
What does 15 have to do with it?
Re: (Score:2)
Tenth/10th/1010th/12th/Ath (Twelfth... Eighth? What are you saying?)
Re: (Score:2)
As long as you know what machine it was written for. Maybe google has their own custom chip to do all this processing.
Joking aside, I've done assembly decoding. It's definitely not easy but it is possible.
Re: (Score:3, Funny)
That is so 1.
Re: (Score:2)
Re: (Score:2)
If "tedious and impractical" == "impossible", then I must do about a million impossible things a week at work.
If "tedious and impractical" == "effectively impossible" to you, I'd have to characterize you as a quitter. Especially if the "effectively impossible" thing is the only way to accomplish something worthwhile, like malware forensics or watchmaking.
Re: (Score:2)
Actually, from the summary, it seems the big question is whether the Google code is something unique or just a modified version of Kismet and if that's the case, a quick analysis of the binary should provide some insight.
Re: (Score:2)
For the naive among us, allow me to assure you this is nothing more than a smokescreen for the government to get the data and use it against its citizens. Furthermore, judging from my last trip to the old continent, the last thing Europeans need to be worried about is Google checking in on them, as their governments have that very much on lock.
The Germans prefer brute force solutions to such problems. [youtube.com] A German minister for instance recently threatened Facebook to delete her profile!
Re: (Score:2)
I'd be surprised if that was their major market, though I've used them for that purpose (For The Record, before the DMCA took effect). All the tools I used were intended for software development/debugging.
WTF (Score:3, Interesting)
You can be sued for listening to signals bombarding you without your consent?
Heres an idea ... don't want people to hear your private conversations? STOP SHOUTING IT SO EVERYONE WITHIN 300m or more can hear you!
Whats next? They'll charge people with treason and throw them into the oven because someone over heard them standing in the middle of Berlin screaming state secrets?
Re:WTF (Score:4, Interesting)
You can be sued for listening to signals bombarding you without your consent?
Old news [securityfocus.com]
Wow brainy argument! (Score:2, Insightful)
Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued. Ditto with so many governmental wireless traffic. Hell, you cant even photograph someone on the street, esp. cops - see yesterdays posts, without their permission, and you are ok with one entity picking up every signal in every neighbourhood ???
Common man - use some brains before you just type some crap !
Re:Wow brainy argument! (Score:5, Interesting)
Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued.
You should, absolutely. Just as if you were overhearing a walkie talkie. If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.
Re: (Score:2)
Authoritarian government around the world are nodding in agreement.
Re: (Score:2)
No they aren't. In fact, many of them RESTRICT encryption schemes that people can use.
Re: (Score:2)
If your door isn't secure against my axe, is it still wrong for me to go into your house?
Re: (Score:3, Insightful)
If you can't see that it is the same concept, then the conversation needs to continue. Property lines are an arbitrary invention of society restricting freedom of snooping - the same framework of norms and expectations we apply to geography can be applied to any terrain/medium, including airwaves.
Re: (Score:2)
You should, absolutely. Just as if you were overhearing a walkie talkie. If you don't want it heard by the public, don't broadcast it. If you need to broadcast it, encrypt it.
John Smith sees only his wireless home network - not a broadcast.
His first attempt at networking --- anything.
Is it really so surprising that he doesn't tamper with the factory defaults?
But who should be accepting responsibility for these defaults if not the geeks who programmed them?
Re: (Score:2)
We tried that, so decryption tech was outlawed, but people around here hate that law with a passion.
So, you're saying: "If you want privacy on the air-waves, you need to go to great lengths to use theoretically unbreakable encryption. Otherwise, accept that everyone can listen to every word."
Sufficiently draconian for your taste?
Re: (Score:3, Interesting)
And by the same logic, if you don't want to be mugged on the street you should stay at home.
They are broadcasting this information either through ignorance or by their own will, they are making this information available to the public. So to bring the use of theft as a comparison back to relevancy, the question I have to ask you is this:
If someone is throwing money out of their window onto a public sidewalk, do you feel the public the right to take that money?
If someone did take the money, do you think it would be fair to charge them with theft?
Finally, have you ever found money in the street and
Re: (Score:2)
The wonderful thing about the law is your data is protected on any network, at any level of encryption and using any base station you like.
Be lol if you had to buy a MS v2.3.1 or better or Apple v2 or Cisco
don't be such an idiot (Score:3, Insightful)
The wonderful thing about the law is your data is protected on any network, at any level of encryption and using any base station you like.
You are totally naive if you think your data is protected because some data protection czar makes a name for himself going after an American company. Going after Google isn't going to protect your data one bit. The only reason Google is playing along with this charade is because they really are a legitimate business and the data really is of no value to them. The peop
Re: (Score:2)
No, by that same logic FSM kills a Nazi kitten every time you install NetBSD on an iPad.
Sorry, what were we talking about, again?
Re: (Score:3, Insightful)
it's one thing to intercept, it's another to decode.
Neither are impossible, and both are hard to prove unless someone admits it or is caught in the act.
As was noted, this is broadcasted unencrypted information they obtained. Anyone else could have. Going after google is just going after the easy target.
Re: (Score:3, Interesting)
Everytime I understand what someone says in French, I'm both intercepting their signal and decoding it.
What's the difference between one language broadcast in sound waves, and another broadcast in radio waves?
I'm not sure how I feel about this one way or the other, but it doesn't seem clear cut to me.
Re: (Score:2)
Re: (Score:2)
My eyes and ears are also man-made. My creators were drunk though at the time.
Re: (Score:2)
Re: (Score:2)
You can. I've done it for years. At least, while analog cell was still running. Never been sued. Even after ECPA.
Of course, I also never divulged the content of what I heard, so nobody knew I was doing it. I heard some good stuff, too.
Re: (Score:2)
Heres an idea ... don't want people to hear your private conversations? STOP SHOUTING IT SO EVERYONE WITHIN 300m or more can hear you!
Tell that to the cable, satellite TV, and cell phone industries.
Re: (Score:3, Insightful)
I know! What next? People whining because their government is installing cameras all over their towns? I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!
Re: (Score:2)
True.
I really don't have a problem with it. I also understand that when I'm in public, I'm IN PUBLIC VIEW.
Its really not hard unless you're an idiot.
If you don't want people to know you're doing something, do it in the privacy of your own home. Don't get pissed off when someone sees you do something in a public place.
Re: (Score:3, Insightful)
I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!
True. I really don't have a problem with it. I also understand that when I'm in public, I'm IN PUBLIC VIEW. Its really not hard unless you're an idiot. If you don't want people to know you're doing something, do it in the privacy of your own home. Don't get pissed off when someone sees you do something in a public place.
He said filmed, not seen. There's a difference... in fact, there's an absolutely *massive* difference that's really not hard to see "unless you're an idiot".
In fact, there's a difference between being seen by ordinary people in a public place- as has happened for thousands of years, and which set our expectations of what "in public" means- and what has happened within less than the past generation which means that you may be viewed and recorded remotely.
I find all these "anything you do in public is fai
Re: (Score:2)
I think they are very nice and friendly and then they hunt Google spies down [youtube.com].
If I did what google did... (Score:5, Interesting)
Re:If I did what google did... (Score:4, Insightful)
Because you're not a multinational corporation with $20+ billion in revenue and a whole division of lawyers?
Re: (Score:2)
Well, someone who was recorded illegally just has to file a criminal complaint. And against a German criminal investigation helps no revenue and a whole division of lawyers.
1. File Complaint
2. ???
3. Google done
That is the good old German state attorney divisions [youtube.com].
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Um, there IS a trial/inquest here. Why do you think Germany is looking at this information? And isn't the US House looking into it as well?
So as silly as it is, yes there is a trial. And yes, it is equally ridiculous when individuals are criminalized for doing the same thing.
Re: (Score:2)
Really? You expect to be arrested for running Kismet? What country do you live in?
Re: (Score:3, Informative)
The question of whether passive reception of WLAN packets constitutes "unauthorized access" is legally not settled in the US. Actually, it really isn't legally settled in Germany either, but it is now being settled as part of this anti-Google hysteria.
From a practical point of you, nothing would happen to you because nobody would ever find out. People have been recording WLAN packets for years and nobody noticed or cared.
Re: (Score:2)
If you did what google did, nobody would care.
You mean if you had a massive fleet of cars that recorded almost complete sets of photos every few metres in every single street in several countries, and you had (likely) numerous terabytes of many, many people's wireless transmissions....? Oh, sorry, you meant
Heck, you can walk around with a camera all you want and take snapshots of everything you feel like... licenseplates, folks dressing, whatever you like.
So that's not actually doing what Google did because Google did it in a much larger scale and that's what makes it an issue.
This is one of those stupid pedantic arguments, that fails (quite deliberately) to acknowledge- or possibly even to realise-
Re: (Score:2)
But even the US has some powerful and creative hacking laws to protect all of its networks from UFO hunters or skilled teens.
Most parts of the world faced what Google did in the 1970-80's and got updating their laws.
Thats what makes this so interesting. Google kept data from networks that are in no way connected to Google.
Google stonewalled around the world releasing some soothing PR statements.
If the US gov walks a
Tsk tsk (Score:4, Interesting)
Now we can find out once and for all ... (Score:3, Funny)
It depends - the government should disassemble the code and see if the evil bit is set.
Re: (Score:3, Insightful)
Collecting data isn't (necessarily) evil. Abusing it is.
For example, google's well known for finding web pages that were intended to be private, but never properly locked down -- phpmyadmin installations, router admin pages with no passwords, etc. [hackersforcharity.org]
Finding those things isn't evil. Were google to, say, forcibly install software on every unsecured router their crawlers found, *that* would be evil.
Are they being evil? Maybe. But data collection itself isn't necessarily ev
Is this how they can do wifi location detection? (Score:5, Interesting)
I know a little bit about IP geolocation, but when I got an iPod touch and fired it up for the first time on my home network I was *stunned* to see that it pinpointed my location to within one or two houses when using the Google Maps app despite having no GPS and no other identifiable information entered into the device. Maybe they are using this data to drive geolocation based on SSID instead of IP? Can anyone explain how else IP geolocation can be so accurate?
Re: (Score:3, Informative)
It is quite plausible to assume that Google, since they were already going to the expense of running the cars, figured that they could grab their own geolocation dataset for virtually no additional cost. However, their massive corporate wardrive episode is hardly the first of its kind, as Skyhook's products demonstrate.
Re: (Score:2)
Re:Is this how they can do wifi location detection (Score:5, Informative)
A company named Skyhook Wireless is doing this. They are continuously driving trough whole continents with cars, mapping out wifi routers/stations/etc.
They are what gives the iPhones/iPods their navigation (they have to real GPS). They are behind Maps Booster which plugs right into the Symbian (Nokia & others) geolocation APIs. (I bought it for 3€, and while it is less exact than GPS here, it also works inside buildings. Plus it makes first-time GPS satellite locking much faster.)
I wonder how this is different from what Google does, though.
But I don’t have a problem with SSID logging anyway. I mean, people who rely on SSIDs for security, really are idiots anyway. It’s not worse than knowing an IP. I can’t see where privacy could be a concern here. And I’m extremely strict about my privacy rules.
I think it’s a good service. Hell, how could I not think that paying 3€ for someone to drive across every street on the continent is a good deal?
P.S.: No, I’m not affiliated. And I repeat: It’s not very exact here. I am lucky if I get 50m accuracy. While my A-GPS can get down to 3m. (Oh, and if anyone of you know a service that requires no further hardware, and can get down below 50 cm [ideally below 10cm], please contact me! :)
Re: (Score:2)
The original iPhone didn't have GPS, all the more recent models do have.
Re: (Score:2)
Ah, OK. Thank you for clarifying that. :)
Re: (Score:2)
Keeping data was not ok and Google knew that and talked about not keeping any data while doing its wifi collection.
Re:Is this how they can do wifi location detection (Score:2)
For your case, its WiFi location not IP. IP gets you to within a 'region' generally. Where region is an arbitrary sized area defined by how much effort was put into SWIPping your IP address range.
For most cable modem subscribers in a large city, the IP range will get you to within the range of the city.
In my case, it gets you to within range of two states as thats as far as TWC goes at this point with my current IP block.
IP based location is only as good as the admins and systems that manage the address
Re: (Score:2)
They were using both SSID and MAC addresses [computerworld.com] collected from street view to enhance their location services.
So, when I gave my old WiFi router to a friend on the other side of town, it messed with their accuracy a bit then? I think they've driven by my house about once in the past 4 years as far as I can tell from the StreetView photos.
Re: (Score:3, Interesting)
I'm not sure how google does it but the iPod uses skyhook wireless location services. If you read the blurb from their website they tell you about how they use clustering to self heal their location network in between readings, which don't need to happen very often.
I've moved house a few times and taken my routers with me and i've watched the iPod maps app switch between the old location and the new one for a few days depending on how many other networks it can see. After a few days, though, the system has
Re: (Score:2)
If Google screams "they did it too"?.
Google would love the world to swallow the line that "*everyone* is wardriving" but "wardriving" vs data retention and stonewalling about data retention gets legally interesting.
Something I've had a hard time understading... (Score:2, Interesting)
Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.
I don't understand what they were hoping to gain from this information?
According to our research, 72.438% of people don't secure their wireless.
According to our research, (I'm assuming they got mac addresses too, right?) 83.4% of all wireless consumer routers in Germany are Linksys routers.
WTF does that have ANYTHING AT ALL to do with mapping
Re:Something I've had a hard time understading... (Score:5, Informative)
Google location API. Doesn't matter if the network is secure or not.
"Hey I found AA:BB:CC:DD:EE at this location"
Person with iPod Touch or other device with wireless only sends to google: "Hey I see access points AA:BB:CC:DD:EE, AA:BB:CC:DD:FF and AA:BB:CC:DD:00" Google goes: "Yea, you're around here".
Go to google maps [google.com] with a new version of Firefox or Chrome. Click on the button that just has a circle in it. It'll ask for permission to send your location and should show you where you are on the map.
I better learn the turc language (Score:2)
Re: (Score:3, Insightful)
SSIDs, though, make a lot more sense. Wi-fi APs, while by no means completely static, provide an incredibly dense network of individually identifiable radio transmitter nodes. If your receiver knows its location(via GPS fix from a good GPS unit), and knows what APs
Re: (Score:2)
Collecting data on the location of open networks can allow google to pinpoint your location based on what SSIDs are around you. It also will allow you to plan a trip such that an open network is available along the way. Two valid and useful applications of this data.
Oh, and for the people getting all up in arms because "people are shouting this information freely and anyone can hear it"...that's patently FALSE. There's maybe 1% of the population that has the know-how or the desire to do that.
If you don't
Re: (Score:2, Interesting)
If you don't know how to operate your equipment properly, maybe you shouldn't be using it. If you do, don't be surprised when it doesn't behave as you expect.
I personally DO know how to operate my equipment properly. I am not up in arms over this because it affects me personally, but because people who don't know any better.
As I said in an earlier post, my wifi is secured and hidden. Does that mean someone couldn't sniff the traffic coming from it and decrypt it? Of course not. Would it make it harder t
Re: (Score:2)
I had to comment, I clicked on redundant when I wanted to click on insightful. I am sorry, I wish we still had to click a moderate button at the very end for a page. This should remove the bad moderation.
Re: (Score:2)
Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.
Than you are a fool who doesn't know how these things work and why anyone would do anything.
WTF does that have ANYTHING AT ALL to do with mapping streets?
Essentially, providing street view (the car's original purpose) has nothing to do with mapping streets either. The maps were already there. They've been there for a while. Going around and taking a snapshot every 3 houses doesn't help the map be a map any better. I don't understand why you are having problems understanding that what they were doing has little to nothing to do with the map part of the map.
Street view
Re: (Score:2)
If I take a backhoe and cut a water/sewer/phone/fiber line in my yard, the utility company is not going to say 'oh, that's ok, you just didn't know how to use the equipment...' Fuck no, they are going to hold me liable, and any court challenge will go their way.
In addition to liability for actions there is also liability for the failure to act. If I
Re: (Score:2, Insightful)
How is not securing your wireless indicative of not being able to "operate" machinery properly?
If I leave my front door open and you steal from me, that doesn't mean you're not a thief does it?
Re: (Score:2)
I dealt with this in a very long post here [slashdot.org]. Granted, this is based on a 'using a neighbor's wireless' scenario, but I think it sti
Re: (Score:2, Informative)
Something I've had a hard time understanding through all this is WHY they thought it was a good idea to record SSIDs and other information while doing a street mapping.
Its called making a map. You travel around, and note features and details. SSIDs are a mapable feature. Knowing that SSID xyz is visible from 123 anystreet and from 125 anystreet, but fades out by the time you reach 127 anystreet helps you to define a location.
I don't understand what they were hoping to gain from this information?
As some others have mentioned previously, by correlating physical locations with visible SSIDs they gain the ability to provide maps and directions to people using devices with WiFi instead of GPS.
According to our research, 72.438% of people don't secure their wireless.
According to our research, (I'm assuming they got mac addresses too, right?) 83.4% of all wireless consumer routers in Germany are Linksys routers.
WTF does that have ANYTHING AT ALL to do with mapping streets?
It has nothing to do with anything... its just a su
Not really illegal, but wreaks of dishonesty (Score:5, Insightful)
Re: (Score:3, Insightful)
I dunno...maybe if it was aircrack or even wireshark, I would be worried, but I don't see the big deal about Kismet. After all, they were looking for SSIDs/MACs.
I still don't see the big deal about this. If someone photographed you standing in front of your living room window, would you scream "invasion of privacy!!!!!!111eleven" or would you just close the blinds?
Even better analogy...if someone aimed a camcorder out of their window and drove past while aiming it around and saw you for a couple of second
Re: (Score:3, Interesting)
And no, using kismet does not show that the data collection was intentional. There are many uses for any network monitoring tool, even those tools that CAN capture lots and lots of data.
Re: (Score:3, Insightful)
If you're caught, just admit it. Looking bad in the eyes of some dumb luddites is not worse than looking like a sleazy liar to absolutely everybody.
Re: (Score:2)
You know, if Clinton followed your advice, he never would have been elected in the first place. There was a scandal about him having an affair before he was elected. His lying was effective enough that most people didn't believe it, and voted for him.
As always, the only thing he did wrong was to get caught. Honestly, who keeps a soiled dre
Re:Not really illegal, but wreaks of dishonesty (Score:4, Funny)
Re: (Score:2)
The case of it being "accidental" could depend on their intentions. Was Google interested in the data they sniffed in itself or is it a byproduct of the network mapping they were doing. I used to run Kismet on my drives home every day from work just to see what SIDs I find along my route. By default, Kismet was dumping those packets to disk. Once in awhile, I'd go back and dump those files and clean up. I shuffled quite a bit of data that I never looked at and I wouldn't be surprised if Google wasn't t
Re: (Score:3, Insightful)
DBA #1 : "What fields do they want?"
DBA #2 : "You'll never know until the projects over, give them everything and let them work it out."
Google Denies It, Looks for Scapegoat (Score:5, Interesting)
Kismet (Score:4, Funny)
Binary-only makes it imposible to analyze? Ha! (Score:2)
He went on to add, "and our binary-only DRM scheme is unbreakable, since we don't release the source code, mwahahaha!"
Re: (Score:3, Insightful)
This is a posting by theodp. He found a simple RESTful web API to be too complicated. You actually thought he would be able to understand binary?
Re:Inaccurate (Score:4, Insightful)
He found a simple RESTful web API to be too complicated. You actually thought he would be able to understand binary?
And it was a Google RESTful API, as this is a Google binary... so obviously Google would have created it to be so complicated, only Google staffers could understand it!
And the mention of the paper on wireless sniffing? What the fuck does that have to do with Google? Did they sponsor it? No. Did their employees write it? No. Did their employees participate in it? No. But he mentions it just because it re-inforces the conclusion he wants you to draw.
Glenn Beck would be so proud!
So.. when do we call out this idiot as an MS shill?
Re: (Score:2)
So.. when do we call out this idiot as an MS shill?
I'm pretty sure an MS shill isn't going to complain about a lack of source code.
Re: (Score:2)
I believe that the paper was mentioned in reference to Google's patent application.
Re:There are worse intercepts besides a few wifi p (Score:5, Funny)
Yeah seriously. Why does the German government have to be such a bunch of Naz... oh, I see.
Re: (Score:2)
Wouldnt all the back to base monitoring, etc in various applications be a bit more of a concern?
Of course not! It's only a problem when someone other than the government is doing the monitoring, because then it's not in the name of "national security".
Re: (Score:2)
Actually it's funny because the same people who would whine about the government doing nothing different than Google are flailing about because people are equally bothered by Google doing it.