Something slightly off topic, but an important thought none the less. I recently stayed at a friend’s house as they are away on an extended vacation. I cleared the mailbox, put out the bins and made sure the lights were on for a good portion of the night to ward off any burglars who may have been casing the street for potential targets.
When I settled onto the couch to review the news on my laptop however, I discovered that my friend’s WiFi access point had been unplugged from the wall (along with the kettle, toaster and other appliances). That got me to thinking: isn’t that a sure-fire signal to burglars that the home owner is away for an extended period of time?
So here’s the scenario. I’m a technically adept burglar. I sit my laptop on the passenger seat of my car (or van more likely), bust out my WiFi Pineapple and start driving around my target neighbourhood. While driving I’ll note the houses that I think are worthwhile hitting, and after a few loops around the area I’ll have a pretty decent map of the various wireless access points. I can then overlay those on Google Maps and isolate the wireless networks which correlate to the houses I noted were worthy of my attention. I now have my list of targets.
Now the attack comes. Each week I repeat the exercise, driving past the target list and noting whether the WiFi access points are still operating. If I find one that is no longer visible, I make a note of it to do a closer reconnaissance of the property to determine if the owners are away.
This type of criminal intelligence comes with a very low cost of entry, and requires only a moderate level of computing ability. Moreover, I can easily see a market for this type of intelligence; that is, someone with the requisite skills does the technical bit, and sells the target list to local burglars on either a commission or capital basis.
How do you defend against this type of attack? Leave your WiFi on whilst you’re away. Whilst that isn’t a 100% guarantee that you’ll defeat this type of attack (I won’t go into that bit), it’s a good first step.
Pingback: Social Media Evidence Experts | 30DISC – Days 12&13 – WiFi Security Checkup