War Kitteh hunts out your unsecured Wi-Fi

Filed Under: Privacy, Featured, Security threats

Image of random siamese cat courtesy of ShutterstockFor 3 hours last month, a Siamese cat named Coco stalked a suburban neighborhood.

The mighty Coco's hunting was fruitful that day. The inventory of what he dragged home:

  • 1 mouse carcass. Status: gifted to owner, Nancy
  • 23 unique Wi-Fi hotspots
  • 4 routers using WEP. Status: easily cracked, given how creaky the antiquated form of encryption is
  • 4 routers completely unprotected, no password required

Just like Sophos's James Lyne did on his warbiking escapade earlier this year, Coco was able to map data about unsecure Wi-Fi as he prowled the neighbors' back yards because he'd been strapped with a special collar. The analog technology of claws was employed for the mouse capture.

Coco's collar housed an open-source Spark Core chip loaded with a security researcher's custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery - in other words, everything a wardriving cat needs to map all the networks in a neighborhood, including those with easily broken, or nonexistent, protection.

The collar was created by Nancy's granddaughter's husband, Gene Bransfield, a security researcher for Tenacity Solutions.

It was one of two pet projects Bransfield showcased at the DefCon hacking convention in Las Vegas: the wardriving "War Kitteh", and his "Denial of Service Dog".

The DoS Dog was outfitted with a saddlebag that contained the WiFi Pineapple Mark V wireless network hacker tool and the TV-B-Gone kit.

DoS Dog was taken for a walk around town during World Cup matches earlier this summer.

Bransfield used a remote attached to the dog's lead to scan TVs being used in bars along the route and then switch them off.

DoS Dog was just for laughs - a stunt that could have gotten Bransfield in a spot of trouble if he'd been walking down the street in Buenos Aires and dared to turn off World Cup games, he told The Guardian.

If you turn an Argentina World Cup game off you are going to get in trouble...

There's no socially redeeming thing about the dog... that was just trolling. I thought it would be funny so I did it.

He said that people noticing the "Denial of Service Dog" wording on the bag simply assumed it was a police dog.

The War Kitteh project, on the other hand, was meant as a public service: a way to engage the attention of the woefully numerous people who don't give a rat's rump about securing their Wi-Fi networks.

After all, Bransfield told The Guardian, mixing cats into a technical discussion will likely lure less tech-savvy people into paying attention.

An increasingly popular cat-tactic - consider Owen Mundy's recent cat-stalking geolocation privacy project, which shows how easy it is to geolocate cats with the data leaked out from sites like Flickr, Twitpic, and Instagram.

Bransfield gave his DefCon talk a threatening title - "How To Weaponize Your Pets" - but he admits that War Kitteh doesn't illustrate a substantial security threat.

Rather, he told Wired, it was a goofy hack designed to entertain the audience.

But one thing surprised him: the number of WEP-encrypted networks the rigged cat discovered.

WEP is a form of wireless encryption that's considered mere child's play to break.

In the wake of the epic 2008 TJ Maxx breach which involved millions of stolen credit card details, the Payment Card Industry (PCI) Security Standards Council instituted new rules prohibiting the use of WEP in any part of credit-card processing.

The new rules deemed it verboten to use WEP in any part of credit-card processing - for example, sending card data from a store terminal to a server - after 30 June 2010, and they prohibited installation of any new WEP-enabled system after 31 March 2009.

Yet here we are in 2014, and Coco the War Kitteh found WEP-encrypted hot spots speckling the neighborhood like a bunch of fleas, said Bransfield:

My intent was not to show people where to get free Wi-Fi. I put some technology on a cat and let it roam around because the idea amused me. But the result of this cat research was that there were a lot more open and WEP-encrypted hot spots out there than there should be in 2014.

I appreciate the input from Slashdot commenter penguinoid, who noted that there's no pussyfooting around the security implications of WarKitteh:

This, more than ever, proves that security is a cat-and-mouse game. The script kitties will be all over this - they'll milk it for all it's worth.

Seriously, though, War Kitteh should serve as a friendly, furry reminder to lock down our homes' Wi-Fi access points.

Maybe Coco the War Kitteh wouldn't mooch off of somebody's open Wi-Fi or spy on the unsecure connections' users, but other people with less scruples and opposable thumbs have no compunctions about doing so.

Coco, I'm sure, would join Naked Security in inviting you to revisit Wi-Fi network security, whether it's in your own home or at your friend's, or family's, place.

Watch our video, "Busting Wireless Security Myths".

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Image of random siamese cat courtesy of Shutterstock.

, , , , , , , , ,

You might like

4 Responses to War Kitteh hunts out your unsecured Wi-Fi

  1. Magyver · 420 days ago

    Entertaining and enlightening Lisa.

  2. Lisa Vaas · 420 days ago

    Thanks, glad you liked it.

  3. Chris · 420 days ago

    Cutest vulnerability finder ever.

  4. Hugh Dixon · 420 days ago

    isn't this basically James Lyne's job, being done better and funnier, by a household pet? Did you strap James with a special collar? Should you?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.