オルタナティブ・ブログ > onebeatの IT 日記 >


Update : Google Collecting User Data with Street View Van・グーグル、町中地図画像撮影車両で地域ユーザーのwifiデータもロギング


2010-05-18 朝 UPDATE : Googleは非パスワードの個人宅wifi通信データも受信し、記録していた事が判明。ドイツと米国では訴訟が始まるらしい。これは大事件です。この情報が国家や秘密警察、政治団体に漏れれば(デジタルデータはネットの生き物、流失の可能性は大きい)非常に危険で、個人の人権消滅につながる。怖い話だけじゃすまない。日本、香港でも傍受されていた模様。このデータはGoogleのクラウド内に今も保管されているのか?誰も知らないと所にアーカイブされているのか?今後の展開を見守る必要があるし、読者もネットでこの事実を広げ、非パスワードWifiや空港等のパスワードの無いアクセスポイントを使う危険性を認識するべき。

wifiこんな車が貴方の町の周りを通ったら、多分貴方の自宅wifiの種類やプロバイダー、速度等がロギングされているだろう。信じられないが先ほど香港のFOX NEWSのテロップに流れた。意図的では無いと言うが。。信じられん。サーチでGUARDIANの記事も見つけた。こちら SSID & MAC ADDRESSを取得しているそうだ。日本では完全にやられていると考えた方が良い。このような情報をもとに今後世界規模のキャリアになる準備をしているのかもしれない。

単なる間違えと説明したgoogleだが、利用の目的があって初めて行う行為のように思う。単純な情報しか取得していないと説明しているが、実はwifiストリーム内容もキャプチャーする事は実に簡単。Wifi ストリームはパスワード無しのルーター、公共ルーターやセキュリティーの弱いルーターは比較的簡単にパケットをsniffer, tracer, analyzerなるソフトで傍受し、エンコードされていないデータの場合、そのまま読む事も出来る。encryption レベルによるが、専門家であれば解読出来る場合もある。Don't be Evilなのに何故? 英語 wiki packet analyzer この理由もあり、空港ラウンジや公共のwifiルーターを私はあまり使わない。毎年開かれるAppleの開発社会議WWDCでは、自慢げに親友のディベロッパーがSnifferを立ち上げ、他人のメールを読んでいるのを見せられたことがある。 (間違った情報を修正)


Hacker Freeware

There is a great deal of freeware software available for immediate download that provides even a novice with substantial tools to remotely intercept wireless network data transmission packets and after having collected enough of your “encrypted data packets," crack your encryption vector for 128 bit WEP. That allows a hacker to remotely read your files and transmissions as if the they were directly connected to your network. One of the more sinister aspects of wireless hacking is that it doesn't necessarily leave footprints. To use such programs one need not be a deeply experienced computer engineer, but merely have some basic computing knowledge. Finding and downloading cookbook Wi-Fi hacking programs takes about ten seconds using any standard Internet search tool. Wi-Fi hacking software is available for Windows systems, Mac, Linux/Unix, and Pocket PC based systems.

Here is a small sampler of the more common freeware Wireless hacking software:

1. Airsnort, wireless network “tool” that passively monitors 802.11b networks, doesn’t leave any obvious intrusion traces, gathers your Wi-Fi broadcast data packets and then analyzes them to decrypt the 128 bit WEP encryption key, assuming that you’re even using that basic encryption. There are other similar war-driving “sniffer” programs such as Aerosol and Mognet, which includes the ability to directly view captured 802.11b packets.
2. Network Stumbler, a program that grabs broadcast W-Fi configuration information and audits a network and its attached computers and users. There’s even a version for Pocket PCs called MiniStumbler.
3. pong.exe, which ascertains passwords, WEP encryption keys, and the actual MAC addresses of network adapters.
4. Ethereal, which allows a hacker to examine the live data stream from a Wi-Fi network or capture the data stream to a disk for later viewing.
5. WEPcrack, a decryption program that uses the latest discovered systemic weaknesses in the WEP encryption scheme.
6. Kismet, which can simultaneously identify multiple 802.11 networks.

These programs can be downloaded, for example, from http://802.11-security.com/security/tools. Readily available programs like these cut both ways. They’re useful for illicit intrusion into your network but also as a means of independently checking your own Wi-Fi security. You might find it both enlightening and useful to download some of this readily available freeware yourself an attempt to hack into your own network to test its security. Similarly, if you have any indication that you might be vulnerable to hacking, then try some counter-hacking software such as Odessey or FakeAP, programs that hides your network’s true access addresses by generating thousands of false and misleading access point addresses that confuse fifteen-year-old cookbook “script kiddies.”

Often, the same Web sites that provide double-edged hacking/security audit tools also include links to commercial security products that ostensibly plug the same Wi-Fi security gaps that are exploited by programs posted. Be sure that any commercial vendor solutions you might consider has been rigorously audited by neutral parties.

Wi-Fi is not yet even a fully mature technology and yet even reasonably mature and proven technology like 30 year old UNIX or 10 year old 32 bit Windows typically has some security vulnerabilities, although these become increasingly more difficult for “script kiddies” as the obvious holes are plugged. One need only recall at the "extremely critical " security vulnerabilities still found in Internet Explorer 6 and in Microsoft Active Scripting as late as November 2003, or the SNMP holes found in Cisco's Wi-Fi software to develop a disconcerting sense of the potential vulnerabilities that remain in even thoroughly studied, mature software.