Showing posts with label Heidi Chakos. Show all posts
Showing posts with label Heidi Chakos. Show all posts

Thursday, December 14, 2023

 

13:40. When you're using WiFi, you're just transmitting a whole lot of data on radio waves and that's publicly accessible and I think a lot of people don't realize how much information is being sent out because we can't see these things we're not quite clear about what sort of privacy violations or privacy weaknesses we are creating for ourselves so the thing with Wi-Fi access points and a site like Wigle.net is they've done a great job in highlighting this information so what wiggle net is it's a website that at their website you'll see a map of the world you'll see all these little Speckles everywhere and you're like oh how pretty Speckles you zoom in then you see a lot more of them and you zoom in and then you zoom in you can zoom in on your house and you will see the name the SSID of every Wi-Fi network that means Naomi's Wi-Fi at home or Heidi phone hotspot or whatever you're calling a network they're all listed there but it's a lot worse than that so wiggle what they do is it's all community Driven and they create this database to get people's awareness going about what's going on and what information is accumulated and it's a little scary what you can do and their database alone a lot is just like for example in their and their database some reasons why this would be a threat is because for example if you turn on a hotspot on your phone that becomes a wireless access point and so your transmitting information and people are connecting to you you can actually see what devices are connected to Wi-Fi spots, like your phone or whatever, and every device has a MAC address or an SSID and I always get those confused because . . . SSID basically your phone has an identifier.  Now it's a name and that is publicly available information.  Now why might this be bad?  First, let's look at hotspots themselves.  

15:55. Let's say you have a hotspot on your phone and you're using your laptop, you can actually track on these websites where that hotspot has moved to, what time it was available, you can look in perpetuity.  You can also see what devices were connected to it.  Let's say your laptop was connected to it, I now can see okay what laptop with that Mac address it was connected to.  Let me search for that Mac address.  Oh that Mac address was also connected to these Wi-Fi hotspots here and there.  Oh, she happens every 5 o'clock to leave that hotspot to go to this one.  That's probably her work; that's probably her home address.  You start to see what kind of security vulnerabilities in a system like that if you're just publicly putting out this information.  One thing Snowden says is don't use Wi-Fi at home, because that's just extra information you don't need to be broadcasting.  Just plug your phone into an Ethernet cable.  Also, Wi-Fi is a lot less secure there are a lot more ways for hackers to get into your network if they can access your internet network then they can basic only from accessing your devices whatever firewall and protection you've had on your individual devices.  Televisions are probably connected.  The thermostat is probably connected.  All these things are things that hackers can then access.  If they can get on to your network and you're just relaying on the actual Hardware protection to stop them, there are all kinds of issues with having this Wireless home.  You can set up . . . a few want that sort of accessibility. There are companies that do that sort of thing that don't connect it to the Internet.  But these issues with Wi-Fi, I think people need to be aware.  I'm in the middle of doing a video on Wi-Fi probe requests.

To connect to a WiFi hotspot, devices send out a probe request to available network access points (APs) in their surroundings. An available network sends a probe response, initiating the connection. While this process is standard, these requests “also serve as a means to track, trilaterate [locate], and identify devices for attackers who passively sniff network traffic,” the paper said. 

So probe requests reveal your physical address to hackers by way of triangulation.  Wow, it's not enough to condemn these fuckers or label them as perverts, but you've got to protect yourself beyond the standard tools that come built in on your device.  

17:56. So if you have your phone on for example if I go in my Wi-Fi settings on my phone first it lists all the Wi-Fi spots that are available nearby also on your phone you know how when you go and visit your parents house it just automatically connects to the Wi-Fi why does it do that because your phone stores a list of every Wi-Fi network you've ever connected to if you're using an iPhone you can't even access that list there's no way to actually find a list and delete things from it and I know Android there are different ways to do it on a computer.

18:30. On my Mac I've seen you can you can say forget this network.

18:35.  On your Mac, you can; yeah, on your computer but not on your phone.  You know how it's so seamlessly connects when you go to someone's house you where you've connected before it just automatically happens.  Why does that happen?  Because every few seconds your phone emits this probe request that says, "Hey every single Network that I've been connected to, are you available right now?"  That's a unique identifier that says that you're the only person in the world that has all of those Wi-Fi addresses that setting up for probe requests at any given time.  Because you're the only person who's been to my house and then to your best friend's house and your parents house and your work and so it's a unique identifier.  

19:27. Now how is this exploited this is a huge security threat but what we know is that these things are publicly available what other people are collecting this information we know the Google and apple have treasure troves of information that they're collecting at all times you know those driverless cars that drive around the waymo cars they are also sending out probe requests to be picked up Wi-Fi Wi-Fi probes picking Wi-Fi networks they're accessing all those information and creating these databases so wiggle.net is a site that tries to cut a log of a lot of information but they don't have nearly as much information if you're terrified by the information you can search for on their site you should be doubly terrified of what Apple and Google have because what this means is that a database exists, a database exist that has all this information and if it exists it can be exploited.  What kind of oversight is being given to these?  What kind of security measures to protect them?  What kind of leverage do governments who are trying to extradite people have to access this information?  They probably have a huge amount of  leverage.  

20:35. So what's something that you can do?  Turn off your Wi-Fi when you're not using it.  Don't just keep it probing something you can keep in mind with iPhones is when you go in your settings if you have at the control center and you turn it off that doesn't turn it off that just says forget this until tomorrow you know like don't try to access until tomorrow so your Bluetooth and Wi-Fi are going to be on until you go into the settings and turn them off