Residential Wi-Fi Mapping Database Revealed

Talaria writes "An enormous database of home wifi routers and their locations has been revealed after the Internet Patrol did some digging following AOL's recent announcement of their new "Near Me" service, which allows AIM users to see which of their instant messenger buddies are geographically near them. The database, containing the unique IDs of more than 16 million wireless routers and their locations, has been compiled by AOL partner Skyhook Wireless, which claims to have mapped the majority of residences in the U.S. and Canada."

Wow...

[physicsboy500 (645835)]

Why don't they just color code it to show the non-secure points and send a fax to all known hackers?

oh... just got an email!!

First post and it's slashdotted?!!

[writertype (541679)]

Man, that's some weak sauce.

Re:

[by Anonymous Coward]

How about some cyber sauce?

AOL Introduces Location Plug-In for Instant Messaging So Users Can See Where Buddies Are

[...Adam McDugle (an IT manager and regular slashdot user) is testing out the Skyhook plugin on a late Saturday night over a scotch on the rocks at the house. Meanwhile an AIM session takes a curious turn...]
adam_mcdugle - So, you really look like that jpeg you sent me?
hotgrl69 - well my gf took the pic of me while i was showering lol!
adam_mcdugle - ORLY? Where did you say you live again?
hotgr

Figures ...

[petabyte (238821)]

My GPS unit for wardriving comes via Fedex tomorrow. Now they've taken all the fun out of it :(.

Does anybody know their methods?

[kaufmanmoore (930593)]

I'm guessing even though my SSID is disabled they still could have found mine. I'm getting tempted to run that 75foot cable to my couch.

Re:Does anybody know their methods?

[by Anonymous Coward]

Every access point has a hardware address that never changes (unless the owner is a firmware-flashing geek) and is always broadcast, even if you turn off SSID broadcasts. If you have a powered-on wireless access point and they've scanned your area, your AP is in the database. I don't think people should be worried about this any more than they should be worried if there were no such database: If your wireless AP is configured properly, you're safe and there's no negative impact from someone using the broadcasts of your AP to determine his location. If you want your net to be private and your AP is open or using an insufficient password or encryption method, what exactly are you waiting for? If you want your AP to be open, then you probably want that people use it, so the database can only help, right?

Come on guys!

[CasperIV (1013029)]

Quick, everyone trade routers! Let's make some poor data entry grunt cry.

But it's a great way to find stolen gear

[Ungrounded Lightning (62228)]

Every access point has a hardware address that never changes (unless the owner is a firmware-flashing geek) and is always broadcast, even if you turn off SSID broadcasts. If you have a powered-on wireless access point and they've scanned your area, your AP is in the database.

Sounds like a great way to find stolen Access Points, WiFi cards, laptops with built-in WiFi, and other such gear. B-)

How many petty thieves are going to re-flash the gear to change the MAC address? (And if they do it will still show up as MAC addresses appearing multiply in the maps and/or addresses outside the allocated ranges.)

(Our company had some APs stolen a while back. The IT guys did a little wardriving but didn't find them. We've upgraded since so it probably won't matter to us. But it could be really useful for people who had stuff stolen more recently.)

Re:

[SCHecklerX (229973)]

I want people to stumble upon mine, and proudly broadcast it. Teenlesbianorgy.

Coral Cache

[TubeSteak (669689)]

The site isn't loading for me
Hit the Coralized link:
http://www.theinternetpatrol.com.nyud.net:8080/eno rmous-map-of-wifi-servers-including-yours-revealed -by-aol-and-skyhook-announcement [nyud.net]

My only response to "ZOMG databse!!"
is that anyone could do this if they had time and money.

WiGLE

[lthown (737539)]

I've been uploading wardriving stuff to WiGLE for over a year, using that you can actually even see the access point names and if security is turned on: http://www.wigle.net/ [wigle.net].

Re:

[Achromatic1978 (916097)]

Well, that sucks: FF20002, "browse interactive maps": "nothing here. are you a bot?"

Great site.

Re:

[ShaunC (203807)]

The Coral Cache operates on port 8090. Here is a corrected link [nyud.net], though at this point, all that's cached is proof that the Internet Patrol's copy of WordPress has left a smoldering crater where their server once was...

No surprise

[DogDude (805747)]

Who would be surprised about this? Are there still people out there who think that there's some magical way of being attached to the Net and still being anonymous? You've gotta be especially naive to think that your wireless router, broadcasting information into the air, isn't going to be picked up by somebody other than you.

Well, they didn't find me, it's pretty trivial

[wsanders (114993)]

- Set SSID to something random, and don't broadcast it
- I even use WEP, as supposedly insecure and old school as that is
- So far I have shown up on no wardriving maps

Re:

[wsanders (114993)]

But if I do that, I can't mooch off all the neighbors' unsecured hot spots!

Re:

[Joe5678 (135227)]

This has nothing to do with using a wireless access point anonymously. This database only functions to allow a wireless enabled device (most likely a pda, or laptop since most cell phones already know where they are) to do a scan of the access points around it, pass the list of AP's it can see to the database/service, which then tells the device exactly where it is.

This doesn't involve you accessing the internet through your WAP and your privacy at all. Your WAP and it's unique ID are simply being used as

Re:

[Ankur Dave (929048)]

Couldn't you just have changed the channel their router operated on? That would let them continue to use their wireless unharmed (so you avoid the bad karma :-) ) and your signal wouldn't get drowned out.

They advertise it

[DogDude (805747)]

I love this silly blog... "according to news sources..."... like it's some kind of secret database. Here's a better source: http://www.skyhookwireless.com/ [skyhookwireless.com] On their front page

"Skyhook Wireless provides a software-only positioning system that leverages a nationwide database of known Wi-Fi access points to calculate the precise location of any Wi-Fi enabled device. "

How about a photo of your house in a database?

[shalunov (149369)]

A truck records signal from your WiFi router? How about people taking a picture of your house to sell to banks and insurance companies [azstarnet.com]? Or aerial close-ups of your backyard [outer-court.com]?

Re:

[fyrewulff (702920)]

Almost every house in Omaha is already photographed and can be pulled up from the Douglas County Assessor's website. If also available, you can get the floorplan for the house, see it's last appraised worth, etc.

The photographs are always taken from the street and you never see people in them. The only name attached to the files are the owners of the property. Heck, my mom's house is 75% covered by the tree in front of it - even though they took the picture at an angle.

When I worked at the library, we used

Makes me wonder

[Bullfish (858648)]

If there is a way once you detect someone attaching to your wireless network to fry their computer remotely

This just proves......

[8127972 (73495)]

... That privacy no longer exists.

Re:

[faloi (738831)]

Privacy never existed in public. Like it or not, broadcasting something over a radio is not the best way to make sure things stay away from the public.

Noone loves me

[Cytlid (95255)]

Noone ever connects to my wide open wireless with an SSID of "Honeypot".

 

you name your network after your girlfriend?

[davidwr (791652)]

Oh wait, this is slashdot. Nevermind.

Revealed? Huh?

[Lumpy (12016)]

http://www.wigle.net/gps/gps/Map/onlinemap2/ [wigle.net]

it's been out there for a long time. Most people into war driving know about it.

WiFi Mapping

[drewzhrodague (606182)]

I am not surprised by this. In fact, having been the guy that started WiFiMaps.com [wifimaps.com] (In '02), I've been talking about this to others for quite a while now. Positioning yourself using wifi is probably the most useful application for wardriving data. Does it need to be accurate? No, not really. I've talked to scientists working on sub-meter acuracy, and it is very difficult. If you can find out on which part of which block, there are tons and tons and tons of location applets you can think of off the top of your head to make use of that. If there are people interested in a copy of our national (and some other countries) database of wifi locations, ours is GPL'd. What we don't have, is an all-in-one IM applet, which I guess Skyhook and AOL are now trying. Kudos. I sure wish I had some business skills. That can be the difference between the company's product as a topic on slashdot, and a dude at home posting on slashdot with no pants on.

Re:WiFi Mapping

[muellerr1 (868578)]

That can be the difference between the company's product as a topic on slashdot, and a dude at home posting on slashdot with no pants on.

I'm at the office posting on slashdot with no pants on, you insensitive clod.

So who else will be buying it?

[WindBourne (631190)]

My bet is that this was funded by NSA, CIA or most likely FBI.

Wireless company name?

[jeffkjo1 (663413)]

What's wrong with companies, naming themselves after non-clever skynet euphemisms?

Skyhook Wireless? Come on.

Not an accurate representation of what's going on

[eggboard (315140)]

Here's what I wrote to the fine person who wrote the linked article, who I respect enormously, but think got it wrong in this case:

First, and sort of a priori, Wi-Fi uses unlicensed spectrum. The use of that spectrum means that you accept (however unknowingly, your point!) that any use treads in the public space. There are ways to reduce the signal strength of many Wi-Fi gateways if you want to penetrate further.

Second, what they're gathering is just a number (the BSSID [wikipedia.org], which is the unique base station identifier for networks that are set to broadcast). They do not access the network. And they can't provide any kind of exact correlation. Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere. (It's also not all home networks; there are millions and millions of business networks also being recorded.)

Third, their data is their crown jewel. They have every interest in protecting it in the strongest possible ways. The information they release is a set of coordinates based on signals measured and sent via their system. So you can't really perform millions of arbitrary queries, but rather only queries mediated through their software. This limits exposure.

So you have no specific information based on public use of public spectrum and strong needs to protect the data against unwanted access...

Sounds fairly reasonable to me.

If they started pairing individual addresses with BSSIDs, and sold that to Wi-Fi makers and others who would then perform direct mailings to users to get them to switch brands or add security -- that would be creepy.

Re:Not an accurate representation of what's going

[Charles Dodgeson (248492)]

Second, what they're gathering is just a number (the BSSID, which is the unique base station identifier for networks that are set to broadcast). They do not access the network. And they can't provide any kind of exact correlation. Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere. (It's also not all home networks; there are millions and millions of business networks also being recorded.)

Exactly. There is no harm in anyone knowing that the wi-fi access

Re:Not an accurate representation of what's going

[Greg Lindahl (37568)]

Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere.

Unless the SSID has the address in it, which I see that several of the networks around my apartment do. "shadows109" is apt 109 of the complex I live in, 1600villa_107 is unit 107 of the apartments at 1600 Villa street, and so on.

Buglars Delight

[BillGatesLoveChild (1046184)]

Has anyone heard of a house being robbed because burglars found a wireless connection?

Is this a scheme by AOL Skyhook Wireless to sell more Wireless Routers?

Re:

[Dogtanian (588974)]

Now I don't have to cruise through neighborhoods to pick up access points to get into then commit crimes, I can just check the internet!

And if anyone wants to know who carried out the crime, there's a nice log of your search from an IP probably linked to you.

mod parent up

[by Anonymous Coward]

I honestly don't understand all the hype regarding wireless. Sure, it's convenient for laptops in an airport, cafe, or other public location, but to me it just doesn't make sense for most residences. I think it's main selling point is the fact that people don't have to run wires and people are generally cheap and lazy. But I wired my house myself (16 outlets over 6 rooms) for about $300 in equipment (router, patch panel, 1000' cable, tools, etc) and two days of my time. The setup is fantastic and I don

wireless is good for homes too

[by Anonymous Coward]

Wire to each room is a no brainier but wireless is also useful, I dont want a wire draped accross the couch when I am checking sports scores on my notebook and watching TV...what if I want to sit outside on the porch, or in the middle of the back yard for that matter, am I supposed to string a cable drop to the old oak tree? a drop that I may use 3 times a year...why be tethered? doing huge file transfer is one thing, but wifi is great for most every day stuff. Your post shows a sense of elitism that is the essence of what turns people off to this site.

Re:

[hjf (703092)]

no. you're just wrong. I can see that you have never used wireless. My cousin lives in a regular latin american house. That is, brick and mortar. No drywall. There's no more than 30 feet to the access point, yet she has trouble to get signal. Sure, it's 2 walls away. But it's supposed to be convenient . It just doesn't work. And no, it's no crappy gear. It's a 200mW AP and a Centrino laptop (awhich are supposed to be the best wireless cards around). The other day I wasn't getting ANY signal, on the spot whe

Re:

[anagama (611277)]

I have a pottery kiln/studio in the middle of field. A neighbor about 400' away or more lets me uses his broadband connection. Trenching a line that far -- through blackberries and fences -- would be a nightmare. Instead, I picked up two wireless routers, put on DDwrt so I could adjust power output (80mw seems to work just fine), and got a couple cheapo antennas (they are about 2.5" square -- sort of directional). The whole setup was under $200, and the biggest bonus, I didn't have to dig a trench. I'v

Re:

[The Darkness (33231)]

Installing 25km outdoor wifi links is a different beast from getting wireless working in a home. I've helped set up many in home wireless networks and even helped debug situations like yours. It's not just the AP; the quality of the antenna on the mobile device can have a large effect on the distance it can roam.

You know that the marketing people are going to take numbers from a "straight through the air-gap drywall" test where the line from the AP to the Wireless card is perpendicular to the line of the

Re:mod parent up

[_xeno_ (155264)]

Actual wireless makes sense if you are in an apartment or a place that you do not own. But if you own it and your house is less than 50 years old and you run wireless, then the person is either lazy or a total idiot.

Or if you use a laptop and don't feel like being tethered to your desk.

I have an apartment, and my desktop, TiVo, and PS2 are all hooked up by wires (that run along one wall), but I still have wireless enabled: it's for laptop/Nintendo DS use.

I can, of course, also plug the laptop in directly via a wired connection, but then it'd be tethered to my desk. So instead I use wireless, and can use the laptop all over my apartment. Wireless is more for mobile device use than for simply avoiding having to run wires.

Re:

[WindBourne (631190)]

I have wireless enabled as well, but that is so that I can play games with the police (I now live in highlands ranch, CO) and the drive-by crackers. They come by and attempt to play with the xen session that I have established as a honey pot for them. I have actually gone out and took a pic of 2 guys working furiously. When they realized that, they drove off quickly. I probably should have turned them in, but I have been hoping that they would come by again. I just want to play a little. :)

Re:

[hcdejong (561314)]

Or if you use a laptop and don't feel like being tethered to your desk.

I'm not tethered to my desk. I've got a few Ethernet cables lying around the living room, so I can plug in wherever. I need to run wires to my laptop anyway (power, often USB (audio output) as well), so one more isn't going to bother me.

Re:

[EatHam (597465)]

Or if you have 100 other things to do besides take an entire weekend running wires. Or if you want to use your laptop outside. Or if you don't want to drill holes everywhere. Or if you don't have easy access to an attic or basement. Or, or, or, or. There are valid reasons to go wireless. Being lazy is one, being an idiot is one, and just liking to have the freedom that comes with a wireless connection is another.

Re:

[WindBourne (631190)]

For the couple of hundreds of dollars and a bit of time, it will increase the value of your home by more than a 1000 AND make it easier to sell. In this economy, I like having the edge, just in case. In fact, I will be installing central vac in the next year (grew up with one and they are a must have).

Re:

[WindBourne (631190)]

Mea Culpa. I should never post when I am in a hurry. I did mean two homes (wow, that was bad). 2300 up is 2300 square feet upstairs(main floor and 2'nd level). There is another 800 and 1000 in the basement (800 in the first, 1000 in the 2'nd).

Re:Skyhook trucks

[couchslug (175151)]

That's not a Slashdot solution.

A camera to monitor your street, and a switch that cuts power to your router while discharging a HERF weapon concealed in a lawn gnome is a Slashdot solution.

Re:

[belrick (31159)]

The article says that they have the "unique ID" of my home network. This really disturbs me because, as I'm sure most of the rest of you have done, I have configured my network to prevent this. I run a Cisco aironet 1200 AP with 802.11i, AES encryption, as the only supported method, and my SSID is nondiscoverable until you've progressed through the encryption handshake. What is this "unique id" they managed to snarf? How did they break AES 256?

I've gotta say that's a remarkable attack!

Are your not a troll?

Re:

[Autonin (322765)]

I believe the item in question is called a *MAC address*.

You send a wireless packet of any kind, and there it is. In the clear. And it has to be, or they can't address packets back to you.