Forgot your password?
typodupeerror
Privacy Wireless Networking Hardware Your Rights Online

Residential Wi-Fi Mapping Database Revealed 167

Posted by kdawson
from the X-ICBM dept.
Talaria writes "An enormous database of home wifi routers and their locations has been revealed after the Internet Patrol did some digging following AOL's recent announcement of their new "Near Me" service, which allows AIM users to see which of their instant messenger buddies are geographically near them. The database, containing the unique IDs of more than 16 million wireless routers and their locations, has been compiled by AOL partner Skyhook Wireless, which claims to have mapped the majority of residences in the U.S. and Canada."
This discussion has been archived. No new comments can be posted.

Residential Wi-Fi Mapping Database Revealed

Comments Filter:
  • Wow... (Score:5, Funny)

    by physicsboy500 (645835) on Tuesday March 20, 2007 @03:57PM (#18419825)

    Why don't they just color code it to show the non-secure points and send a fax to all known hackers?

    oh... just got an email!!

  • by writertype (541679) on Tuesday March 20, 2007 @03:58PM (#18419839)
    Man, that's some weak sauce.
    • Re: (Score:3, Funny)

      by Anonymous Coward
      How about some cyber sauce?

      AOL Introduces Location Plug-In for Instant Messaging So Users Can See Where Buddies Are

      [...Adam McDugle (an IT manager and regular slashdot user) is testing out the Skyhook plugin on a late Saturday night over a scotch on the rocks at the house. Meanwhile an AIM session takes a curious turn...]
      adam_mcdugle - So, you really look like that jpeg you sent me?
      hotgrl69 - well my gf took the pic of me while i was showering lol!
      adam_mcdugle - ORLY? Where did you say you live again?
      hotgr

  • Figures ... (Score:5, Funny)

    by petabyte (238821) on Tuesday March 20, 2007 @04:00PM (#18419899)
    My GPS unit for wardriving comes via Fedex tomorrow. Now they've taken all the fun out of it :(.
  • I'm guessing even though my SSID is disabled they still could have found mine. I'm getting tempted to run that 75foot cable to my couch.
    • by Anonymous Coward on Tuesday March 20, 2007 @04:33PM (#18420483)
      Every access point has a hardware address that never changes (unless the owner is a firmware-flashing geek) and is always broadcast, even if you turn off SSID broadcasts. If you have a powered-on wireless access point and they've scanned your area, your AP is in the database. I don't think people should be worried about this any more than they should be worried if there were no such database: If your wireless AP is configured properly, you're safe and there's no negative impact from someone using the broadcasts of your AP to determine his location. If you want your net to be private and your AP is open or using an insufficient password or encryption method, what exactly are you waiting for? If you want your AP to be open, then you probably want that people use it, so the database can only help, right?
      • by CasperIV (1013029)
        Quick, everyone trade routers! Let's make some poor data entry grunt cry.
      • by Ungrounded Lightning (62228) on Tuesday March 20, 2007 @06:59PM (#18422619) Journal
        Every access point has a hardware address that never changes (unless the owner is a firmware-flashing geek) and is always broadcast, even if you turn off SSID broadcasts. If you have a powered-on wireless access point and they've scanned your area, your AP is in the database.

        Sounds like a great way to find stolen Access Points, WiFi cards, laptops with built-in WiFi, and other such gear. B-)

        How many petty thieves are going to re-flash the gear to change the MAC address? (And if they do it will still show up as MAC addresses appearing multiply in the maps and/or addresses outside the allocated ranges.)

        (Our company had some APs stolen a while back. The IT guys did a little wardriving but didn't find them. We've upgraded since so it probably won't matter to us. But it could be really useful for people who had stuff stolen more recently.)
    • Re: (Score:3, Funny)

      by SCHecklerX (229973)
      I want people to stumble upon mine, and proudly broadcast it. Teenlesbianorgy.
  • Now I don't have to cruise through neighborhoods to pick up access points to get into then commit crimes, I can just check the internet!
    • by Dogtanian (588974)

      Now I don't have to cruise through neighborhoods to pick up access points to get into then commit crimes, I can just check the internet!
      And if anyone wants to know who carried out the crime, there's a nice log of your search from an IP probably linked to you.
    • Uh...what kind of crimes?

      I guess you can't mean any ordinary physical crime, like robbing someone or burglarizing his house, for which a wireless access is wholly unnecessary.

      So what could you do with wireless access from your black-painted car or truck that you can't do as easily (or with equal difficulty) from the comfort of your regular crime lair, or from the Starbucks down the street?

  • Coral Cache (Score:2, Informative)

    by TubeSteak (669689)
    The site isn't loading for me
    Hit the Coralized link:
    http://www.theinternetpatrol.com.nyud.net:8080/eno rmous-map-of-wifi-servers-including-yours-revealed -by-aol-and-skyhook-announcement [nyud.net]

    My only response to "ZOMG databse!!"
    is that anyone could do this if they had time and money.
  • No surprise (Score:5, Insightful)

    by DogDude (805747) on Tuesday March 20, 2007 @04:06PM (#18420011) Homepage
    Who would be surprised about this? Are there still people out there who think that there's some magical way of being attached to the Net and still being anonymous? You've gotta be especially naive to think that your wireless router, broadcasting information into the air, isn't going to be picked up by somebody other than you.
    • Anonymous (Score:1, Offtopic)

      Are there still people out there who think that there's some magical way of being attached to the Net and still being anonymous?
      This guy [slashdot.org] thinks so.
    • My neighbors learned this the hard way, after their wifi signal was overtaking mine. Let's just say their SSID mysteriously went from being "linksys" to "cia-fbi-disney" and the wireless function somehow stopped working soon thereafter.
      • Couldn't you just have changed the channel their router operated on? That would let them continue to use their wireless unharmed (so you avoid the bad karma :-) ) and your signal wouldn't get drowned out.
    • - Set SSID to something random, and don't broadcast it
      - I even use WEP, as supposedly insecure and old school as that is
      - So far I have shown up on no wardriving maps
      • You could just line your living room with lead... and this way I'm getting 0 interference.
        • by wsanders (114993)
          But if I do that, I can't mooch off all the neighbors' unsecured hot spots!
        • You could just line your living room with lead... and this way I'm getting 0 interference.
          I have an 82 year old house with original coats of paint under many recent latex layers. CHECK!!!

          Now, how do I go about grounding the paint. :)
    • by Joe5678 (135227)
      This has nothing to do with using a wireless access point anonymously. This database only functions to allow a wireless enabled device (most likely a pda, or laptop since most cell phones already know where they are) to do a scan of the access points around it, pass the list of AP's it can see to the database/service, which then tells the device exactly where it is.

      This doesn't involve you accessing the internet through your WAP and your privacy at all. Your WAP and it's unique ID are simply being used as
  • They advertise it (Score:5, Informative)

    by DogDude (805747) on Tuesday March 20, 2007 @04:09PM (#18420047) Homepage
    I love this silly blog... "according to news sources..."... like it's some kind of secret database. Here's a better source: http://www.skyhookwireless.com/ [skyhookwireless.com] On their front page

    "Skyhook Wireless provides a software-only positioning system that leverages a nationwide database of known Wi-Fi access points to calculate the precise location of any Wi-Fi enabled device. "
  • by shalunov (149369) on Tuesday March 20, 2007 @04:10PM (#18420069) Homepage
    A truck records signal from your WiFi router? How about people taking a picture of your house to sell to banks and insurance companies [azstarnet.com]? Or aerial close-ups of your backyard [outer-court.com]?
    • Re: (Score:2, Interesting)

      by fyrewulff (702920)
      Almost every house in Omaha is already photographed and can be pulled up from the Douglas County Assessor's website. If also available, you can get the floorplan for the house, see it's last appraised worth, etc.

      The photographs are always taken from the street and you never see people in them. The only name attached to the files are the owners of the property. Heck, my mom's house is 75% covered by the tree in front of it - even though they took the picture at an angle.

      When I worked at the library, we used
    • How about people taking a picture of your house to sell to banks and insurance companies?

      What about it? Are you one of those idjets who object to people taking photos of the Empire State Building or the US Capitol?

      Somebody taking a photo of your house - without setting foot in your yard - even once a year is nothing to get upset over.

  • If there is a way once you detect someone attaching to your wireless network to fry their computer remotely
    • by Elentari (1037226)
      You could pour boiling oil out of your window onto them, if they're the wait-outside-your-house-with-a-laptop variety.
    • Re: (Score:1, Funny)

      by Anonymous Coward

      If there is a way once you detect someone attaching to your wireless network to fry their computer remotely

      1) Assign their machine an address via DHCP
      2) ping machine with the evil bit set on the packet
      3) ???
      4) PROFIT!
    • Re: (Score:1, Funny)

      by Anonymous Coward
      I use squid in interception proxy mode to replace all their http GETs with goatse and lemonparty. They don't seem to stick around long after that.
  • ... That privacy no longer exists.
    • by faloi (738831)
      Privacy never existed in public. Like it or not, broadcasting something over a radio is not the best way to make sure things stay away from the public.
  • Guess war chalking is obsolete now.
  • Didn't Apple trademark "iSpy" for a new product?
  • by Cytlid (95255) on Tuesday March 20, 2007 @04:29PM (#18420425)
    Noone ever connects to my wide open wireless with an SSID of "Honeypot".

     
  • Revealed? Huh? (Score:5, Informative)

    by Lumpy (12016) on Tuesday March 20, 2007 @04:31PM (#18420449) Homepage
    http://www.wigle.net/gps/gps/Map/onlinemap2/ [wigle.net]

    it's been out there for a long time. Most people into war driving know about it.
  • So what database is being used by 'Microsofts Streets and Trips 2007' "Wi-Fi Location Provider"/"Locate Me" feature? Picked my location without hesitation.
  • WiFi Mapping (Score:5, Interesting)

    by drewzhrodague (606182) <(drew) (at) (zhrodague.net)> on Tuesday March 20, 2007 @04:34PM (#18420509) Homepage Journal
    I am not surprised by this. In fact, having been the guy that started WiFiMaps.com [wifimaps.com] (In '02), I've been talking about this to others for quite a while now. Positioning yourself using wifi is probably the most useful application for wardriving data. Does it need to be accurate? No, not really. I've talked to scientists working on sub-meter acuracy, and it is very difficult. If you can find out on which part of which block, there are tons and tons and tons of location applets you can think of off the top of your head to make use of that. If there are people interested in a copy of our national (and some other countries) database of wifi locations, ours is GPL'd. What we don't have, is an all-in-one IM applet, which I guess Skyhook and AOL are now trying. Kudos. I sure wish I had some business skills. That can be the difference between the company's product as a topic on slashdot, and a dude at home posting on slashdot with no pants on.
    • by muellerr1 (868578) on Tuesday March 20, 2007 @05:02PM (#18421017) Homepage

      That can be the difference between the company's product as a topic on slashdot, and a dude at home posting on slashdot with no pants on.
      I'm at the office posting on slashdot with no pants on, you insensitive clod.
    • by dodobh (65811)
      That can be the difference between the company's product as a topic on slashdot, and a dude at home posting on slashdot with no pants on.

      Tell that to the Goatse guy.
  • My bet is that this was funded by NSA, CIA or most likely FBI.
    • My bet is that the government has better ways of getting data then sending some guys around in a truck to document wireless networks.
  • What's wrong with companies, naming themselves after non-clever skynet euphemisms?

    Skyhook Wireless? Come on.

  • That should read Skynet, not Skyhook
  • The article says that they have the "unique ID" of my home network. This really disturbs me because, as I'm sure most of the rest of you have done, I have configured my network to prevent this. I run a Cisco aironet 1200 AP with 802.11i, AES encryption, as the only supported method, and my SSID is nondiscoverable until you've progressed through the encryption handshake. What is this "unique id" they managed to snarf? How did they break AES 256?

    I've gotta say that's a remarkable attack!
    • by belrick (31159)

      The article says that they have the "unique ID" of my home network. This really disturbs me because, as I'm sure most of the rest of you have done, I have configured my network to prevent this. I run a Cisco aironet 1200 AP with 802.11i, AES encryption, as the only supported method, and my SSID is nondiscoverable until you've progressed through the encryption handshake. What is this "unique id" they managed to snarf? How did they break AES 256?

      I've gotta say that's a remarkable attack!

      Are your not a troll?
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Quick, someone make a "Your access point is broadcasting a MAC address" banner!
    • by Autonin (322765)
      I believe the item in question is called a *MAC address*.

      You send a wireless packet of any kind, and there it is. In the clear. And it has to be, or they can't address packets back to you.
      • I'm not sure if you're joking or not... Have you ever used an IOS Aironet device? Cron, expect, ssh, and the IOS command "mac-address" have served me well. Hint: don't believe the documentation.

        A MAC address is not now, and never will be, a unique device identifier. ESPECIALLY on my network.

        I just want to know how they cracked AES.
    • I believe that the SSID is still viewable if you send a blanket "I am dissconnecting" notification, APs in the area will reply with a "thanks for dissconnecting from router" message.

      I think I read something about that a while ago.
    • The answer is - MAC Address - 00:00:00:00:00:42

      I wonder how many times that unique MAC address is used...

      MAC addresses are as unique as the EEPROMs they're printed on.

  • AOL's recent announcement of their new "Near Me" service, which allows AIM users to see which of their instant messenger buddies are geographically near them.

    You mean I can finally see where that 18/f really is...hey wait...thats the old guy down the street!

    Seriously, what genius thought this was a good idea in the first place? How long is it going to be before the headlines read something like "Stalker kidnaps child with AIM"? I want to know how this idea got a green light considering the potential danger that it is going to create

  • by eggboard (315140) * on Tuesday March 20, 2007 @05:45PM (#18421721) Homepage
    Here's what I wrote to the fine person who wrote the linked article, who I respect enormously, but think got it wrong in this case:

    First, and sort of a priori, Wi-Fi uses unlicensed spectrum. The use of that spectrum means that you accept (however unknowingly, your point!) that any use treads in the public space. There are ways to reduce the signal strength of many Wi-Fi gateways if you want to penetrate further.

    Second, what they're gathering is just a number (the BSSID [wikipedia.org], which is the unique base station identifier for networks that are set to broadcast). They do not access the network. And they can't provide any kind of exact correlation. Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere. (It's also not all home networks; there are millions and millions of business networks also being recorded.)

    Third, their data is their crown jewel. They have every interest in protecting it in the strongest possible ways. The information they release is a set of coordinates based on signals measured and sent via their system. So you can't really perform millions of arbitrary queries, but rather only queries mediated through their software. This limits exposure.

    So you have no specific information based on public use of public spectrum and strong needs to protect the data against unwanted access...

    Sounds fairly reasonable to me.

    If they started pairing individual addresses with BSSIDs, and sold that to Wi-Fi makers and others who would then perform direct mailings to users to get them to switch brands or add security -- that would be creepy.

    • Second, what they're gathering is just a number (the BSSID, which is the unique base station identifier for networks that are set to broadcast). They do not access the network. And they can't provide any kind of exact correlation. Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere. (It's also not all home networks; there are millions and millions of business networks also being recorded.)

      Exactly. There is no harm in anyone knowing that the wi-fi access

    • Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere.


      Unless the SSID has the address in it, which I see that several of the networks around my apartment do. "shadows109" is apt 109 of the complex I live in, 1600villa_107 is unit 107 of the apartments at 1600 Villa street, and so on.

      • by eggboard (315140) *
        You're right. (Although the BSSID is not equal to the SSID. The BSSID is typically the MAC address of the Wi-Fi system in the gateway; the SSID is default or human-set text.)

        However, if someone chooses to expose their identity in the SSID, then aren't they making a statement already about their concern for privacy? I used to label our network with our street address, but my wife asked me to change it. It's now Generic Home Network. Actually, after a change in setup, it's Generic Heim Netzwerk.
  • Soon router manufacturers will recommend replacing your router every 6 months to keep your SSID fresh and unmapped. You'll find shops pop up across the country offering "router change" service for $19.95. Watch out for that hazardous disposal fee!

    I was able to recover the currently slash-dotted article via google's cache:

    Enormous Map of Wifi Servers - Including Yours! - Revealed by AOL and Skyhook Announcement 3/19/2007 -

    Summary: Quite a few people have by now read about AOL's new Skyhook "Near Me

  • Has anyone heard of a house being robbed because burglars found a wireless connection?

    Is this a scheme by AOL Skyhook Wireless to sell more Wireless Routers?
  • Some of you may remember this story: Hacker Sentenced To Longest US Sentence Yet [slashdot.org] about a young man who accessed a wide open access point to check his Yahoo! e-mail. The feds nailed him for "Unauthorized Access to a Protected Computer" because he accessed the Lowes Store Wi-Fi Access Point. I fail to see how Skyhook's methods are any different. They may not have used the access point to do something, but they still connected to it, uninvited.

    If it's good enough for our real life citizens, it should also
    • Re: (Score:2, Insightful)

      by Nukenbar2 (591848)
      um, not even close. By simple click the link you provided, you can see in the summery that he was attempting to steal customer credit card information from that network.

      A little different from checking your e-mail and worth some jail time.

  • I misread "to see which of their instant messenger buddies are geographically near them." as bullies. Seriously, I do not lie.
  • The assumption is that wireless access points are permanently located in one location, but once in a while that is not true. One example would be a couple who has both a summer cabin and a winter home. They might own just one wireless access point or wireless router and take it to their other home for the other potion of the year. Another example would be a retired couple who has a home in a colder part of the country and who, every winter, take their large motor home or travel trailer to Arizona or Flor

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...