No, this isn’t about a foul mouthed Chucky doll with a stalking complex.
The ‘Creepy Distributed Object Locator’, or CreepyDOL for short, is a device cobbled together from a Raspberry Pi Model A, a USB hub and a couple of wifi dongles (housed in a non-descript case, the creator calls these F-BOMBs, or Falling Ballistically Launched Object that Makes Backdoors), and runs software that allows the tracking and analysis of signals that are constantly emitted from any wifi enabled smartphone or mobile device.
When this data is collated and visualised, it can tell enough about a person and their habits to put a celebrity stalker’s diary to shame. All this without a single hack or unauthorised access attempt, it’s all data your device puts out there constantly, all day every day.
CreepyDOL visualisation in action
The CreepyDOL works by having several nodes, or, ‘F-BOMBs’ out in the field, all scanning the wifi airwaves. These little Raspberry Spies are able to detect connections to public wifi spots, messenger data, website use, and unique identifiers pinpoint which device is being used. Even if the target doesn’t connect to a wifi network, it can still trace them using the pings the smartphone sends back to the various services it uses for functionality.
This data is collected by the nodes, who then phone it home to a central control server (protected by TOR to obfuscate its location) and then it is analysed. This data can reveal the target’s name, address, online habits, physical movement in the real world, and even in some cases, an image of the target.
Brendan O’Conner – a security researcher with experience working for DARPA, Sun Microsystems and VeriSign, created the CreepyDOL network to put the privacy issues inherent to mobile computing out into the public sphere. He recently told the New York Times the process of obtaining the data was “terrifyingly easy”.
“It could be used for anything, depending on how creepy you want to be,” he said.
With the recent explosion of revelations surrounding PRISM and the Edward Snowden case, it’s becoming more and more apparent just what a commodity privacy is becoming in our increasingly technologically interconnected world.
The CreepyDOL shows that it’s not just government agencies with gajillions of dollars behind them that can access the myriad of unsecured information that floats around us every day, anyone with enough ingenuity and some cheap, easily accessed OTS hardware can tap these crowded airwaves and discern more than most would probably like revealed about themselves.
O’Conner is suggesting perhaps it’s time for device makers and programmers to acknowledge the inherent insecurity of the devices we all carry around with us everywhere we go. He told Forbes:
“If every person on the planet can use this surveillance technology, I think we should start to design things not to leak information at every level… you leave behind a trail that can be tracked not just by the NSA or a law enforcement agency, but by any kid in a basement with less than $500.”