back to article Brit hardware hacker turns Raspberry Pi Zeros into selfie slayers

Hipsters and selfie addicts beware: infosec man Steve Lord has crafted a tool designed to sever your line of addiction to Instagram by quietly blocking it over public Wi-Fi. The British security bod built the Raspberry Pi Zero-powered "hipster slayer" out of nothing more than off-the-shelf components and "questionable life …

Silver badge
Meh

Hmm

Nice idea, but rather risky

0
0
Silver badge
Devil

Re: Hmm

I want one.

I want to block access to social networking sites during family gatherings.

29
0
Silver badge
Pint

Re: Hmm

Now hang on, what's wrong with popping out to the pub? After all, it's unlikely Aunt Edna will notice you were gone for an hour, maybe more if the children do their job right.

6
0

Re: Hmm @ Eddy

It's the selfie-bastards who ruin that, because they always tend to include *other people* in their antics. Murphy states that Aunt Edna, or great-cousin Jeeves *will* find those pics at the most importune moments and *will* spread the pain. Because Family.

13
0
Silver badge

Re: Hmm

Risky - dunno.

Half-baked and ineffective as described? Definitely.

If you kill the wifi cleanly and immediately upon DNS lookup it will just switch to cellular. You need to mark "an idiot" by collecting his DNS packets, then wait until he establishes a TCP connection to anywhere (the first connection after the lookup is likely to be instagram or f*book) and only after that kill the WiFi mid-session so it buggers up the TCP connection.

0
0
Anonymous Coward

Re: Hmm

No, it'll just return a can't connect message, by which time the device has dropped out of WiFi, the victim figures the hotspot broke, and tries again on the cellular network. This can only work in an area with weak cell signals, meaning people start relying on the WiFi.

0
0
Silver badge

Re: Hmm

I'm fairly sure a WiFi pineapple would suffice for such a nefarious task.

Not that i'd know anything about that.

Else pop online and buy a GSM/WIFI jammer.

2
0
APA

Re: Hmm

"This can only work in an area with weak cell signals"

So a music festival, then. As described in article. Where the concentration of people in a relatively small area is too big a job for the local cell infrastructure.

Though to be honest in my experience the bigger problem faced at events is battery life. It's quite funny watching half a dozen people fight over the single proprietary apple connector at a charging point and then being given evil looks as you waltz up with your phone with a standard connector and have so many to choose from...

The point being "connection" is a luxury if you can't take the pictures in the first place. So if you really want to annoy people, have exactly one apple connector at the event and set up a coffee shop nearby to watch the fallout. (I am in no way thinking of Big Feastival 2015 where there was a Lavazza stall that had done exactly this, honest)

0
0
Anonymous Coward

So he's a terrorist disrupting the Internet

I expect him to be spied on, extradited, waterboarded then shot.

15
1
Anonymous Coward

a cyber-terrorist

and Mark Zuckerberg knows where he lives...he better be careful starting his computer in the morning.

0
0

Re: So he's a terrorist disrupting the Internet

or alternately he's a freedom fighter, depends on your viewpoint, and the circumstances.

Warning - Contains gross simplifications

Adult = A freedom fighter for traditional family values.

Child = Terrorist disrupting their fun.

I can see a ready market in Schools.

1
0
Silver badge

I'm wondering

Would it be possible to spoof a connection and deliver a mocked up error page saying "Get a life" or something like that? I have a more evil idea in mind but I'm not going to say what it is, in case it happens to one of you lot one day.

11
0
Silver badge
Trollface

Re: I'm wondering

Absolutely - as long as the victim has a recent but not very up-to-date Dell laptop...

8
0

Re: I'm wondering

Sure, check out the Wifi Pineapple, quite more expensive but less work :)

1
0

Re: I'm wondering

My favourite jape was by the guy who discovered his neighbours were leeching his wi-fi connection, so he redirected their traffic via a proxy that turned all the images upside down.

http://www.ex-parrot.com/~pete/upside-down-ternet.html

25
0
Gold badge
Coat

Re: I'm wondering

I remember that.

Wouldn't have as much impact these days, people would just assume it was a known iPad problem.

3
0

Re: I'm wondering

Fun idea but ...

You would be getting into legally questionable territory with spoofing. Right now the device just makes a polite request to the WiFi connected mobile/laptop/tablet to "get lost", its up to the connected device to preform the actual disconnect.

By spoofing a web site or redirecting the connection you get into legal areas covered by cyber security laws, unauthorized use of a system, intrusion, and other legal grey areas.

Better to just get a device to drop the connection. No one gets hurt and you can rightfully claim that you have done nothing to intercept or tamper with data on another persons device.

That said I want one of these things. Not sure what I would do with it but I'm sure I would think of something.

6
0
Anonymous Coward

Re: I'm wondering

if someone's using your WiFi without permission - which iirc was the purpose of the upside-down-ternet? - then they've committed the unauthorised use and intrusion, not you? THe disconnect thing is cleaner, yes, but you aren't tampering with authorised user's data .....

1
2
Silver badge

Re: I'm wondering

http://bash.org/?202477

4
0
Silver badge

Re: I'm wondering

@AC

"if someone's using your WiFi without permission - which iirc was the purpose of the upside-down-ternet? - then they've committed the unauthorised use and intrusion, not you? THe disconnect thing is cleaner, yes, but you aren't tampering with authorised user's data ....."

Well yes, but that's common sense speaking.

And indeed there might be no harm attributable to someone dealing with unauthorised access this way BUT, I would never do this because it would open a (small) potential legal liability. Not in disrupting someones service but in you potentially being responsible for what those people access and do over your connection.

Consider that a key claim of the plaintiff's in the MPAA Roadshow vs iiNet case was that iiNet was responsible for any illegal actions of the people using their network because they had the visibility to identify offending traffic and the power to stop it.

If you had a claim against you for, say sharing copyrighted content over you connection, your ability to assert that you are not liable due to the infringement being conducted by an unauthorised person utilising your connection would be likely be hampered if it was shown that you not only had mechanisms in place to control access to the connection but that some of those mechanisms were put in place specifically to detect and affect unauthorised users and traffic.

Maybe you would still be successful in that argument but I would think it would be a much harder sell!

2
0
Silver badge
Childcatcher

Re: I'm wondering

Yeah, my first thought was that this would be perfect for mobile man-in-the-middle attacks. Just drop a few of these off wherever targets with low technical ability but who have deep pockets happen to hang out (e.g. Starbucks) and it would pay for itself in no time.

3
0

Re: I'm wondering

Would it be possible to spoof a connection and deliver a mocked up error page saying "Get a life" or something like that?

Something like a 404.1 - Life not found.

Most likely causes:

There is an error in your brain.

If you clicked a link, you may be out of date.

Things you can try:

Growing up.

Cutting off that silly beard.

Going outside without your phone to search for one.

10
0
Silver badge
Devil

Re: I'm wondering

You would be getting into legally questionable territory with spoofing.

Would proxying be a problem? You're not altering the data, or redirecting the connection, just adjusting the connection speed.

Full WiFi speed in, 56k out.

0
0

never going to give you up

Or a proxy replacing the uploaded photo or video with another?

1
0
Silver badge

Re: I'm wondering

@Stoneshop

If you are 'adjusting the connection speed', on what basis are you doing so? The point is that to do anything to access you classify as unauthorised, you must first identify what that is. And if you have done that and can then affect it, you could also block it and a plaintiff (i.e. the RIAA/MPAA) may well argue that you have proven that you could have blocked the traffic and thus prevented anyone else using your connection for illegal activities. BUT YOU DIDN'T.

I think that concept - that you should be responsible for what others do through your connection - is f%$king absurd but that doesn't mean that it wouldn't see you in a harrowing legal battle to prove that. You would probably win the case but proving that you at least had the capability and technical knowledge to block the traffic would make such a case far more likely to pass muster.

0
0

Re: never going to give you up

Or a proxy replacing the uploaded photo or video with another?

Better yet, adapt the idea of upside-down-ternet, and use ImageMagick to mess with the photo that's being uploaded. You could do something obvious, like overlay it with amusing text; something subtle, like a mild Gaussian blur ("Man, all my selfies from the festival are crap! I need a new phone."), or something in the middle - like UDT's flipping the image upside down ("How wasted were you? You were holding the phone upside down the whole time.")

Oh, the possibilities. Overlay part of the image with an extreme closeup of a fingertip. Mess with the gamma. If you really want to spend some computing power, do face-identification, then swap faces on the people. (This last is doable - I've seen automated face-swapping done on images. Results are hilarious.)

I have to stop thinking about this. It's too damn tempting.

Though, now that I think about it, I don't know whether any of the clients for these services can be coaxed into downgrading to insecure connections, or into accepting server certificates they shouldn't. So MITMing them might not be feasible. (UDT only worked with unsecured HTTP, which was fine because nearly everything that wasn't commerce or banking was unsecured in those days.)

0
0
Trollface

Re: I'm wondering

My favourite jape was by the guy who discovered his neighbours were leeching his wi-fi connection, so he redirected their traffic via a proxy that turned all the images upside down.

I setup one of these once but directed any page requests to the local Apache server and Rick Rolled them... Great fun watching the kids going from the school bus stop in the afternoon looking for Wi-Fi.

0
0
Silver badge

Re: I'm wondering

I think this is about using such a device in a place like a public library where the wi-fi is not encrypted. So the signal from your box is being mistaken from the signal from the library's wi-fi system that you're connected to.

The solution is, of course, to switch to encrypting the wi-fi, and just arrange in a different way for everyone to be able to use it.

0
0
Silver badge
Happy

the most worthwhile DIY projects

are nearly always built 'out of nothing more than off-the-shelf components and "questionable life choices." '

34
0

Re: the most worthwhile DIY projects

I have a couple of houses that were largely constructed from off-the-shelf components and questionable life choices. (By choosing them I am following the tradition, of course.)

0
0

I want one to block facebook and whatsapp

Imagine how productive could humans beings be without those two time wasters.

2
0
Silver badge

Re: I want one to block facebook and whatsapp

You will destroy life as we know it!

I want one too.

Most of the management droids at my company use wartsapp and complain constantly because I'm not a 'Team Player' and they have to use other means to contact me with their meaningless little notices, the HR bloke being one of the most irritating and least useful.

I am in a team of one, perfect for me.

24
0
Silver badge

Re: I want one to block facebook and whatsapp

"the HR bloke being one of the most irritating and least useful."

By definition.

25
0
Silver badge

Re: I want one to block facebook and whatsapp

HR is not most irritating and least useful but most verminous.

0
0
Bronze badge

Re: I want one to block facebook and whatsapp

Imagine how productive could humans beings be without those two time wasters.

Add in Twitter and I'll wholeheartedly agree.

0
0
Anonymous Coward

Re: I want one to block facebook and whatsapp

Just be a refusenik and say NO to all anti-social media sites.

Block them at your home router. The family when they come visiting will stay a lot less time... Yay!

Your life will be a lot less stressful because you aren't constantly checking to see what your so called friends are saying about you... How we existed before Facebook etc I really don't know.

These sites are just as addictive (IMHO) as drugs. People once hooked find it almost impossible to get off them.

That's why they are blocked on my home WiFi.

Refuseniks Rule Ok!

6
0
Silver badge
Mushroom

Re: I want one to block facebook and whatsapp

>I want one too.

But imagine if some nark added forums.theregister.co.uk to the list....

1
0

Re: I want one to block facebook and whatsapp

"That's why they are blocked on my home WiFi."

It's your WiFi and you're obviously free to block whatever you want. Stopping other people visiting sites that they want to does sound a bit like control freakery though. So you're stopping your wife/girlfriend/boyfriend and or children (if you have any of them) visiting sites that you don't like. When other people are using your WiFi then you are to a certain degree being their 'ISP by proxy'. Wouldn't you moan if your ISP blocked access to sites you wanted to go to?

2
1
Silver badge
Thumb Down

Re: I want one to block facebook and whatsapp

When other people are using your WiFi then you are to a certain degree being their 'ISP by proxy'.

My router, my rules. Also applies to ad networks trying to route packets in.

If people are paying for connectivity, they can expect sites to be blocked or not according to their wishes. If they don't, tough shit.

1
1

Re: I want one to block facebook and whatsapp

Imagine how productive could humans beings be without those two time wasters.

I doubt there'd be a significant difference. The historical record shows that human ingenuity is virtually unlimited when it comes to wasting time.

Not that this forum is any sort of evidence for that thesis, of course. We're doing important work here. Important work.

1
0
Silver badge
WTF?

Interesting and eclectic choice of targets

"In this case it's Instagram, things like political Islam, men's wedges, and rugby."

I have to admit that on my mental Venn diagram of social media users, politicised Islamists and rugby players, there's not a huge amount of overlap.

Hipsters/Islamists... other than epic beards, do they have much in common?

Is Daesh going for the "we were cutting peoples' heads off and throwing gays off buildings before it was cool" excuse?

7
0

Re: Interesting and eclectic choice of targets

"I have to admit that on my mental Venn diagram of social media users, politicised Islamists and rugby players, there's not a huge amount of overlap."

Are you sure about that? Rugby players, yes, but ISIS and Daesh are huge users of social media for recruitment to their causes, so much so that the Pentagon thinks it's a big enough problem to oppose with counter-propaganda.

There's quite a bit of overlap there, and the potential of this device to thwart those efforts cannot be understated!

I would say the chap who invented this thing is likely to get a visit from some men in black suits and dark sunglasses pretty soonish...

1
0
Silver badge
Facepalm

Re: Interesting and eclectic choice of targets

> after 15 years of wrecking the middle east

> daesh (which happens to be the same as ISIS btw) in need of ideological recruitment

> implying

The Pentagon ALWAYS thinks that there are huge problems that need to be opposed with counter-propaganda which is somewhere between annoying (complete amurrica-centric bullshit being foisted on unsupecting locals) and frankly toxic (enabling nasty nazi bastards and/or pretending to see sovietsPUTIN wherever unamericanism mushrooms), thus becoming a huge fucking problem for mankind.

3
1

Re: Interesting and eclectic choice of targets

These men, you mean?

0
0

That was fast...

This is the same (basic) activity that got a major hotel chain in the US in trouble. They were sending deauth packets to personal hotpots and it get them a hefty fine from the FCC. Part of the problem was that they were turning around and trying to *sell* the same people access to the hotel WiFi.

Interesting choice of hardware, though. The Pi0 has be out for less than a week.

5
0
Silver badge

Re: That was fast...

While that's true, they were in a fixed location and had complaints. If you have one of these devices in your pocket and trigger it randomly, you probably won't get caught. I'm sure the manager at the local Starbucks will just assume there's some problem with the Wifi or the customer's equipment.

2
0
Silver badge

Been Done

Didn't some US hotel get on the wrong side of the FCC for pretty much doing this? They were sending deauth packets to anything trying to use a mobile hotspot in the hotel in an attempt to encourage everyone to pay to use the hotel WiFi instead. All this guy has done is slimmed it down and made it more selective about what it attacks.

0
0
Anonymous Coward

Re: Been Done

The hotel chain was trying to force users to connect via their expensive hotel connection.

This is not doing that by a long chalk. I'd love one of these in my Backpack. Walk along the road with a 'No social media bubble' surrounding you. Brilliant.

Sigh, one can dream can't one?

8
0

Re: Been Done

You know... manipulating the image itself would be so much more fun.

0
0
Pint

a 'No social media bubble'...

Brilliant!

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017