Credant, a UK firm that sells data encryption tools, claims thieves sniff Wi-Fi in laptops stored in cars: I've been letting this percolate for a couple of days in my head, and would appreciate comments from those of you who know the nitty-gritty. Credant is claiming that thieves can use Wi-Fi detectors to find laptops in cars that have Wi-Fi active, because some laptops don't go to sleep for 30 minutes after the lid is closed or sleep is activated. (Thus, Credant says you need to have encryption software installed to prevent access to data, rather than, say, fix your system or add a car alarm.)
[Update: Eric Lai has a terrifically detailed article at Computerworld that addresses many of the questions below.]
Here's my problems with this scare-via-press release:
- I don't know of any operating system and laptop combo that keeps a machine awake for long after the lid is closed unless the OS is highly misconfigured or there's an error.
- Wi-Fi detectors don't pick up clients to my knowledge, only beacons from access points. (If a client were running XP in its old, bad mode in which ad hoc network names were being advertised, perhaps the laptop would be detectable.)
- Laptops in a case in a car would produce very little detectable signal, and the Wi-Fi detectors I'm aware of have very little directionality. 2.4 GHz sniffers with two antennas might be far more reliable.
- Apple's Wake on Demand feature relies on a Wireless Multimedia Mode (WMM) option which I have no idea how widely implemented it is beyond Mac OS X 10.6 (Snow Leopard). Wake on Demand keeps a tiny bit of juice fed to the Wi-Fi module to listen for a wake command from an Apple base station, but I don't believe the adapter is broadcasting.
Any other ideas? Or is this just plain scaremongering?
Seconded on the "nothing stays awake half an hour". As far as wifi detectors go, Kismet detects clients just fine, and cheap keychain detectors just use 2.4ghz and don't have any clue about packets/APs/clients, they'll light up fine for anything.
It still seems like a bunk claim, though.
This is about as ludicrous as the folks who believe you can unlock your car remotely via Wi-Fi.
Some folks will believe anything, but what is worse, a company is spreading this information and will make money from the scam.
Glenn - I work electronic counter surveillance for a government contractor. We routinely track down WiFi clients using a combination of Mac wardriving gear and WiFi detectors. If a client is on the air and not connected to an AP, we can very easily track it down and do. WiFi is not allowed in certain areas of our facility, an area about a mile square.
I can see a situation, where you could wardrive a parking lot and pickup a computer in the lot. I do agree that the computer would have to be badly misconfigured or deliberately misconfigured. We've seen that too.
So from a threat situation, I would consider this very low. When I travel, I leave my MBP in the vehicle and not in my hotel room. I have some control over the vehicle and basically none on the room.
If WinXP is configured not to go to sleep mode when lid is closed (not default), then WiFi will still be active for however long its configured for. Some companies have this configuration intentionally.
You can then pick up beacons from the laptop and see which networks it is configured to connect to automatically - and then setup a fake access point to which the client will connect to. Then you`ll be able to sniff all the traffic, and possibly connect to the computer - if you acquire login credentials. A prerequisite is that the network is without any encryption setting.
The beacons which the laptop sends (which SSID it autoconnects to) can be picked up by software like Airmagnet WiFi Analyzer.
Or if its configured to do ad-hoc you might also be able to connect to it, but almost no clients are configured that way.
Also the WiFi signal (2,4 or 5 GHz) will easily penetrate the car and will likely broadcast the signal in a radius of about 20-50 feet around it, if no other obstructions are there.
So it is possible but a lot of non-standard settings need to be set first, and also probably more time than the laptop will be online.
Or did I miss something essential here?