‘Wifi Whisperer’ Siphons Your Data in the Creepiest Way Possible
If you’re connected to a wireless network, odds are high that little bits of data are trickling out of your device like water from a leaky faucet. “Our phones leak data in a bunch of different ways,” says artist Kyle McDonald. “Sometimes it’s really insidious or unexpected.”
Recently at Moogfest, a music and technology festival in Durham, N.C., McDonald with the help of fellow artist Surya Mattu created an installation called WiFi Whisperer that called attention to all that data your phone is giving away for free. As festivalgoers walked past the installation, the artwork grabbed insecure data and display it on monitors, while a hidden speaker whispered the stream of data—what networks you’ve recently connected to and websites you’ve visited, for example—like a creepy, demon-voiced Big Brother. “It’s sort of like looking over someone’s shoulder,” says McDonald, “except you’re doing it without actually looking over their shoulder.”
The artists built sniffers made from eight Raspberry Pis and wireless antennas, tuned to the different frequencies of open wireless channels. “We know where the data is in the air,” McDonald explains. “Normally these packets are getting sent from one device to another, but there’s no reason you can’t just stand nearby and listen to that same data as though you were the device it was intended for.”
By partnering with Festify, Moogfest’s wireless internet provider, the artists were able to grab even more data—things like the names of networks you were previously connected to, your device’s MAC address, the host name of your laptop or phone, the server your http traffic is aiming for, and even text from whatever website you’re visiting. “You can see exactly what articles people are looking at,” McDonald says. “You can see exactly which comment they’ve thumbs-up’d.”
Businesses have actually used this kind of data to build consumer profiles. In 2012, Nordstrom began tracking the wifi signals emitted from shoppers’ phones, to pinpoint their location in the store. Nordstrom argued it was simply the brick and mortar version of what online retailers do with cookies. Consumers didn’t agree, and Nordstrom ended its experiment. Analytics companies like Euclid and Nomi use what they claim is anonymous data to figure out exactly where customers go and how many customers leave without buying something. Fairly practical information, you might think. The issue, McDonald says, is that most of us don’t even realize we’re broadcasting personal information.
McDonald says people have two main responses to the project: “This is creepy’ and ‘What should I do about this?’”. McDonald tells people there are some simple steps they can take to reduce the amount of data they leak. First, he suggests, you should disable wifi and Bluetooth when you’re not using them. Next, don’t connect to unprotected wifi networks. And finally, if you really want to be safe, use a virtual private network, which will help safeguard against HTTP traffic leaking but not against hardware and network-level leaking. McDonald adds that it’s important to know if the apps you’re using are HTTPS encrypted, which prevents the kinds of data leaks he’s exploiting. Most apps are securely encrypted, though some of the traffic that flows into and out of apps like Instagram and Facebook is not.
When McDonald first began making security related artwork, he felt it was the artist’s responsibility to raise awareness of what was happening. That perspective has shifted over the years, especially in our post-Snowden era. Now, he says artists don’t need to be whistleblowers; rather, he believes they need to help people understand the immediate impact of security issues. “I realized that whistleblowers are good at raising awareness, and artists are pretty good at something else,” he says. “Which is giving people direct experiences of things.”
Jump to original: