Little black boxes.  Check.  Raspberry Pi Model A computer.  Check.  Over-the-counter sensors.  Check.  WiFi adapters.  Check.  Command and control system.  Check.  Now you have all the things you need to build your very own CreepyDOL.

What’s a CreepyDOL you ask?  It’s a small device that is able to spy on people on the street.  It can tell a person’s movement, say if he recently visited a coffee shop, what websites he browsed, if that person purchased anything online.

So how does the spying go down?

Brendan O’Connor, the creator of this creepy device, stated that a person need not do anything to be spied on, since people’s mobile devices provides all the information a spy needs.

Before you go on thinking that O’Connor has violated people’s rights, he didn’t — at least not on purpose.  O’Connor spied on himself to test his little invention.  He was able to pick up unique identifiers connected to his iPhone and iPad when he connected to public WiFi.  But even if he didn’t connect to public WiFi, the fact that his iPhone pinged the iMessage server to check for new messages, the CreepyDOL was able to sense his presence.  So O’Connor’s little gadget may or may not have “sensed” other people, but don’t worry, he didn’t do anything with it.  Plus a federal law called the Computer Fraud and Abuse Act prevents him from deliberately snooping around.  But it doesn’t mean it can’t be used to wreak havoc.

“It eliminates the idea of ‘blending into a crowd,’” Connor states.  “If you have a wireless device (phone, iPad, etc.), even if you’re not connected to a network, CreepyDOL will see you, track your movements, and report home.”

Too easy to spy

O’Connor states how easy it is to spy on people and that all the data is just floating around, unsecured, and can be easily accessed by anyone with the right knowledge.  Different sites leak different informations.  One can leak your email address, your date of birth, or age, or even your gender.

“Security wasn’t built-in inherently in some of these technologies when they came to be, originally, that wasn’t really a big piece of it.  And… applications aren’t doing a great job of encrypting things that could give information away.  This could tie into a bunch of things: how WiFi itself works, how DHCP works, how applications are communicating all the time.  Yes, there are changes that are overdue and will be quite welcome,” SiliconANGLE Contributing Editor John Casaretto explains, “but this would be something that would be difficult.

“It would take some widespread, addressing some of these weaknesses that have been found on this project.  Those kinds of things would go a long way and I think that it’s a pretty important work that O’Connor has put out here,” Casaretto continues.  “In looking at the nature of how we’re becoming more mobile, more connected and in this public situations and things like that, how much information we’re actually transmitting and how much of it is unencrypted, it starts to move towards a state where we’re actually starting to do more about security in terms of that leaking that information.”

Since the CreepyDOL is small, it can be placed anywhere, and that’s why it is so troubling.  Also, it seems like there’s nothing we can do to protect ourselves from this kind of intrusion since connecting to a VPN from a public WiFi leaves you open even for just a few seconds, which means the CreepyDOL can see you.

If a security researcher is able to do it for $57, who’s to say that the government doesn’t have anything like this already deployed and is being used to spy on people in the streets?

photo credit: laverrue via photopin cc