If there is one thing we know about the people around us, even the perfect strangers, it's that they almost all have smartphones. And those smartphones aren't merely passive receivers, they're broadcasting constantly, looking for things you might want to connect to.
Advertisers have exploited the electronic noise that smartphones make for years, using it to track people in places like shopping malls. But now a security researcher has used the same idea to detect if you're being followed.
Matt Edmondson had the idea for the tool when a friend of his, who also works for the government, expressed concerns about being tailed when meeting a confidential informant who had ties to a terrorist organization. Although the friend is skilled at escaping those following them by car, he was looking for "an electronic supplement".
"He was worried about the safety of the confidential informant," Edmondson explained to Wired.
Edmondson wears many hats. He served as a federal agent for the US Department of Homeland Security for 21 years; he is the founder of an infosec consultation company; a hacker; a certified SANS instructor; and a digital forensics expert. Suffice it to say, he has the skills and experience to create something that would make someone safe using parts that don't cost much, some open-source Python code, and a Raspberry Pi.
Edmondson presented his project at Black Hat on Thursday. His talk, Chasing Your Tail With a Raspberry Pi, touched on how he assembled the anti-tracking device, the challenges encountered when building it, and some best practices to consider, including creating an ignore list for friendly smartphones, and the importance of randomizing your MAC address (the rarely-changed identifier that allows others to track your smart phone).
The anti-tracking device works by scanning for wireless devices and checking if these have been present within the past 20 minutes. Unlike tools made to scan stationary devices, Edmonson’s machine was designed to scan moving ones. This is necessary as the act of tailing requires movement.
The device can fit in a shoebox and is in a waterproof case. It has a Wi-Fi card that runs Kismet (a popular wireless network detector), a portable charger, and a touchscreen where the user sees alerts. Each alert solidifies the possibility that one is being tailed.
“It’s purely designed to try to tell you that you’re seeing something now that you were also seeing a few minutes ago,” Edmondson says. “This isn’t designed to follow people in any way, shape, or form.”
Edmondson pleads with the tech community to take digital tracking and surveillance seriously. “It was really kind of disheartening and depressing to look at the ratio of tools to spy on people versus tools to help you not get spied on,” he says.