King Fisher WIFI Sniffer

There are devices in the market and on open source that can be used to scan your existing WIFI. Most of these devices require the device to connect to the scanning device and are being used as hacking tools.

Existing technology

  • WIFI Pine apple – A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests. A Wi-Fi Pineapple can also be used as a rogue access point (AP) to conduct man in the middle (MitM) attacks.
  • Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic.
  • Sparrow-WIFI has been built from the ground up to be the next generation 2.4 GHz and 5 GHz WIFI spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on Linux.

There is great need to find a solution that could use this technology without intercepting privacy. Most phones have the capability to randomize mac addresses. Like the iPhone, by default uses this function for any WIFI network. When it comes to Android phones, there are still sending real mac addresses but randomization can be activated. The phone presence can still be detected as it sends mac addresses, even when there are randomized.

There is still research out there to find a complete solution to combat such technology. Regina Analytics Ltd Pvt had partnered with Guerrilla Security Solution to develop a prototype to explore such technology.

Together they have developed a “King Fisher WIFI Sniffer” with the following functionality

  • Listens to beacons and identifies device mac addresses, the device does not need to connect to network being used, the mac address is picked when devices are looking for a WIFI network
  • All the mac addresses available are processed, dividing the ones the ones connected to the network and the ones searching for the network, the data is send to the mttq broker for further analysis
  • The system has 2 areas for analysis, present detection and intruder detection
  • Level 1 (present detection), the mac addresses of phones/devices that are to be identified are listed and their presence is detected as the device get in the range of the sniffer network . The sniffer is able to identify their presence upto 200m using mac addresses.
  • Level 2 (intruder detection), the rest of the mac addresses of the devices around, are classified in a list of known and unknown devices. When an unknown mac address or new address mac address is identified a notification is send to your phone via home assistant.
  • All unknown mac addresses are saved into a database for tracking
  • There is a dashboard available to show the summary of the process in real time
  • WIFI Sparrow can be added  to the solution. It works with devices connected to the network for further analysis,  management use, location of devices etc. The WIFI Sparrow has capabilities of adding a drone that can scan available devices connected to the network
  • More sniffing can be done using Wireshark to see the data packets and activities for the WIFI. We can also manipulate further the analysis using Kismet

How King Fisher WIFI Sniffer avoid randomization

  • For presence detection, the devices which needs to be listed can manually remove the randomization for that specific network
  • This means, the solution is only targeting devices that has people’s concern to be analyzed
  • The main feature for the device is to use a known and unknown list

RSSI (Received Signal Strength Indicator)

A measurement of how well your device can hear a signal from an access point or router. It’s a value that is useful for determining if you have enough signal to get a good wireless connection.

RSSI can be used to detect the signal strength of the device, thus it could be used to detect the distance and location of the device.

 

Why using WIFI

We are moving towards the era of WIFI as it is becoming cheaper and most phones WIFI is always on. This R&D is taking advantage of the technological advancement of having WIFI connectivity around. Given the right permission, the technology can be used to track and recover stolen devices using mac addresses. There is more that can be used to explore WIFI technology using such technology.

Usage of this device

  • On  a farm for security
  • Stand alone home residence for security
  • Industrial site which needs monitoring, as an additional tool for management
  • Retail store for customer loyalty program, as an addition tool for management

GSM detection

The King Fisher WIFI Sniffer full solution comprises of the GSM and WIFI analysis. More studies are being made to detect GSM signal. When the intruder is detected an SMS can be send to warn the intruder.

The first layer of a complete solution of a GSM and WIFI scanner is finished King Fisher WIFI Sniffer. The module prototype is being polished up to be deployed in the market.