I wanted to write up a detailed document on the process of triangulating the location of a mobile/cell phone user based on tower signals, but can’t really find too many concrete information sources, so here’s a short list of bits and pieces that I have come across to whet your appetite, and a basic outline of the process that I’ve pieced together using my own understanding of how things tie together.

Digital Spy Forums

Interesting thread about phone location determination, levels of data and its use in commercial services.

Mobile Phones, Locate Thyself!

Article in ‘Network Magazine’ talking about the wonderful commercial applications of geographically aware mobile phones… doesn’t appear to mention anything about the horrendous possibly privacy invasions etc 😛

Where RU

Where RU is a commercial phone locating service which is marketed at offering “peace of mind, knowing where your family and colleagues are at any time”.

My details/write-up coming soon.

This is a pretty interesting (and rather serious) article about some vulnerabilities in bluetooth-enabled mobile phones. It talks about SNARF and BACKDOOR vulnerabilities and roughly how to exploit them. Also provides some links to related tools and what-not.

Read the article on bluetooth vulnerabilities…

Well, appropriately, I’m making this post from my laptop, sitting on my couch (well actually I’m getting my couch tomorrow, but sitting on what currently passes for my couch), wirelessly connected back to my ADSL modem and off to the ‘Net.

I got a comment from John Abbe and when I checked his site I realised that he didn’t know exactly where I was coming from (physically), so I grabbed Indy Junior (yes, I paid for a ‘license’ – you should to – it’s great!), looked up my location on The Getty Thesaurus of Geographic Names On Line and put this together, which should show you exactly where I am located, as well as give you my co-ordinates (very approximate).

Again… I want GPS so I can map all my stumbling properly! I think I might be able to get access to completely GPS-synched maps, so I should be able to do some pretty funky things if I can just get the GPS unit and hook it up with Net Stumbler. Anyway – here’s the map and ‘ords.

Well, I needed a ride, and I hadn’t scanned for any networks lately, so I thought it’d be a good chance to combine the two and try something new. I rigged up my laptop with a new power profile, whacked in the headphones, slapped it all in my backpack and rode off into the night (being 8pm and all) to stumble for networks through the middle of Perth (expecting it to be a relative hotspot).

I wasn’t disappointed with my findings, and below is a small, standardised summary according to the format that I’ve used in other stumbles. I’ve also included a map of the ride route, with a few interesting points marked on it for reference.

• 31 different SSIDs scanned
• 59 unique MAC-addressed nodes scanned
• 32 WAPs encrypted with WEP [54%]
• 7 WAPs using what appear to be default SSIDs [12%]

As you may notice, the percentage of WAPs using WEP is much higher than previous stumbles, and the percentage of default SSIDs is much lower. I would most likely attribute this to the commercial nature of the majority of these nodes (see ride route below), which went through the main business street of the city. I suppose at least some businesses are securing their networks 🙂

A couple of interesting observations from the results;

• 3 ‘WesWiFi’ devices were located when passing Wesley (private school); all of which were NOT encrypted
• An SSID called ‘HayStNet’ was scanned, which sounds like a rather ‘community’ sort of a thing, but it was encrypted, so I wonder what it is
• Cino To Go 182 has a WAP, which is not encrypted, and I am assuming that it provides public Internet access (marked on map)
• The Chifley Hotel appears to provide free/public Internet access as well, since their SSID is ‘Chifley Public Wireless Internet’ (marked on map)
• Posh Nosh, a cafe at the West end of St George’s Tce, provides access via the HotSpots network, but it’s paid access, and from memory is something like $20 for 2 months!

I will definitely have to go for another war-ride soon, it was very fun indeed. There are a few things to watch out for;

1. Heat: I stopped 3 or 4 times on this relatively short ride for a little break, but also to take my laptop out of the bag and let it cool down a little bit. Being in the enclosed space for that long means that it heats up.
2. Power Profile: I customised a special power profile for handling my laptop, which basically tells it to never hibernate or suspend the drive, but to turn off the LCD screen and keep running when the lid is closed, with the CPU running in ‘battery-saving’ mode. This way, I can close it all up and tuck it away in the bag without worrying about it suddenly going to sleep 🙂
3. Damage: Be very careful riding around on a bike with your laptop in a backpack – if you fall off, think about how you land, you really don’t want to roll in any way, or fall directly on your back, because your laptop will most likely be crushed.
4. Headphones: Getting the volume level takes some tweaking, and it’s kind of hard because it needs to be up louder so you can hear it while riding, but when you slow down or stop it will be very loud. It also gets a bit much if you have 16 APs dinging away at you all at once (like I did!), so you might be better of turning off the MIDI mode in Net Stumbler
5. GPS: Just thought I’d mention it again – I really want one 🙂

Ok, that’s enough for now – more write-ups later on some more of my equipment, namely my backpack and laptop, which I realised I haven’t really talked about yet.