[HN Gopher] Intelligent Reflecting Surfaces prevented 95% of wif...
___________________________________________________________________
Intelligent Reflecting Surfaces prevented 95% of wifi attacks
Author : giuliomagnifico
Score : 64 points
Date : 2022-05-30 17:27 UTC (5 hours ago)
(HTM) web link (www.mpg.de)
(TXT) w3m dump (www.mpg.de)
| nonrandomstring wrote:
| This seems to be adding noise in the spatial dimension. However,
| we know that it's possible to remove added noise using
| statistical methods, so observers using passive RF monitoring may
| eventually adapt their algorithms. Ultimately, TEMPEST-like and
| illumination threats require shielding, and that's expensive in
| building materials and work.
|
| If this became sophisticated enough though, it could be used to
| simulate false positives, so simulate human presence in a room,
| throw off the observer or create unreliable evidence. Those are
| useful counter-surveillance capabilities on their own.
| wolverine876 wrote:
| > it's possible to remove added noise using statistical methods
|
| How do the economics work out on the measures and
| countermeasures? I would guess that not all noise costs the
| same to remove.
| nonrandomstring wrote:
| It's a cat and mouse game as you probably surmise. What the
| surveillant wants is a clear signal with features
| corresponding to known information. The surveilee tries to
| send noise that most closely mimics those features, so the
| signal is lost in, and cannot be separated from, that noise.
| The adversaries each try to find a space unknown to the other
| (much like cryptography - cryptanalysis) (and undiscoverable
| by the other in a viable timeframe/information set)
|
| For example, speech was traditionally though to be well
| masked by white noise. But modern filter technology makes
| short work of removing broadband noise even if the signal is
| fully buried in it. Instead we now use speech-like fragments
| as an adversarial mask, as close to the speaker's spectrum
| and timing as possible.
|
| In terms of computational cost it's not a big deal. If it
| _can_ be removed it probably can in real-time by a well
| equipt agent.
| transpute wrote:
| Is there a Metasploit equivalent for wireless cat-and-mouse
| games? If not, what would it take to start one, e.g. live
| CD with pre-configured GNU radio code/plugins that is
| compatible with low-cost and USRP SDRs? An awesome-wifi-
| sensing list could be a starting point for aggregation of
| OSS projects.
| nonrandomstring wrote:
| I've no doubt you can do all the necessary number
| crunching in Octave/Matlab to implement things like a
| time-domain reflectometer - the DSP is well known in
| domains like seismology for prospecting, artillery
| ranging and calculating room shape from sound, as with
| the image source method.
|
| I think the hard part for an amateur lab is antenna
| stuff. I am not an RF engineer, nor have I read the
| linked papers in detail, but I'm guessing that to do this
| well you need phased arrays or multiple directed YAGI
| style elements - because all the methods I know from
| acoustics use multiple microphones, often closely
| calibrated etc.
| transpute wrote:
| There's hundreds of papers on attackers using Wi-Fi
| sensing, but almost none on defenses,
| https://dhalperi.github.io/linux-80211n-csitool/#external
| transpute wrote:
| Counter-measures project, https://github.com/ansresearch/csi-
| murder/
|
| _> The experimental results obtained in our laboratory show
| that the considered localization method (first proposed in an
| MSc thesis) works smoothly regardless of the environment, and
| that adding random information to the CSI mess up the
| localization, thus providing the community with a system that
| preserve location privacy and communication performance at the
| same time._
|
| Have you seen any public code or papers on counter-counter-
| measures, i.e. noise removal?
| nonrandomstring wrote:
| Not for this RF application, no. I'm basing my remarks on
| what I know from audio/acoustics, where noise removal is
| pretty much grist for the mill in telecoms, forensic
| acoustics, medical instrumentation, cleaning up recordings
| etc.
|
| Take a look at Wiener and Kalman filters, blind
| deconvolution, warped polynomials... indeed there's a great
| many approaches.
| O__________O wrote:
| Paper's name is, "IRShield: A Countermeasure Against Adversarial
| Physical-Layer Wireless Sensing" -- and maybe downloaded here:
|
| https://arxiv.org/abs/2112.01967
|
| YouTube of the presentation at the "43rd IEEE Symposium on
| Security and Privacy" is here:
|
| https://m.youtube.com/watch?v=CeXy_KriHEk
|
| Other presentations from the same event are here:
|
| https://www.ieee-security.org/TC/SP2022/program-papers.html
| transpute wrote:
| Industrial radiant barrier with aluminum on one side and white
| vinyl for aesthetics on the other side is about $0.25/sq.ft. in
| the US. Available perforated or impermeable vapor barrier. When
| grounded, it can be used to shield walls from external
| surveillance of human activity. Doors and windows require more
| effort.
|
| Intro to shielding: https://www.eiwellspring.org/shielding.html
|
| DIY faraday cage:
| https://mpkb.org/home/special/emf/whitezones/faradaycage
| amluto wrote:
| As a word of advice, if want a Faraday cage because you want to
| to protect yourself from electromagnetic hypersensitivity, then
| by all means, knock yourself out following those directions.
| Preferably not literally, because, as noted in the links, lack
| of airflow will hurt you rather more reliably than EMI.
|
| But if you want to actually keep EM radiation in or out in a
| measurable way (and WiFi sensing is the epitome of
| measurability), then I recommend learning about shielding from
| a professional.
|
| Professionals, by and large, don't believe the electromagnetic
| hypersensitivity exists, at least not in the form that those
| webpages discuss.
| transpute wrote:
| What does EMF shielding have to do with airflow?
|
| Radiant barrier is perforated with small holes for airflow,
| which don't affect shielding performance at lower frequencies
| like 2.4Ghz/5Ghz, which can pass through walls. mmWave Wi-Fi
| radar (e.g. 60Ghz 802.11ad) doesn't propagate well through
| walls. There is conductive mesh for open windows and some
| existing window insect screens are made of conductive
| material that effectively blocks EMF.
|
| Indoor air quality can be monitored, with or without EMF
| shielding.
| PaulHoule wrote:
| They put in some insulation between my kitchen and my wood shed
| which has a metal foil layer on it. WiFi waves are effectively
| blocked on it and if I want to use WiFi in the wood in the
| summer I plug in a Ubiquiti AP and a powerline network adapter
| there.
| teruakohatu wrote:
| I think our building code in New Zealand no longer allow foil
| insulation on new buildings for electrical safety reasons.
| samstave wrote:
| The safety of the Electronic Surveillance State is threatened
| by foil insulation, thus we will ban it :-)
| transpute wrote:
| Foil insulation should be grounded, both for electrical
| safety and EMF shielding performance.
| causality0 wrote:
| _Intelligent Reflecting Surfaces prevented 95% of wifi attacks_
| is not only not the original title, it is also misleading. The
| article is about preventing the use of wi-fi sensing to track
| individuals inside their homes. The correct title is _Preventing
| eavesdropping via the Internet of Things_
| transpute wrote:
| Most consumers are not familiar with Wi-Fi sensing, which can
| be used to remotely monitor keyboard typing, human heartbeats
| and other business or home motion by humans and pets. The 2024
| launch of IEEE 802.11bf Wi-Fi 7 Sensing will make "X-Ray
| Vision" accessible to hundreds of millions of consumers
| globally, unless nation-state regulators intervene. E.g. the
| introduction of radar sensing on 2.4Ghz/5Ghz/60Ghz could be
| delayed until local construction/building codes are upgraded to
| define standards for wireless shielding.
|
| Prior discussion: https://news.ycombinator.com/item?id=30172647
|
| Intel (2020) presentation on Wi-Fi 7, slides #19 and #20
| describe Wi-Fi Sensing,
| https://www.intel.com/content/dam/www/public/us/en/documents...
| samstave wrote:
| Assume a building with zero wifi in it.... Can't an enemy
| simply place wifi routers of its own around the building and
| monitor what they want freely from their own radios?
| transpute wrote:
| Yes, of course. The threat is from wardriving/neighboring
| wireless devices outside building walls, whose radio waves
| (2.4Ghz) penetrate the walls of your business or home. This
| can be done today with $20 ESP32 devices and custom
| firmware, the difference with Wi-Fi 7 is that it will be
| built into consumer routers and sold as a feature for
| monitoring humans (babies, elderly, security, Minority
| Report-style 3D gesture recognition combined with VR/AR 3D
| room models from iPhone/iPad Pro lidar).
|
| Through-wall Wi-Fi sensing potentially affects anyone who
| types a password into a computer without 2FA, or uses a
| physical safe with combination lock or electronic button.
| Many physical door locks are not secure, so an intruder can
| enter a building once without detection, to perform a
| detailed 3D scan of the interior for correlation with
| external Wi-Fi sensing observations.
|
| e.g. here is a photorealistic 3D model of an apartment in
| San Francisco, generated by an iPhone Pro lidar interior
| scan by an AirBnb customer, https://poly.cam/capture/C0EBFF
| E1-FF80-49FC-B308-A8A3E67930F.... If Wi-Fi 7 Sensing
| becomes widely available, the interior 3D lidar+photo scan
| could be combined with an exterior 3D radar scan of the
| interior. Do AirBnB hosts know their properties can be
| 3D-scanned?
| jalk wrote:
| But still a tinfoil hat for the house :-)
| SketchySeaBeast wrote:
| They all laughed because of my lead paint. Well who is
| laughing now?
| [deleted]
| PaulHoule wrote:
| I know that Russian anti-aircraft radars like this one
|
| https://www.radartutorial.eu/19.kartei/06.missile/karte013.e...
|
| have a set of phase-shifting reflectors that steer the beam that
| goes in and out of a feedhorn. That particular radar, the "Big
| Bird" has a similar mission to the radar on the US Patriot
| missile in that it is particularly effective for ballistic
| missile targets that come in at a high angle.
|
| It operates in quite a few modes, as a phased array antenna it
| can send the beam in different directions without the antenna
| moving but this loses effectiveness as the angle moves far away
| from normal... So most of the time it spins around with feedhorns
| on both sides active and scanning in both directions at once.
| Alternately it can stop moving and tilt back to optimize the
| performance in a particular direction.
___________________________________________________________________
(page generated 2022-05-30 23:01 UTC)