U.S. Markets closed

How to Use Your Cat to Hack Your Neighbor’s WiFi

Yahoo Tech

Coco, modeling the WarKitteh collar. (Gene Bransfield)

Late last month, a Siamese cat named Coco went wandering in his suburban Washington, D.C. neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ WiFi networks, identifying four routers that used an old, easily broken form of encryption and another four that were left entirely unprotected.

Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a WiFi card, a tiny GPS module and a battery — everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or WiFi mooch with, at most, some simple crypto-cracking tools.

Read: What Exactly Is in McDonald’s Famous French Fries?

In the 1980s, hackers used a technique called “wardialing,” cycling through numbers with their modems to find unprotected computers far across the Internet. The advent of WiFi brought “wardriving,” putting an antenna in a car and cruising a city to suss out weak and unprotected WiFi networks. This weekend at the DEF CON hacker conference in Las Vegas, Bransfield will debut the next logical step: The “WarKitteh” collar, a device he built for less than $100 that turns any outdoor cat into a WiFi-sniffing hacker accomplice.

Skitzy the cat. (Gene Bransfield )

Despite the title of his DEF CON talk — “How To Weaponize Your Pets” — Bransfield admits WarKitteh doesn’t represent a substantial security threat. Rather, it’s the sort of goofy hack designed to entertain the con’s hacker audience. Still, he was surprised by just how many networks tracked by his data-collecting cat used WEP, a form of wireless encryption known for more than 10 years to be easily broken. “My intent was not to show people where to get free WiFi. I put some technology on a cat and let it roam around because the idea amused me,” says Bransfield, who works for the security consultancy Tenacity. “But the result of this cat research was that there were a lot more open and WEP-encrypted hotspots out there than there should be in 2014.”

Read: How the Smartphone Completely Changed Journalism

In his DEF CON talk, Bransfield plans to explain how anyone can replicate the WarKitteh collar to create his own WiFi-spying cat, a feat that’s only become easier in the past months as the collar’s Spark Core chip has become easier to program. Bransfield came up with the idea of feline-powered WiFi reconnaissance when someone attending one of his security briefings showed him a GPS collar designed to let people locate their pets by sending a text message. “All it needed was a WiFi sniffer,” he says. “I thought the idea was hilarious, and I decided to make it.”

His first experiment involved hiding an HTC Wildfire smartphone in the pocket of a dog jacket worn by his co-worker’s tabby, Skitzy. Skitzy quickly managed to worm out of the jacket, however, losing Bransfield’s gear. “It was a disaster,” he says. “That cat still owes me a phone.”

The WarKitteh collar with its components and wiring removed, with a dollar bill for scale. (Gene Bransfield)

Bransfield spent the next months painstakingly creating the WarKitteh, using Spark’s Arduino-compatible open source hardware and enlisting Nancy to sew it into a strip of cloth. When he finally tested it on Skitzy, however, he was disappointed to find that the cat spent the device’s entire battery life sitting on his co-worker’s front porch.

Read: 4 Easy Steps to Toughen Up Your Passwords

Coco turned out to be a better spy. Over three hours, he revealed 23 WiFi hotspots, more than a third of which were open to snoops or used crackable WEP instead of the more modern WPA encryption. Bransfield mapped those networks in a program created by an Internet collaborator, using Google Earth’s API. The number of vulnerable access points surprised Bransfield; he says that several of the WEP connections were Verizon FiOS routers left with their default settings unchanged.

Though he admits his cat stunt was mostly intended to entertain himself, he hopes it might make more users aware of privacy lessons those in the security community have long taken for granted. “Cats are more interesting to people than information security,” Bransfield says. “If people realize that a cat can pick up on their open WiFi hotspot, maybe that’s a good thing.”

More from Wired

• Unexpected and Cool Shooting Targets Used by the World’s Armies

• Why You Always Seem to Choose the Slowest Line

• This Simple To-Do List App Is Getting Rave Reviews