How to Use Your Cat to Hack Your Neighbor’s WiFi
Coco, modeling the WarKitteh collar. (Gene Bransfield)
Late last month, a Siamese cat named Coco went wandering in his suburban Washington, D.C. neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ WiFi networks, identifying four routers that used an old, easily broken form of encryption and another four that were left entirely unprotected.
Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a WiFi card, a tiny GPS module and a battery — everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or WiFi mooch with, at most, some simple crypto-cracking tools.
In the 1980s, hackers used a technique called “wardialing,” cycling through numbers with their modems to find unprotected computers far across the Internet. The advent of WiFi brought “wardriving,” putting an antenna in a car and cruising a city to suss out weak and unprotected WiFi networks. This weekend at the DEF CON hacker conference in Las Vegas, Bransfield will debut the next logical step: The “WarKitteh” collar, a device he built for less than $100 that turns any outdoor cat into a WiFi-sniffing hacker accomplice.
Skitzy the cat. (Gene Bransfield )
Despite the title of his DEF CON talk — “How To Weaponize Your Pets” — Bransfield admits WarKitteh doesn’t represent a substantial security threat. Rather, it’s the sort of goofy hack designed to entertain the con’s hacker audience. Still, he was surprised by just how many networks tracked by his data-collecting cat used WEP, a form of wireless encryption known for more than 10 years to be easily broken. “My intent was not to show people where to get free WiFi. I put some technology on a cat and let it roam around because the idea amused me,” says Bransfield, who works for the security consultancy Tenacity. “But the result of this cat research was that there were a lot more open and WEP-encrypted hotspots out there than there should be in 2014.”