TV Licence Wi-Fi detector vans

joeyjojo said:
Is GD leaking? Do some people regularly search for "tv licence" threads just to write ****posts? Weird.
Click to expand...

Feel free to add educated speculation in how this technology might provide reliable evidence for those watching over WiFi or expand on why it is infeasible to do this.


Edit: Just had a thought, I'd put distinctive upload bursts in the client, sent to a multicast address rather then back to the server. The problem with this though, is the wifi adapter on the client will be weaker then the wifi access point so even harder to detect from outside the home.
 
Last edited:
Trifid said:
In a closed lab? Out in the real world, outside of exterior brick walls with a van parked a few meters away in the street with other devices also consuming bandwidth on your wifi network plus all the noise from any other wireless networks plus noise on the same frequencies? And basing it on timing of data being sent from the BBC with allowances for latency and jitter across the internet and on your wifi connection? Hmmm...
Click to expand...

Why would any of that be a problem? It’s been done before with freely available software to download being used to identify Skype calls passing over encrypted Wi-Fi without cracking the Wifi password. I fail to see why the same process cannot be used for Live TV streams.

Like I said before I had to use a network protocol analyser at work once and was surprised at how much data you can see via packet sniffing. Unless we are talking flats then most of the time its easy to work out which Wireless belongs to which house. Its easy to filter out the other wireless networks and focus on that the data packets for that one wireless. Next you use filters to sort though the packets from the target network. If the target is using outdated security like WEP its scary how fast and easy it is to view the data. Seen it done in 3 to 4 minuets for all the data to be viewable.

EDIT: I don't see how they can prove who was watching but it seems doable to prove someone was watching.
 
Last edited:
Trifid said:
Feel free to add educated speculation in how this technology might provide reliable evidence for those watching over WiFi or expand on why it is infeasible to do this.
Click to expand...

So I had a think through and I think it's actually technically possible, you can easily dump the traffic from a wifi network, that's not up for dispute and with a directional antenna and the right radio hardware you could do so from some distance.

If, for instance, an iplayer stream included a sequence of predictable packet sizes at a regular interval (i.e. something like, if every two minutes it sent a 10 byte packet, followed by a 35 byte packet followed by a 51 byte packet) then the chance of that repeatedly occurring randomly, in that sequence, is extremely small (like, if the sequence is 10 packets long then the chances get into the billion to one range...).

Also keep in mind TV licensing could possibly enforce fines under civil law rather than criminal in theory, where the burden of proof is lower for them.

It would actually be fairly difficult to circumvent as well, even if you used a VPN or padded the traffic in some other way the pattern would continue, just offset.

Obviously, not using wifi would be the obvious option, though if they got the client side to send the sequence to a broadcast address then unless your wifi and wired networks were completely separate then it would leak out and be detectable.

The best defence appears to actually be a legal one - if you have a TV license you are licensed to watch TV on a mobile device anywhere, so if you say 'oh my friend was round and he was watching iplayer on his phone connected to my wifi' (and he has a TV license) then there's sod all they can do even if you don't have a license... (though, that depends on them believing you...you might end up in court trying that one if they don't)
 
I think it needs a legal viewpoint on whether capturing packets from a network you don't have permission to access would class as a wiretap, which is what formed the basis of the complaint against Google looking at unsecured Wi-Fi traffic in the US.
 
Providing the BBC magic van could sniff and identify packets being sent over a wifi link, they'd than have to prove that "their" packets were being terminated by a device you were responsible for.

If your iPlayer equipped TV is cabled to your broadband/media supplier's modem, the BBC have no chance unless they supplier allows them packet tracing access. Which none will.
 
I don't think you can simply identify packets like that with most encrypted transfers though in the real world? sure in a lab maybe where you are controlling the conditions but in a system that has mixed traffic wouldn't it be bundling a lot of stuff into the encapsulated packets with the actual packets of data respective to each application pretty much impossible to distinguish without decrypting the whole lot?
 
Pottsey said:
Unless we are talking flats then most of the time its easy to work out which Wireless belongs to which house. Its easy to filter out the other wireless networks and focus on that the data packets for that one wireless.

EDIT: I don't see how they can prove who was watching but it seems doable to prove someone was watching.
Click to expand...

They can obviously determine the name of the wireless network, if they were serious about enforcement then if they have a block of 10 flats, there are 8 with TV licenses and 9 wifi networks with people watching iplayer then determining of which of the remaining two the wifi belonged to would not be hard

A laptop, directional antenna and wonder round the building would give enough evidence for them to take it further, of course the TV license people have no right of entry, they'd have to request the police come help out, but they *could* do so.

Of course, that kind of investigation doesn't scale and they'd likely go for the low hanging fruit and not bother investigating further in that scenario.
 
Terminal_Boy said:
Providing the BBC magic van could sniff and identify packets being sent over a wifi link, they'd than have to prove that "their" packets were being terminated by a device you were responsible for.

If your iPlayer equipped TV is cabled to your broadband/media supplier's modem, the BBC have no chance unless they supplier allows them packet tracing access. Which none will.
Click to expand...

Not true entirely, if the client sent broadcast packets out of a predictable size and frequency, unless your wireless was a separate broadcast domain (and basically no home wifi is...) then it would leak to the wireless and be detectable...

Also, detecting and sniffing packets being sent over wifi is trivial...there is no need to break encryption for this to work.

Make no mistake, this is entirely technically possible...
 
bigredshark said:
Not true entirely, if the client sent broadcast packets out of a predictable size and frequency, unless your wireless was a separate broadcast domain (and basically no home wifi is...) then it would leak to the wireless and be detectable...

Also, detecting and sniffing packets being sent over wifi is trivial...there is no need to break encryption for this to work.

Make no mistake, this is entirely technically possible...
Click to expand...

They'd still have to prove that the device terminating the stream was on your property.
 
Rroff said:
I don't think you can simply identify packets like that with most encrypted transfers though in the real world? sure in a lab maybe where you are controlling the conditions but in a system that has mixed traffic wouldn't it be bundling a lot of stuff into the encapsulated packets with the actual packets of data respective to each application pretty much impossible to distinguish without decrypting the whole lot?
Click to expand...

No, see my longer post, but while the source, destination and contents are hidden by encryption, the size of the packet isn't. If you vary that in a predictable fashion at a predictable interval (not hard) then that's enough a fingerprint...

Packets don't get bundled together in normal circumstances, they get passed on as they are. I'm absolutely confident I could build a proof of concept of this working on a laptop in a few hours with tcpdump the more I think about it...
 
Terminal_Boy said:
How would they deal with networks where the SSID isn't broadcast and access is controlled by MAC address?
Click to expand...

The frames still exist in the air complete with the layer 2 addresses, only the payload is encrypted. Wi-Fi isn't a secure tunnel to each device.
 
Terminal_Boy said:
They'd still have to prove that the device terminating the stream was on your property.
Click to expand...

If it's connected to your wifi network (which they can show...the name is visible outside the encryption) then that's one avenue, as is a highly directional antenna...

For a house, between the two it would be trivial to prove to the satisfaction of a court that it was in a given property...and again, keep in mind they don't necessarily need 'beyond reasonable doubt' here, they could probably fine people on 'balance of probabilities' - see http://www.duhaime.org/LegalDictionary/B/BalanceofProbabilities.aspx)
 
bigredshark said:
No, see my longer post, but while the source, destination and contents are hidden by encryption, the size of the packet isn't. If you vary that in a predictable fashion at a predictable interval (not hard) then that's enough a fingerprint...

Packets don't get bundled together in normal circumstances, they get passed on as they are. I'm absolutely confident I could build a proof of concept of this working on a laptop in a few hours with tcpdump the more I think about it...
Click to expand...

Surely though that would only be useful if there was zero other traffic from the hosts in question..
 
bigredshark said:
No, see my longer post, but while the source, destination and contents are hidden by encryption, the size of the packet isn't. If you vary that in a predictable fashion at a predictable interval (not hard) then that's enough a fingerprint...

Packets don't get bundled together in normal circumstances, they get passed on as they are. I'm absolutely confident I could build a proof of concept of this working on a laptop in a few hours with tcpdump the more I think about it...
Click to expand...

Seems like a bit of a security vulnerability if an external user can distinguish the streams for different applications separately - I always assumed that at the most basic level the data sent over a protocol would be combined upto the max packet size and indistinguishable.
 
Regarding VPN use, I seem to recall that the packets are fixed length.

As for the new WiFi detector vans, I think they will be used in the same way the TV detectors were:-

1 Publicise the presence of vans operating in an area to frighten people into buying a license.
2 Attempt to trick any remaining none license holders into admitting they were using the iPlayer illegally by falsely claiming they have proof from their high tech WiFi detector vans.
 
ov_sjo said:
Surely though that would only be useful if there was zero other traffic from the hosts in question..
Click to expand...

No because you're only looking for very specific length packets with certain timestamps on. You can ignore the rest.

The trick would be to generate a pattern of packets that would stand up to legal scrutiny as being a unique fingerprint of your particular streaming service, and convince people that capturing Wi-Fi frames was legal in the first place.
 
Terminal_Boy said:
How would they deal with networks where the SSID isn't broadcast and access is controlled by MAC address?
Click to expand...

Not broadcasting the SSID is a completely useless security measure in every way, it's absolutely trivial to circumvent because the protocol was absolutely not designed for the SSID to be obfuscated, for wireless to work it has to broadcast packets over the radio and they have to contain enough data to distinguish them to their clients....otherwise it would fall apart the moment you were in range of more than one network...
 
ov_sjo said:
Surely though that would only be useful if there was zero other traffic from the hosts in question..
Click to expand...

A predictable sequence, say 10+ packets long...even in the background of other traffic, the chances of a very specific sequence happening at a predictable interval are so small it'd be in the same range as DNA for false positives...so it'd be good enough as evidence...
 
You must log in or register to reply here.
Back
Top Bottom