Kill Your Airbnb's Hidden WiFi Cameras With This Script
Visiting someone's home shouldn't mean tacitly consenting to having your every move recorded.
Image: Screenshot of Dropcam app
The Internet of Things is here, and in many ways it's already catapulting us into the nightmarish future that dystopian science fiction writers predicted.
But while always-connected home devices may be en vogue, most sane people still believe that visiting someone's house or staying at an AirBnB shouldn't mean tacitly consenting to, say, having your every move recorded and broadcast over the internet by a WiFi camera.
Enter dropkick.sh, a script by countersurveillance artist Julian Oliver that finds any Dropcam or similar WiFi-connected camera on a local network and disconnects it.
"I was pretty horrified to read of so many (women in particular) having their privacy strategically abused, enabled by this new family of devices," Oliver told Motherboard in a Twitter DM, referring to several stories that have come out in the past year about people discovering Dropcams and other internet-connected devices secretly spying on them. "I thought now's the time to sit down for an hour and push out a script."
Dropkick.sh is a slight tweak of glasshole.sh, another of Oliver's scripts which gives the boot to Google Glass users by blacklisting a range of hardware MAC addresses unique to those devices. Neither require you to know the WiFi network's password. As long as you know or can guess the wireless access point's name, the script will be able to de-authenticate the devices using aircrack-ng, an open-source network monitoring suite.
Oliver was prompted to write the script after mine and artist Adam Harvey's insistence on Twitter, but the need for something like it has been more pressing lately.
Earlier this week, a German woman sued her AirBnb host, as well as AirBnb itself, after she and her partner discovered they had been secretly recorded by a security Dropcam during their month-long stay in California two years prior.
Another woman, staying with a male former co-worker in Los Angeles while looking for a job, told Fusion her voyeuristic host was peeping on her with another hidden Dropcam, whose red indicator light had been covered with duct tape.
Oliver says the script "should do away with the need to rummage around in other people's stuff, racked with paranoia, looking for the things," evoking a scene that's similar to things I've actually done during past AirBnB stays. Even if the camera isn't "hidden" per se, it makes for a strong statement that you have a right to not be recorded in private spaces.
The script requires access to a UNIX-style command line, so you'll need to be running either Linux or Mac OS X to get it running. For a much more user-friendly solution, Oliver also sells the Cyborg Unplug, a plug-and-play network device which automatically detects and disconnects a range of internet-connected surveillance devices including Dropcam, Google Glass, and WiFi-enabled drones.
Unfortunately, running the script or using the plug on someone else's network might run afoul of communications law in the US; a change in FCC regulations earlier this year reclassifies de-authentication like the kind performed by Oliver's tools as a form of wireless "jamming," which can carry severe criminal penalties. Asserting your right to privacy is a good thing, but as always, proceed with caution.