A Lesson In Scaremongering

Writing for Wired, Lily Hay Newman writes an awfully misleading opening paragraph:

HOW MANY PEOPLE specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you're using a Windows laptop or PC you could add another group to the list: the CIA.

The operative word there is could, but it reads more like a fact than a possibility. Functionally, the sentence should include a second if statement and read more like:

"you could theoretically add..."

I'm sorry, does anyone in America not think it's theoretically possible one of the various spy agencies knows their location at any given moment?

Back to the situation at hand.

The agency infects target devices with malware that can then check which public Wi-Fi networks a given computer can connect to at a given moment, as well as the signal strengths of those networks. From there, the malware compares the list of available Wi-Fi options to databases of public Wi-Fi networks to figure out roughly where the device is.

This sounds complex, especially with all those givens, but all that paragraph actually states is if a computer recognizes a public Wi-Fi network, then it would be possible to know where that public Wi-Fi network is located. You know, because it's public.

If you click on the Wi-Fi symbol of your computer, you will see the list of all the available networks near you. If you live in a single family residence, you will likely only see your own personal networks. This information would not be in a public registry and so this technique would not be useful in the slightest. If you live in an apartment-esque situation, you'll see a ton of networks, but again, there is no registry for the random names people give their personal Wi-Fi networks, so  this technique still would not be helpful.

Well, what if you're in a commercial district? Now you see Starbucks' WiFi every few blocks, and these are the networks which can be used to gather positioning information. Using the word "technique" seems a bit much, this is just using Google and Microsoft's database of public Wi-Fi networks.

The article goes on to talk about how the exploit is from 2013, and has been shown to work on Windows 7, but that experts agree it would be trivial to expand to every Windows release. Well, OK, except in Windows 10, attempting to access this information would require the user to accept a pop up prompt. Now certainly many many people would blindly accept that pop up, but suddenly this isn't the same covert operation being implied.

"This technique has been done and known about for a long time," says Alex McGeorge, the head of threat intelligence at the security firm Immunity. “It’s like give me all the information from the radios on your [device] to try to get a better fix on your location.”

So now you get a quote from a researcher that makes this sound super creepy with the phrase: "give me all the information", but really, what exactly does this quote add to the article other than it's attribution? Yes, computers have access to the information they have access to, thank you for your interest.

Ok, so the CIA (or anyone really) could know where your computer is if they know which Wi-Fi networks are available to your computer, even if you haven't joined them. So how exactly is the CIA, or anyone, getting this information? Well, here's the kicker:

The technique requires exploit tools (methods for taking advantage of unpatched bugs in computer software) to give the CIA access to the target device in the first place.

Let's rephrase this for Hollywood: "This information is only available if the computer has already been compromised (hacked)". As the article admits in the very next sentence:

And at the point where the agency can install ELSA malware on the device, they presumably also have access to do a host of other aspects of the computer in question.

Yes, if you have already compromised the computer, than you can access ANY information on the system. Of course, not mentioned is that even if the computer was compromised, this technique is only valuable if the malware also has a method of phoning home. So, you know, a fully compromised machine, a botnet if you will.

In other words, all this ENTIRE article is saying is that you can use the directory of public Wi-Fi networks to find out the location of those networks.

Wired, you should be so much better than this.