Imagine a cat as a parasitic mobile hotspot, breaking into insecure WiFi networks, amplifying the signal, and broadcasting it from a unique collar that includes a Raspberry Pi board, WiFi dongle, and a power bank.
Siegel, a student at the University of the Arts Bremen, came up with the idea for such a project when enrolled in a class last summer. He says that while the project is “playful and slightly ironic,” it addresses serious Germany’s “outdated privacy, Internet, and copyright policy.” Under a German law known as Störehaftung, WiFi providers can be liable for copyright infringement if someone else downloads questionable material while logged into their network. As a result, Germany lags far behind its neighbors and the United States when it comes to WiFi access.
The Cat Exploit project not only highlights and exploits weaknesses in digital infrastructure as well but also demands free WiFi in cities, Siegel says. Although he says it “definitely fits in” with the IoT, the intent of the project was more critical than pragmatic.
When asked if the technology might have practical applications, Siegel jokes that it might be used to involve pets in drug trafficking. “Theoretically one could also attach a small box [to the cat’s collar] that pops up to drop its content at specific locations or after receiving a digital payment,” Siegel says. “I was also considering this approach but found it a bit too much and not in my original intention. Would have been fun to try this though.”
It is fitting that the class Siegel for which he designed the project is named “Hacks and Hoaxes.” While enrolled in the class last year, Siegel says in an email that his “approach was to achieve something parasitic or symbiotic that (ab)uses animals living in the urban area.” “There are plenty of animals living with and around us unnoticed, being able to enter hidden and closed-off areas. I wanted to use this huge advantage and have others benefit from it. Since I found out about hackable WiFi infrastructure in a prior project, it was just obvious to combine these things.”
Siegel had come up with a sketch for the idea after hearing about a device called the Crow Box, a vending machine designed for crows. “I really like the idea of training animals for something useful while both parties benefit from,” Siegel says. “As Crow Box demonstrates there is a great potential for animals in urban areas to be integrated into city life.”
He was also inspired by a 2014 Def Con talk from security researcher Gene Bransfield titled “How To Weaponize Your Pets.” Bransfield had a similar idea about using cats to hack WiFi and created a custom collar for the task he called “WarKitteh” that was featured in Wired.
Siegel rigged up a harness for his project made of thin Vivak acrylic. Along with the Raspberry Pi board, a power bank, and other hardware, the entire harness weighed roughly 250 grams.
He chose Pi because of its relatively small form factor and the fact that it can support wardriving software and run the appropriate scripts. “I’d have preferred the Pi Zero, but it is quite impossible to get one in Europe,” he says.
Once he had the harness rigged up, he tested it on a colleague’s Maine coon cat named Cosmo.
Cosmo’s collar succeeded in identifying WiFi networks with poor security and breaking into them. “A pretty simple script scans for WiFi networks over and over again in short intervals,” Siegel says. “One can read the SSID (name of the WiFi network) and identify its encryption (WPA, WPA2, or none), plus, the device can find hidden networks.” Siegel found a script for breaking WiFi encryption after doing a simple Google search.
After Cosmo’s hardware finds an unsecure WiFi hotspot, it can amplify it to the point that anyone within 650 feet can use access it.
Siegel quips on his website that cats could be trained to “linger inside areas with high network coverage” to enable activities like sharing files and information anonymously.
When asked what he had learned about the current state of WiFi security in Bremen, Siegel concludes: “People should update their router software and use proper encryption. Oh, and don’t share private stuff in public folders.”