Of Body Armor, Handcuffs And Fluke Networks' AirCheck

In the IT media business, you tend to see a lot of press releases. The majority of these are informative but benign, and seldom make you do a double-take. Then there’s "Law Enforcement Uses Fluke Networks’ AirCheck Wi-Fi Tester to Help Combat Child Pornography." While I approve of the sentiment behind the title, a couple of the points made in the release bother me.

A few weeks back, the annual Crimes Against Children Conference was held in Dallas. A few thousand attendees from law enforcement, child protective services, social work and other related disciplines gathered to share knowledge on protecting society’s most vulnerable group. The list of exhibitors at the conference included a fair number of computer- and network-related vendors.

As a father and frequent consultant to local law enforcement efforts, I’m glad that this sort of gathering takes place and that those professionals in the various related trenches fully realize that child exploitation has a significant technical component to be reckoned with. At the same time, the AirCheck press release shows that it’s easy to make potentially faulty decisions based on assumptions and lack of depth in knowing what you’re really up against.

Quick back story: Fluke Networks puts out some amazing test equipment and network appliances for both wired and wireless environments. I have several of its products, and have kicked the tires on many more. Fluke is the same company that now owns the Air Magnet wireless support tool line, and the AirCheck tester puts a lot of wireless environment analysis capability in the hands of those who wield it. But it takes more than just a good tool, especially when it comes to entering suspected criminals’ homes based on what you think you’re seeing on any analysis platform.

Getting back to the press release, I do agree with Fluke Network’s claims that AirCheck is a breeze to use for non-techies and those actually in the Wi-Fi network game alike. And I do agree with Sergeant Dave Mathers of the City of Martinez PD who said “Combating the growing threat of child pornography on the Internet is a nationwide priority” and that the AirCheck (and in my opinion, a number of other tools as well) can help quantify the technical lay of the RF space where bad guys work their misdeeds. But let’s get to what’s flawed about this press release.The release states that AirCheck allows law enforcement agencies to "more confidently enter the suspect’s location, if they determine a wireless network is secured, knowing that illegal content is being downloaded from within that residence," and that AirCheck can help pinpoint both the WLAN source and attached clients. Both of these claims are OK, to a point. And what’s beyond that point is pretty important when men and women with badges and guns act on the intelligence provided by low-cost wireless test equipment.

On the topic of simply locating a wireless network or clients: I have yet to find a tool that I’d have enough confidence in, based on signal alone, to simply walk up to a door and say "It’s in here" without a few passes on the suspected location and trips to the floor above and below. Doing it from a vehicle? Fat chance, beyond the coarsest of accuracy. In a busy apartment building or similar environment, this can be time-consuming. And if you’re not an experienced "fox hunter" (signals direction finder), there are plenty of ways to be thrown off course during the process.

As far as assuming that a "secure" network means that only the clients in the domicile where the network is located can be up to no good, this is simply reckless. Everyone from George Ou to Josh Wright has covered the ease with which wireless pre-shares can be cracked if you know what you’re doing. And before the door gets busted down, hopefully the cops doing the analysis are relying on more than just the AirCheck leading them to potentially faulty assumptions. The real perp could be two doors down or in the next building over with a high-gain antenna, having cracked the network security with tricks he learned on YouTube.

Don’t get me wrong. I’m tickled that police agencies are using the same tools that WLAN administrators are leveraging for different reasons. At the same time, the tool itself is only as good as the accompanying knowledge of the person using it. If Fluke Networks is going after law enforcement agencies as a new customer base, I hope it is also doing the responsible thing: It should be helping to train cops to know what they’re really looking at and what may not be obvious on the WLAN, and how to corroborate what seems to be in play--for everyone’s sake.