To obtain further information or a copy of Flying Squirrel / Orb-weaver, please contact firstname.lastname@example.org
Flying Squirrel is a Government-off-the-Shelf (GOTS) software application developed by the U.S. Naval Research Laboratory to provide real-time discovery, analysis, and mapping of IEEE 802.11a/b/g/n wireless networks.
With the advantages that wireless technologies provide, many organizations are seeking the means to securely integrate wireless capabilities into their networks. In an effort to standardize wireless security for the purpose of detecting, and thus deterring, unauthorized wireless activity, the Department of Defense (DoD) Enterprise-Wide Information Assurance and Computer Network Defense Enterprise-Wide Solutions Steering Group (ESSG) identified the need to enhance network security through the employment of a Wireless Discovery Device capability.
To enhance the security posture of DoD networks, Flying Squirrel provides real-time wireless discovery, integrated visualization and mapping, and post-hoc analysis capabilities. These capabilities are provided in Flying Squirrel (interchangeably referred to as Flying Squirrel Wireless Assessment Tool Suite) via the Flying Squirrel, Caribou, Woodchuck, MeerCAT-FS, and Orb-weaver components.
Flying Squirrel (FS) is designed to run on a standard laptop on both Windows and Linux operating system (OS) platforms and can detect and segregate wireless transmitters that are acting as a WLAN client or Access Point (AP). Unlike many wireless discovery tools, FS is at no time connected to the organization’s network in order to operate. Instead, it employs passive detection to identify wireless stations or AP’s operating within a geographic area on a real-time basis. FS also provides a real-time integrated visualization and mapping capability called Woodchuck, which allows users to generate a “Radiation Field (RF) Map” based on the signal strength information for any selected transmitter. With this RF-map, users can conduct basic geo-location by visual inspection.
To compare and analyze multiple FS data capture sessions, MeerCAT-FS can be launched as a plug-in from within FS or from its desktop icon, to perform further post-hoc analysis. By utilizing its key features, such as time trend analysis, wireless topology, profile filters, and communication patterns, the operator can turn Flying Squirrel’s wealth of data into meaningful, actionable information.
To aid in performing wireless discovery and mapping of wireless transmitters indoors, Caribou provides FS position information using inertial measurement sensors in the absence of a global positioning system (GPS) signal. This ruggedized (3”x1.25”x2.5”) device integrates seamlessly with FS, requiring the operator to simply clip the unit to their belt, plug in the USB cable, and pick a starting location. The sensor data is transferred to FS via USB.
Bluetooth exhibits most of the same vulnerabilities inherent to wireless systems in general. A Bluetooth transmitter sends signals across free space to any receiver, legitimate or not, located within range. Vulnerabilities associated with the legacy Bluetooth cryptography have been known for a long time. Problems like "bluejacking," "bluebugging" and "Car Whisperer" have turned up as Bluetooth-specific security issues. Flying Squirrel uses the Ubertooth One to passively scan for Bluetooth devices.
Running on a standalone network, Orb-weaver provides continuous wireless monitoring for Wi-Fi, cellular, and Bluetooth devices. Orb-weaver can be deployed using a combination of sensors: Ubiquiti UniFi (AP or AP Pro) for Wi-Fi, and/or Flying Fox for cellular, Wi-Fi, and Bluetooth detection. The passive cellular detection capability provided by the Flying Fox sensors promote compliance with organizational policies such as “no cell phone” policy.
- Easy-to-use graphical interface with both Windows and Linux
- Supports 802.11a/b/g/n
- Real-time protocol analysis
- Cloaked network discovery
- Arbitrarily filter, search, and sort networks
- Statistical analysis of captured network traffic
- Customizable report generation
- Real-time signal strength interpolation
- Real-time drive path & logical network visualization
- Integrated Geographic Information System (GIS)
- Google Earth™ KML export
- Filter networks by geographic area
- Blueprint overlay
- Built-in reporting
- Time trend analysis
- Wireless topology
- Mission correlation
- Communication patterns
- Compare wireless scans across locations and time
- Big picture overview; drill-down for detail
- Visual tracks of threat locations: geographic and in-building
- Profile filters highlight suspicious behavior
- Inertial, magnetic, and barometric sensors for indoor tracking
- Built-in GPS for outdoor tracking
- Ruggedized enclosure - 3 x 1.25 x 2.5
- Tilt compensated compass
- USB powered, no need for batteries
- Easily mounts to an operator's belt
- Sensor data is transferred to Flying Squirrel via USB
- Blueprint overlay into Flying Squirrel
- Operates on a standalone Flying Squirrel network segment that utilizes multiple sensors spread throughout the monitoring area
- Each sensor independently scans through an area for wireless activities
- All sensors coordinate with Flying Squirrel to localize the device
- Displays the estimated location of the device, along with other visualizations such as radiation fields
- Detects and decodes the following Mobile Subscriber Identity (MSI) TMSI, IMSI, IMEI, S-TMSI, P-TMSI, S-RNTI, U-RNTI in transmissions from cellular devices.
- Exceptionally sensitive RF receiver capable of detecting and decoding cell phone transmissions
- Supports RF survey of environment to determine which cellular technologies and carriers are present
- Able to detect and decode the specific radio messages sent from a cell phone to a cell tower during the initiation of a connection
- Supports self-calibration mode for improving accuracy of location estimates.