Can I silence the foreign WiFi with an unused faraday bag I have from a previous need? Let's find out!

A Faraday cage is a enclosure used to block electromagnetic fields. You use it for shielding, for safety, etc. In a nutshell you make sure that there is conductivity all the way around the thing you are protecting at the frequencies in question. The higher the frequency, the smaller the holes you can have.

Recently I wrote about the plight of the foreign WiFi in my home. I have 2 devices that enable their WiFi transmitters as access points, but are not connected to my network. 1 relates to my home security system, and 1 relates to my wife's work from home setup.

The latter is a bit of a pain, it has a strong transmitter on both 2.4GHz and 5GHz. They are unused other than to cause noise. On the 2.4GHz band, there is only 3 channels, and each of these devices is chirping away on one of them lowering the noise floor.

On the 5GHz band, although there is a lot more spectrum and channels, only a few of them are actually great because of DFS (radar avoidance), see the list here. And of course, this device is eating one of the good channels at -40dBm.

So, can I use a Farraday bag I have left over from a previous need to muffle it? Let's try.

Bag removed from storage, I assess the problem. The Aruba device will fit, but it has 3 Ethernet cables and 1 power cord to it. Frustratingly the industrial design is the device has no flat side, one Ethernet cable exits the middle of the back, 2 from one end, and the power cord from a side. The remaining sides are slipper and rounded. It fits ok into the bag, but, as you probably guessed from the foreshadowing of "the higher the frequency the smaller the hole size" above, its hard to create a great seal with the four cables exiting differently.

After some scrunching it around and playing w/ the WiFi power meter, yes, it was somewhat successful. On the 2.4GHz band we managed to get it to -53dBm from -35dBm measured at 6m. On the 5GHz band we managed to get it to -61dBm from -45dBm at the same distance. Is this enough to matter? Well, not really. It still renders those channels less than usable. The combination of the lack of seal plus the cables acting as unintentional antenna are blocking the approach.

Somewhere in my collection of stuff I have some ferrite coils, I might have a few that are cat-5 sized and be able to reduce the antenna affect. Hmm... its a big collection.

I guess I can hold off and try another approach, maybe get some copper foil and tape and make a box of some sort.

Anyone have any expierence with this? I mean, the easy solution involves a screwdriver, open the lid, solder the antenna to ground 🙂 But its not my device. The antenna are internal to it so I can't just do the same on the SMA connectors.

PS I highly recommend these Faraday bags for your laptop sleeve. They are no bigger or heavier, they are tough, and they give you added protection. Give it a go.

In MacGyver’in up an IP phone I wrote about the great success in re-deploying an Orange PI and some wire to become a wireless bridge for my wife's work-from-home setup.

Sadly there have been some unreliability in the system. My WiFi meter shows the Aruba device she is equiped with constantly broadcasts on Channel 10 Wifi and Channel 36 WiFi (despite not using the WiFi, it just chatters away anyway). And this proved a problem for a couple of reasons:

  1. More RF noise makes less reliability all around
  2. It overlaps with the nearest Access Point to her, increasing the affect on her system
  3. You should not use Channel 10 in 2.4GHz (use 1/6/11 only, I talked about this in WiFi: going from good to great is very hard)

So, I decided to redo it. I purchased a Wavlink WL-WN575A3, a dual-band wifi repeater. They are a dime a dozen, quite a few out there in the $40-$80 range. I purchased this on a couple of assumptions:

  1. It would likely run OpenWRT (spoiler: it does, based on MediaTek MT7628AN)
  2. dual-band means I could use the 5G as an upstream and the 2.4G as a downstream if I had to (never use a wifi repeater where it has a single radio).
  3. It would have adequate antenna diversity to improve the overal signal strength and resilience

So, repeater acquired I set it up. Installing OpenWRT was a breeze. I then disabled the 2.4GHz wireless, set the 5G wireless to my house WAN, moved the 2 Ethernet ports to a LAN bridge, boom, we are done.

Was it a great success? Yes I think so. Signal rate is -77dBm, noise floor is -100dBm, so the SNR is ok.

I would really rather the Aruba would turn off its transmitters (both), but, workaround achieved.

Now, this brought up an interesting dilemma. You see, the Aruba widget she was sent home with is an IPSEC VPN. They wanted you to plug the laptop into it as well as the phone. Previously we had the phone there, but the laptop was on the (guest) WiFi, and she would VPN it in directly. So, the general Internet speed of the laptop is now *lower*. Why? Because all traffic trombones through the company, our downstream (1Gbps) is throttled by their upstream (seems 90Mbps).

But, she doesn't have to start/stop her VPN.

Is this a good tradeoff?

From a security standpoint, no.There is an Ethernet jack in our house on their corporate network. Zero-Trust would be better, get rid of this VPN.

From a employee happiness standpoint? Maybe. She will have a worse experience doing video conferencing and youtube and browsing. But she will have a better experience with (what is that horror, is it a 3270 terminal emulator? its some text-based interface run in a shell, probably AS/400?) their built in tools.

This is the patio next door to our office, allowed to open this evening. They've marked out the tables and entry. The excitement is palpable. Up to 4 per table, all from same household, 2m between tables, it won't be exactly the same as in the times of PC, but... Progress!

While working on my latest video (https://www.agilicus.com/risk-vs-reach), I came across this bank, www.surugabank.co.jp.

  • Uses HTTP by default? Check.
  • No Content-Security-Policy? Check
  • No Secure Cookies for Session? Check
  • No HTTP Strict Transport Security? Check
  • No XSS protection? Check
  • Uses RC4 for cipher? Check
  • TLS1.0 and 1.1? Check
  • No Forward Secrecy? Check
  • Poodle? Check

Is this a real bank? Or some fake page to trap security investigators? It does seem like it is the investor relations and corporate site of a real bank, one which is not instilling much confidence in me.

Oh yeah, my new video. Its at the bottom (and I go through some more detail on the associated blog post on my company blog). Please consider subscribing to the YouTube channel. Or better yet, follow the company on LinkedIn, it helps a lot!