Skip to content
Naked Security Naked Security

“You gotta touch the banana” for Wi-Fi access, says sys admin

The Lord of the Fruit Flies swore he wouldn't change it, brown funk be damned, but Bossman has since reportedly eaten the Raspberry Pi-rigged password dispenser.

Here’s how it worked: The banana was wired to a Makey Makey circuit board and a cheap Raspberry Pi computer that dispensed an 8-hour personal password for guests to access the company’s captive Wi-Fi portal when a finger touch to the fruit authentication system provided the necessary micro-charge.

What’s more, Danish network engineer Stefan Milo swore at one point that the banana was there to stay – it would never get swapped out, even after reaching the age of rich, compost-worthy brown:

If you want Wi-Fi, you gotta touch it. No matter how smelly it is, YOU TOUCH IT!!

You gotta touch the banana. If you can’t touch the banana, you gotta see the GIF.

As Milo explained in his initial Reddit post last Monday, he was tasked with setting up the captive portal and creating the temporary password vouchers – in a spreadsheet.

Well, he said, no thanks: he doesn’t do spreadsheets.

He expounded in a chat with The Register:

When you go to $corp, and the receptionist hands you a small piece of paper that someone printed out on an A4, and then spent time on cutting out into small pieces, I cringe.

Even if you have a small voucher printer, it still involves the receptionist, installing of the printer, support when the printer driver effs up, etc. And it still involves paper – what is this? 1999?

So instead of time-warping back to the paper days, he spent a weekend setting up a script on a Raspberry Pi that generated a unique guest key on command and displayed the code on an attached display.

It all took 8-10 hours, took up 20 lines of code, and cost him less than $100, including fabrication of an acrylic case.

The script was triggered via the Makey Makey board, which alerted the Pi whenever it detected a voltage drop in the attached banana.

The touch of a human finger created a tiny electrical connection, which then changed the banana’s capacitance – a change that could be detected by the circuit board.

The Pi didn’t know it was taking orders from a piece of fruit. As far as it’s concerned, a banana is as good as a keyboard, or a mouse.

The system can be powered by things non-banana, as well, as you can see in Makey Makey’s video, which shows the circuit board being switched by all sorts of household and culinary items: scissors, a slip-n-slide, a cream pie, or Jello, for example.

As Milo’s image shows, the pin cable for the circuit board rests on the banana, and its USB stick connects it to the Pi.

banana

He posted this list of reasons as answer to the inevitable question – “Why?”

  1. It’s fun
  2. It’ll make people smile
  3. It beats a static WPA password in funnyness
  4. When people leave our office, then can’t access our Wi-Fi because there’s no banana to touch

When users touched the banana, they got a personal password good for 8 hours, all without pestering a receptionist, and all without reading a number off a kludgy spreadsheet.

Milo says the Pi has 5,000 vouchers.

He told The Register that the banana setup only served about five guests a week, but with a simple expansion of the voucher file (and regular banana changes), the setup could run for years on end, accommodating thousands of office guests.

And why am I using past tense to talk about this authentication system, you may well ask?

Because the day after he swore that the banana would live in rotten eternity, tethered to the Pi, with Milo ruling over the system as Lord of the Fruit Flies, the banana was no more, he said in a banana update:

It’s a croissant now. Bossman ate the banana.

Image of Banana courtesy of Shutterstock.com

9 Comments

Loved it, real cool brain

BTW the URL of GIF is incorrect. fix that

I think that whether you see the GIF immediately or not depends on your browser and your security settings.

For me, in Safari, it renders immediately; in Firefox it shows an imgur download link that lets me fetch and view the image.

Though this is a fun project the admin apparently forgot about the usability advantage of a piece of paper: You can take it with you and configure your Wi-Fi in your own time, for example if you have a sturdy surface for your notebook. With this setup you have to type in the password immediately, or write it down yourself.

But this system guarantees that each given password only stays active for the next 8 hours.
Giving out blanket passwords on pieces of paper, which can easily end up somewhere outside the company, feels like more of an security risk.

The passwords also seem to be very short and as such should be easy to remember.
My issue is with using food as conductor, that seems kind of wasteful and unsanitary.
I wonder, would this still work when attached to a potted plant? Like maybe a cactus? ;)

If you look at their website, you’ll see they have an option where you can purchase a 3g modem with the system. The password is then sent to you as a text message.

Also, camera phones… Snap a pic, done.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?