A device that promised to mask your location online by putting you up to 2.5 miles away from your router made headlines in security circles earlier this month, with write-ups in Wired Motherboard , and BGR (and here at Business Insider .) But it looks like the device will never see the light of day: As CSO Online reports, the entire project has now been cancelled under mysterious circumstances

ProxyHam (as the device was called) was essentially a router broadcasting on a 900MHz connection, letting the owner - with the right antenna - connect from up to several miles away. It could be stashed in any public place with an internet connection (think library/coffee shop/co-working space) and then utilised by the owner. That way, even if the router itself is tracked down, its owner won't necessarily be discovered.


It was being built by Ben Caudill, founder of security consultancy Rhino Security Labs. Like with any anonymising tool, the potential for abuse by criminals evading law enforcement was obvious. But Caudill framed it as a boon to whistleblowers. Scheduled to formally unveiled at the Las Vegas Defcon conference in August, it was described as the event page like so From the US to China and beyond, anonymity on the internet is under fire - particularly for whistleblowers. National interests are pushing for greater control and monitoring of internet content, often invoking harsh punishments for informers and journalists, if caught. While a range of technologies (such as ToR) can provide some level of anonymity, a fundamental flaw still exists: a direct relationship between IP address and physical location. If your true IP is ever uncovered, it's game over - a significant threat when your adversary owns the infrastructure.

To resolve this issue, I present ProxyHam, a hardware device which utilizes both WiFi and the 900Mhz band to act as a hardware proxy, routing local traffic through a far-off wireless network - and significantly increasing the difficulty in identifying the true source of the traffic. In addition to a demonstration of the device itself, full hardware schematics and code will be made freely available.


On Friday and Saturday, Rhino Security Labs sent out the following tweets:

Defcon attendees hoping to see ProxyHam are going to be disappointed, however: Caudill's talk has been called off, and the device's development has been abruptly shelved, with no explanation given.

Effective immediately, we are halting further dev on #proxyham and will not be releasing any further details or source for the device - Rhino Security Labs (@RhinoSecurity) July 10, 2015

Existing #proxyham units will be disposed of and no longer be made available at @_defcon_ - Rhino Security Labs (@RhinoSecurity) July 10, 2015


@info_dox sorry, cannot make anything open source or publicly available. Can't go into further details as to the cancellation - Rhino Security Labs (@RhinoSecurity) July 11, 2015

@CameronRuggles No, Proxyham was not sold but can't go into any further details on the research or corresponding @_defcon_ talk - Rhino Security Labs (@RhinoSecurity) July 12, 2015


So what happened? One initial theory was that ProxyHam fell afoul of FCC regulation - but Caudill subsequently told CSO Online that it wasn't FCC intervention that prompted the cancellation. "ProxyHam devices did not break the FCC standards as the 900MHz antennas were capped at the 1-watt limit."

With Rhino Security Labs' Twitter account also ruling out that the project has been sold, speculation is focusing on another possible reason - government intervention. It would explain why Caudill is being so tight-lipped, and why it has stopped so suddenly, despite prior tweets from Rhino Security Labs saying it was "excited to debut next month!"

"While it is pure speculation on my part," Steve Ragan writes for CSO Online, "it would looks if a higher power - namely the US Government - has put their foot down and killed this talk. It isn't perfect, but a tool like Proxyham - when combined with [anonymising software] Tor and other VPN services, would be powerful."

Business Insider has reached out to Rhino Security Labs for comment, and will update when it responds.

Advertisement