publication croisée depuis : https://lemmy.world/post/1122992

Hi, I realise that this might not be a question for this community; that said, this community is fairly big so I’m sure plenty of people here are already doing this.

I have been interested in hacking wireless infrastructure for a while now, but I’m struggling to find motivation in my day-to-day life to actually embark on said journey. Frankly speaking, I don’t see a point to do so in a modern homelab. If someone is using WPA3, no unsecured wireless connections like Bluetooth, and uses strong passwords, how would someone realistically hack them without a good amount of time/resources?

One avenue that I came up with, related to wireless hacking, is with IOT. I do not know much about the security of various wireless protocols like Zigbee, or if one can somehow decrypt MQTT messages (they are sent using TLS, yes?) or anything of the sort. Other than this, I’m really struggling to see a practical point in pursuing action in this field (other than the basics like upgrading to the most secure protocol and maintaining digital hygiene) unless one is interested in wireless hacking from pure interest (without any need for motivation stemming from problems in their lab).

Thanks!

  • Saigonauticon@voltage.vn
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Overall, I use “strange WiFi things” techniques for two useful things : audit security cameras, and foxhunting.

    I use it to test wireless security cameras on my home network – to see if I can deauth them and/or force them to reconnect to spoofed access points. If it’s easy, then either the router or the cameras are being useless, and I upgrade/replace. Obviously WiFi security cameras can’t be made super secure, but if I know how good they are, I can conclude when they are ‘good enough’.

    I only buy routers that support secure management frames, but I want to make sure that it actually works as it should. I test client networks too, with permission, and then plug security holes.

    I also specifically disable secure management frames and deauth my cameras to see how they respond. If the system just ‘freezes’ without any warning being raised (and then resumes on reconnect), that is also a fail. Connection dropping must raise some form of alert.

    Then for foxhunting, I build multiple antennas and listen to traffic. Then I use the RSSI to perform multilateralization on the signal to get a vector on their position. You can get 3-5m accuracy with some work. This is a neat but complicated way to build an indoor positioning system to track employees, corporate assets, and employees that you treat like corporate assets.

    Also you can sometimes hack together WiFi ToF measurements but this is tricky and not widely supported.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This sounds very interesting. I would definitely like to be able to know the intricacies of how I am tracked at work. I assume that in the scenario you describe, said employees are connected to the office WiFi network. Maybe there’s a way for the office to determine one’s location even if they aren’t?

      I am definitely interested in testing IOT devices and their resilience to attacks, however I don’t think I’ll have much luck if I’m using something like Tasmota. I might want to check for devices I program myself though. Thanks.

      I have yet to fully understand protected management frames, but I believe most operating systems meant for such devices will ship with WPA3 very soon that will require the use of the former technology. I personally want to run OPNSense and OpenWRT, I hope that will keep me relatively secure.

      There are a few terms here that I don’t know about, but thank you for your comment. I’ll explore more!