Okay, so we may need to adjust our threat models slightly?
-
@briankrebs So the thing here is that while it is certainly possible, there are a lot of dependencies to pull this off.
1. a device that can dual home in the island network you are hopping from.
2. a Wifi network that is broadcasting at a power level higher than it should.
3. Stolen Credentials
All that said, it is an interesting example of a "determined attacker" scenario, and is definitely the first time I can remember hearing of this technique.
Wild stuff reigns supreme when the attacker is NOT going after low hanging fruit, and has a target they are determined to reach.
-
@thegibson @briankrebs dark market wifi-attack drones-as-a-service
-
This is where my mind was going... pretty sure the pwnasus could be modified with a LTE adapter to do a similar thing, and eliminate the need to hop from the first network.
-
And now that we've spoken that into existence...
-
@TheGibson @rgegriff @briankrebs WiFi countermeasures now include drone-hunting birds?
-
@tw000 @thegibson @briankrebs I have always wanted to train falcons!
-
@rgegriff @TheGibson @briankrebs Yes! (in sickos voice)
-
I mean I built the pwnasus... I don't see this as a complex modification to something that is a flying Wi-Fi deauther.
just adding a control plane, and a little bit of OS config.
a mobile C2 basically.
-
@TheGibson @rgegriff @briankrebs Keeping the drone stable and in range and undetected is where my mind starts to go.
-
@briankrebs Now do bluetooth. There are many devices that have both wifi and bluetooth, and the latter's security is pretty bad.
-
@tw000 @thegibson @briankrebs drones are pretty good at holding position; and wifi is pretty good at not being attenuated by atmosphere; so you could probably get decent range even at a pretty high angle relative to the target building.
That said; save some battery and park it on the roof.
Ohh! Or drop a throwie!
-
Chrisshy Keygenreplied to Chrisshy Keygen last edited by [email protected]
@tw000 @thegibson @briankrebs OHH OHH! A throwie that had an esp32 and some LoRa hardware would be a pretty scary mix of small, inexpensive bordering on disposable, long lasting relative to battery capacity, and controllable from across town
-
@rgegriff @TheGibson @briankrebs Great, now I won't be able to see shoes on power lines without thinking about what device is hidden in them.
-
@tw000 @thegibson @briankrebs back of the envelope; without the battery, a little gizmo like this could fit pretty comfortably in a gang box behind a light switch.
You've heard of evil maid; now hold on to your butts for evil electrician and evil drywall guy attacks.
A whole class of evil tradesfolk with opportunities to install all sorts of cool gizmos in your mansion, office, or newly under-regulated datacenter-powering nuclear facilities
-
Slap a solar cell in the ankle opening and a timer between the battery and the stack...
Could run forever.
-
@tw000 @thegibson @briankrebs so anyway, looks like my holiday project involves firing up some KiCAD and seeing if my Journeyman cousin will let me buy a round of drinks for his work friends
-
No crimes... only build...
the value in this is understanding the threats.
-
@thegibson @tw000 @briankrebs I kiid, I kiid. I look really bad in orange.