Stepping back into Wireless Security

wifi-crack Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2).  At the time, I assumed the Nest app talked directly to the thermostat.  Not true.  It just needs internet to talk to it’s servers where it receives the commands and preferences from the app.  Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network.  First, I needed to asses which devices, like the Nest, would be unable to make the transition.  Luckily, most of these devices don’t need anything more then internet access.  One was moved to a hard line and the last attached to a Radius capable wireless bridge.  I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!

Continue reading “Stepping back into Wireless Security”

Ubiquiti’s USG router steps up with dual wan support!

I was very excited to discover this feature listed in my Unifi controller today.  You can now repurpose the VOIP port to act as a WAN2.  The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet.  I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short.  No longer, Ubiquiti has a really great product line with the Unifi.  I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform.  I have been waiting for this!

Unifi WAN2 option

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Playing with screenshots & Snapchat

You think you can beat it? (snapchat screenshot detection) Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone.  I was bored and playing with my wife when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long.  It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak).  Honestly I find this kind of thing in a lot in applications not designed specifically for security.  Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security.  Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea.  I am certainly not the only one to figure this out.  It seems that the basics of this method have been known for at least a year.

UPDATE (6-15-16):  Tested again with newest Snapchat app.  still working.

Bizarre FaceTime error could have horrifying security implications!

ios9 facetime iconI just got off a very strange call. Apparently, a complete stranger received a FaceTime request from me. “Butt Dial” right?  no big deal. Not this time.  At the time, i was in the middle of a FaceTime call with my dad.  I am almost certain I know exactly when it happened because i noticed a call-waiting style interruption on our call.  The first strange thing i noticed was that the incoming caller was my dad.  The same dad, I was presently talking to.  I rejected the call, thinking it was my dad accidentally calling from a different device. Then, moments later I get a mobile call from another LA number.  This time from an irate husband demanding to know why I would FaceTime his wife.  Unfortunately, I may have given them the wrong impression by asking questions of them.  The IT guy inside me wanted to figure out what just happened. Needless to say, they didn’t enjoy being grilled.  I barely had time to get out a few apologies, i don’t think they even realized that I hadn’t actually even called them.  I did get some answers.  They were not on a call at the time.  They were not even on the device.  My call history shows no outgoing calls save my dad.  my dad’s history doesn’t show the missed call on my history from him. I am almost certain I will never know what actually happened.  I am guessing that Apple FaceTime system might be a bit more duct tape and spit then we were lead to believe.

Finally upgraded firmware of a critical piece of my network!

network infrastructure For years now I have been terrified of one particular network device. This high end device requires a service contract from it’s manufacturer to be eligible for software upgrades and as such had been neglected for some time. I couldn’t use it the way I wanted or hardly at all for fear that it would be compromised via the Heartbleed vulnerability. Forced to relegate this amazing appliance to be firewalled far from the prying packets of the Internet at large.

Finally, with some licensing help from a friend, it’s firmware is finally current! It can once again take it’s place as the core of my network without the fear of being instantly owned. Thank you Adam once again for all your help.  Let this be a lesson to hardware venders.  Don’t force people to pay service contracts just for security upgrades.  Your bugs, your job to fix.

Update Java. Seriously, do it right now.

20120405-000044.jpg
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.

Apple Info:
http://support.apple.com/kb/HT5228

More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/