+ Reply to Thread
Results 1 to 8 of 8
  1. Senior Member philz1982's Avatar
    Join Date
    Oct 2011
    Location
    Dallas
    Posts
    219

    Certifications
    CISSP, CCNA, CCDA
    #1

    Default Flying Drone Hacks

    Interesting approach and article. Flying drone, scans for your wireless traffic and then spoofs hotspot to hijack data.

    This drone can steal what's on your phone - Mar. 20, 2014
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Jul 2010
    Posts
    187

    Certifications
    A/N/S+, ServiceNow, ITIL, CWTS, Server+
    #2
    Wouldn't the evil twin access point only be able to target those who sent out probe requests for open WiFi networks? So any WPA/WPA2 network handshake would fail I would think.
    Reply With Quote Quote  

  4. Senior Member philz1982's Avatar
    Join Date
    Oct 2011
    Location
    Dallas
    Posts
    219

    Certifications
    CISSP, CCNA, CCDA
    #3
    Your assuming that the wifi networks that the drones are emulating are even using encryption. When I sit down in the airport I amazed how many non- encrypted Hot Spots pop up...
    Reply With Quote Quote  

  5. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Location
    Where you least expect it!
    Posts
    225

    Certifications
    CompTIA A+, CompTIA Network+, CompTIA Security+, EMCISA v2, MCP, MTA 98-366, MTA 98-367, MCPS
    #4
    This makes you want to go back to the old fashion flip phone. What I always loved was even when I had my old flip phone and I would receive SMS Trojan text messages even though my phone did not have internet capabilities.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jul 2010
    Posts
    187

    Certifications
    A/N/S+, ServiceNow, ITIL, CWTS, Server+
    #5
    Quote Originally Posted by philz1982 View Post
    Your assuming that the wifi networks that the drones are emulating are even using encryption. When I sit down in the airport I amazed how many non- encrypted Hot Spots pop up...
    Nah, I wasn't assuming. I know it's easy as cake to impersonate an unencrypted open access point like Starbucks, Panera, etc, and this Snoopy tool (among other tools) could easily set up a MITM and evil twin attack.

    I just wanted to know if those of us who don't have any open wireless networks saved on our phones are safe from these attacks. I only have a few home and business networks saved, so I presume the 4-way WPA2-Personal handshake would fail with a drone since it doesn't know the passphrase.

    Regardless, I do still think both Google and Apple need to patch Android OS and iOS so that smartphones and tablets do NOT send out probe requests (active scan) and merely rely on beacons (passive scan) sent by access points. That would really be a step in the right direction for mobile privacy.

    Windows and Mac OS X have already disabled probe requests from being sent out (except for hidden SSID networks), making our laptops safe. It's about time our mobile devices follow suit.
    Reply With Quote Quote  

  7. Senior Member philz1982's Avatar
    Join Date
    Oct 2011
    Location
    Dallas
    Posts
    219

    Certifications
    CISSP, CCNA, CCDA
    #6
    Heard from a friend of mine that there are actual attacks where you can set a pre-paid cell phone that will contact to a wifi hotspot and you can then remote into the phone via a proxy and conduct attacks. Kind of like the USB key drop but active instead of passive.

    Also, you can send stuff via the airwaves from your speakers and if a computer's mic is listening it will allow the hack to pass right through. I don't understand how that could work, and my friend couldn't go into details on it. Anyone else heard of this one?

    -Phil
    Reply With Quote Quote  

  8. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,311

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH
    #7
    Meh, this is just CNN looking for clicks. Using words like "drone" and associating it to data theft of mobile devices will get them exactly what they want.

    In reality none of this is new or particularly interesting.
    Reply With Quote Quote  

  9. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,311

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH
    #8
    Regarding your questions about bridging the air gap between systems that are not networked together, you should take a look at 'BadBIOS' malware. Its existence in the wild has been questioned, but one security researcher claims to have discovered it on his own systems.

    I have no idea why TrendMicro decided to publish this recycled information last Friday, but here is a "new" writeup describing at a high-level what you were talking about earlier. BadBIOS itself has been discussed for months now:

    Trend Micro Simply SecuritybadBIOS
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks