DNS Tunneling with an ESP8266

There’s a big problem with the Internet of Things. Everything’s just fine if your Things are happy to sit around your living room all day, where the WiFi gets four bars. But what does your poor Thing do when it wants to go out and get a coffee and it runs into a for-pay hotspot?

[Yakamo]’s solution is for your Thing to do the same thing you would: tunnel your data through DNS requests. It’s by no means a new idea, but the combination of DNS tunneling and IoT devices stands to be as great as peanut butter and chocolate.

DNS tunneling, in short, relies on you setting up your own DNS server with a dedicated subdomain and software that will handle generic data instead of information about IP addresses. You, or your Thing, send data encoded in “domain names” for it to look up, and the server passes data back to you in the response.

DNS tunneling is relatively slow because all data must be shoe-horned into “domain names” that can’t be too long. But it’s just right for your Thing to send its data reports back home while it’s out on its adventure.

Oh yeah. DNS tunneling may violate the terms and conditions of whatever hotspot is being accessed. Your Thing may want to consult its lawyer before trying this out in the world.

Hackaday Prize Entry : Subterranean Positioning System

There are numerous instances where we need to know our location, but cannot do so due to GPS / GSM signals being unavailable and/or unreachable on our Smart Phones. [Blecky] is working on SubPos to solve this problem. It’s a WiFi-based positioning system that can be used where GPS can’t.

SubPos does not need expensive licensing, specialized hardware, laborious area profiling or reliance on data connectivity (connection to database/cellphone coverage). It works independently of, or alongside, GPS/Wi-Fi Positioning Systems (WPS)/Indoor Positioning Systems (IPS) as an additional positioning data source by exploiting hardware commonly available.

As long as SubPos nodes are populated, all a user wishing to determine their location underground or indoors needs to do is use a Wi-Fi receiver.  This can be useful in places such as metro lines, shopping malls, car parks, art galleries or conference centers – essentially anyplace GPS doesn’t penetrate. SubPos defines an accurate method for subterranean positioning in different environments by exploiting all the capabilities of Wi-Fi. SubPos Nodes or existing Wi-Fi access points are used to transmit encoded information in a standard Wi-Fi beacon frame which is then used for position triangulation.

The SubPos Nodes operate much like GPS satellites, except that instead of using precise timing to calculate distance between a transmitter and receiver, SubPos uses coded transmitter information as well as the client’s received signal strength. Watch a demo video after the break.


The 2015 Hackaday Prize is sponsored by:

Continue reading “Hackaday Prize Entry : Subterranean Positioning System”

A chink in the armor of WPA/WPA2 WiFi security

Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböck] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan’s] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.

Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!

It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.