Hack a Day » fon

WiFi telescope

Eliot — Tue, 10 Jun 2008 23:30:00 +0000

We Make Money Not Art recently visited the LABoral Art and Industrial Creation Centre in Gijón, Spain. The installation that left the strongest impression on [Regine] was the WiFi sightseeing telescope built by Clara Boj and Diego Diaz. Spain is in a situation similar to the USA: A few years ago many municipal WiFi projects launched only to be squashed because of theoretical unfair competition with local utilities. Now commercial projects like WeFi, Whisher, and FON encourage people to “share” their WiFi. Observatorio (Observatory) is designed to provide insight into the current state of local WiFi. It uses a highly directional Yagi antenna to collect wireless access data from the local area. The antenna has a 30deg aperture which is matched to a camera with an identical field of view. The observer sees the camera’s viewpoint with the WiFi data overlaid showing where accesspoints are and whether the AP is open. WMMNA also recommends you check out the WiFi Camera which photographs electromagnetic space.

Phlashing denial of service attack, the new hype

Eliot — Tue, 20 May 2008 23:15:00 +0000

Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.

Embedded systems, like wireless routers, network cameras, and printers require remote access to be upgraded. This could be over the network or just a USB cable. Unfortunately most devices go unpatched because of this lack of easy access. The upgrade procedure can be very insecure too. The last time we flashed a custom firmware on our La Fonera we had to set up a TFTP server for it to download the firmware from. The TFTP protocol has no authentication, so anyone could pose as the server and offer a bad firmware for download. Many embedded system upgrade tools use TFTP because of its ease of implementation and low hardware overhead.

The PDOS attack hasn’t been seen in the wild and we don’t expect to. Malware is a business and destroying hardware doesn’t seem to have much income potential. The article presents this as an alternative to maintaining a botnet to perform a DDOS. With a DDOS, you deny the service, ask for ransom, and return service when they pay. With PDOS, you threaten to deny their service, they don’t pay, and then you destroy their equipment and get nothing. We agree with [HD Moore] that a more successful attack would be installing your own custom firmware that gives you full control of the system and full access to the network to do as you please.

Outside of griefing, the PDOS attack is not a threat. In any case, firmware upgrade procedures for embedded devices need to be improved.

[via /.]

FON mp3 streaming router

Eliot — Mon, 24 Sep 2007 05:43:00 +0000

I was looking for streaming solutions the other day. Little did I know that [John] would be sending in a hack for adding an mp3 decoder board to the La Fonera. The final device has both a web and command line interface which let you connect to any shoutcast/icecast streaming server. John has even gone so far as to provide the Openwrt image for the router with all of the software components you need.