[Nick Price] had a wonderful concept for a DEFCON badge: a device that worked a lot like a directional Geiger counter, but chirped at detecting WiFi deauthentication packets instead of radiation. That’s a wild idea and it somehow slipped past us last year. Why detect such a thing? Well, the WiFi deauth attack is a kind of invisible toxicity, effectively jamming wireless communications by forcing users to be constantly tied up with authentication, and this device would detect it.
A few things were harder than expected, however. To make the device directional, [Nick] designed and built a PCB Yagi antenna but it wasn’t practical. Not only was it far too big, it would also have required going to four layers on a PCB that was already expensive. The solution he settled on — inspired by a friend’s joke about just dropping the badge into a Pringles can — was to surround the PCB omni antenna with a copper pipe end cap from the plumbing section of any hardware store. [Nick] figured that soldering that to the ground plane should result in a simple, cheap, and attractive directional antenna mod. Did it work? We’ll all have to wait and see.
Sadly, [Nick] wasn’t able to finish in time for last year’s DEFCON. Hardware revisions mounted, and fabrication times for his specialized PCB were longer than usual. Worse news is that this year’s is cancelled, or rather is going virtual, which means he’s going to have to deauth himself. The good news is that now he’s got another 12-month extension. Watch the brief video of the functional prototype, embedded below.
Continue reading “Great Badge Concept: A “Geiger Counter” For WiFi Deauthentication Frames”
Interfering with radio communications, whether through jamming, deauthing attacks, or other meddling, is generally considered a crime, and one that attracts significant penalties. However, studying such techniques should provide a useful edge in the electronic wars to come. In this vein, [Giorgio Filardi] has recently built a WiFi deauther the size of a credit card.
The device has a simple interface, consisting of 3 buttons and a small OLED screen. It can also be accessed remotely and controlled through a web interface. A NodeMCU ESP8266 board runs the show, using [spacehuhn]’s deauther firmware. The point-to-point construction probably won’t hold up to much rough and tumble out in the field, but it’s fine for a bench test. We’d recommend constructing an enclosure if it was to be used more regularly.
There’s plenty of functionality baked in – the device can scan for networks, perform deauth attacks, and even create spoof networks. It’s a tricky little device that serves to highlight several flaws in WiFi security that are yet to be fixed by the powers that be.
Using one of these devices for nefarious purposes will likely get you into trouble. Experimenting on your own networks can be educational, however, and goes to show that wireless networks are never quite as safe as we want them to be.
If you’re wondering as to the difference between deauthentication and jamming, here’s your primer.
Terminology is something that gets us all mixed up at some point. [Seytonic] does a great job of explaining the difference between WiFi jammers and deauthenticators in the video embedded below. A lot of you will already know the difference however it is useful to point out the difference since so many people call deauth devices “WiFi Jammers”.
In their YouTube video they go on to explain that jammers basically throw out a load of noise on all WiFi channels making the frequencies unusable in a given distance from the jammer. Jammers are also normally quite expensive, mostly illegal, and thus hard to find unless of course you build your own.
WiFi deauthentication on the other hand works in a very different way. WiFi sends unencrypted packets of data called management frames. Because these are unencrypted, even if the network is using WPA2, malicious parties can send deauthentication commands which boot users off of an access point. There is hope though with 802.11w which encrypts management frames. It’s been around for a while however manufacturers don’t seem bothered and don’t implement it, even though it would improve the security of a WiFi device from these types of attacks.
Continue reading “WiFi Deauthentication VS WiFi Jamming: What Is The Difference?”