wireless

330 Articles

Wiretapping And How To Avoid It

June 19, 2008 by 8 Comments


No matter who you suspect is plotting your doom, you’ll need need to know the way wiretapping works in order to learn their plans and shield yourself from their surveillance. Luckily, ITSecurity has posted a comprehensive
article about wiretapping, including information on how to wiretap and how to find out if someone is wiretapping you.

One of the more intriguing methods of wiretapping the articles discusses is a service by a company called FlexiSPY. It works by covertly installing a program onto the target’s cellphone. Once installed, the spying party can listen to anything going on in the room the target is in by calling the phone. It won’t ring, vibrate, or give any indication that it is transmitting audio data.

Some of the more hack-oriented methods involve tapping into a landline, using special software to record VoIP calls, or buying a wiretapping kit. Of course, countermeasures, are also discussed, but some of the links they provide are a little more informative on the topic of defense against wiretapping.

Notacon 2008: Last-mile Wireless

April 6, 2008 by 3 Comments


[Mark Doner] presented on how the WISP he works for near Toledo is set up. His most important point was that 802.11 is garbage when it comes to the type of installations WISPs do. 802.11 expects the clients to adjust based on the traffic from other clients, but when all your clients are directional they won’t see each other. Mark uses Motorola’s Canopy equipment, but he also mentioned Trango and Redline as other vendors. The radios operate in the 5.7GHz band which doesn’t have any power restrictions so they can use refurbished Dish Network dishes when they’re doing long shots. For customers that are nearly at the edge of service, they have 900MHz equipment as well. Heavy fog and freezing rain have proven to be the only weather that really affects the service. For back-haul between their towers they use Dragonwave equipment. Each of the radios costs ~$350 and features GPS to determine distance and maintain sync with the AP. It was interesting to see how a good WISP operates as opposed to the flakey ones we’ve had to deal with in the past.

Wireless Fireworks Controller

March 24, 2008 by 27 Comments


[Tuckie] sent in his wireless fireworks controller. The electronic parts are off the shelf – a 12 channel relay board and remote provide the guts. He used a rock tumbler to mill the black powder needed to make the detonators. A combination of the fine ground black powder, nichrome wire and ping pong balls makes up the business end of each detonator. When a channel is selected with the remote, the relay is activated, current is sent to the detonator which is taped to the firework fuse.

Wireless Keyboards Easily Cracked

December 2, 2007 by 69 Comments

We first covered breaking the commodity 27MHz radios used in wireless keyboards, mice, and presenters when [Luis Miras] gave a talk at Black Hat. Since then, the people at Dreamlab have managed to crack the encryption on Microsoft’s Wireless Optical Desktop 1000 and 2000 products (and possibly more). Analyzing the protocol they found out that meta keys like shift and ALT are transmitted in cleartext. The “encryption” used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don’t have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes. Their demo video shows them sniffing keystrokes from three different keyboards at the same time. Someone could potentially build a wireless keylogger that picks up every keystrokes from every keyboard in an office. You can read more about the attack in the whitepaper(pdf).

[via Midnight Research Labs]

Continue reading “Wireless Keyboards Easily Cracked”

FON Mp3 Streaming Router

September 23, 2007 by 6 Comments


I was looking for streaming solutions the other day. Little did I know that [John] would be sending in a hack for adding an mp3 decoder board to the La Fonera. The final device has both a web and command line interface which let you connect to any shoutcast/icecast streaming server. John has even gone so far as to provide the Openwrt image for the router with all of the software components you need.

Black Hat 2007 Other Wireless

August 2, 2007 by 8 Comments


Luis Miras presented “Other Wireless: New ways of being Pwned”. Instead of common con topics like Bluetooth or WiFi, this dealt with the cheap radios used in wireless keyboards, mice, and things like the wireless remote pictured above. These RX/TX pairs are found in 27MHz, 900MHz, and 2.4GHz versions. The devices all use the same main components: a microcontroller, an EEPROM for storing the serial number, and the transmitter. The dongle is nearly the same only with a receiver.

Continue reading “Black Hat 2007 Other Wireless”