this post was submitted on 07 Jul 2023
4 points (64.3% liked)

Selfhosted

40134 readers
535 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

publication croisée depuis : https://lemmy.world/post/1122992

Hi, I realise that this might not be a question for this community; that said, this community is fairly big so I'm sure plenty of people here are already doing this.

I have been interested in hacking wireless infrastructure for a while now, but I'm struggling to find motivation in my day-to-day life to actually embark on said journey. Frankly speaking, I don't see a point to do so in a modern homelab. If someone is using WPA3, no unsecured wireless connections like Bluetooth, and uses strong passwords, how would someone realistically hack them without a good amount of time/resources?

One avenue that I came up with, related to wireless hacking, is with IOT. I do not know much about the security of various wireless protocols like Zigbee, or if one can somehow decrypt MQTT messages (they are sent using TLS, yes?) or anything of the sort. Other than this, I'm really struggling to see a practical point in pursuing action in this field (other than the basics like upgrading to the most secure protocol and maintaining digital hygiene) unless one is interested in wireless hacking from pure interest (without any need for motivation stemming from problems in their lab).

Thanks!

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago (2 children)

Do I understand correctly that you're asking us to give you a good reason to hack wireless signals because you yourself cannot think of a good reason?

If so, I can't think of a good reason either, unless of course you want to be a white hat for somebody.

[–] [email protected] 6 points 1 year ago

Whitehatting is the only legitimate reason I could think of as well. Otherwise, you're just looking to cause rouble and probably shouldn't be posting this to the SH community. Not sure how many people would appreciate someone posting about that here.

[–] [email protected] 2 points 1 year ago (1 children)

That would be correct, however, put more precisely, I'm asking for "reasons to hack your own WiFi and other wireless devices/connections", not to endanger anybody else. I want to know the motivation of pursing wireless hacking skills for one's own security and privacy, along with securing one's homelab

[–] [email protected] 3 points 1 year ago (1 children)

for one’s own security and privacy, along with securing one’s homelab

Sounds like you already have a reason

[–] [email protected] 1 points 1 year ago

Indeed, but I don't quite see how I will reach this goal with trying to hack my wireless devices/connections. Using WPA3 + strong passwords + network logging is all I can think of when trying to passively secure my network (including wireless). What specific avenue of WiFi and RF hacking should I be looking at?

[–] [email protected] 4 points 1 year ago (1 children)

Overall, I use "strange WiFi things" techniques for two useful things : audit security cameras, and foxhunting.

I use it to test wireless security cameras on my home network -- to see if I can deauth them and/or force them to reconnect to spoofed access points. If it's easy, then either the router or the cameras are being useless, and I upgrade/replace. Obviously WiFi security cameras can't be made super secure, but if I know how good they are, I can conclude when they are 'good enough'.

I only buy routers that support secure management frames, but I want to make sure that it actually works as it should. I test client networks too, with permission, and then plug security holes.

I also specifically disable secure management frames and deauth my cameras to see how they respond. If the system just 'freezes' without any warning being raised (and then resumes on reconnect), that is also a fail. Connection dropping must raise some form of alert.

Then for foxhunting, I build multiple antennas and listen to traffic. Then I use the RSSI to perform multilateralization on the signal to get a vector on their position. You can get 3-5m accuracy with some work. This is a neat but complicated way to build an indoor positioning system to track employees, corporate assets, and employees that you treat like corporate assets.

Also you can sometimes hack together WiFi ToF measurements but this is tricky and not widely supported.

[–] [email protected] 1 points 1 year ago

This sounds very interesting. I would definitely like to be able to know the intricacies of how I am tracked at work. I assume that in the scenario you describe, said employees are connected to the office WiFi network. Maybe there's a way for the office to determine one's location even if they aren't?

I am definitely interested in testing IOT devices and their resilience to attacks, however I don't think I'll have much luck if I'm using something like Tasmota. I might want to check for devices I program myself though. Thanks.

I have yet to fully understand protected management frames, but I believe most operating systems meant for such devices will ship with WPA3 very soon that will require the use of the former technology. I personally want to run OPNSense and OpenWRT, I hope that will keep me relatively secure.

There are a few terms here that I don't know about, but thank you for your comment. I'll explore more!

[–] [email protected] 3 points 1 year ago (1 children)

It's fun to learn a bit more about how wifi and encryption works by cracking it using something like aircrack-ng. There's not really any other practical use unless you have bad intent or are planning on entering the security field.

[–] [email protected] 3 points 1 year ago (1 children)

I would agree that curiosity is the biggest driver here. A while back I played around with kali and aircrack-ng and was eventually able to crack one of my neighbors WiFi (big city - lots of signals). Even entered the router which was set up with the “standard credentials” of its type. But in general it’s very unlikely that you will successfully crack any WPA2 Wi-Fi signal. If you want to crack a specific signal it gets even trickier…

[–] [email protected] 1 points 1 year ago

FWIW that's illegal and is considered hacking in the US and can result in jail time. You should only do this on equipment you own. Not saying you did anything particularly nefarious or that the chance of getting caught is high but just FYI.