evilgenius » wifi

Boeing 787 and network security

hosh — Mon, 07 Jan 2008 05:54:12 +0000

Now this is not really wireless, but a least it has to do something with security in the air.

According to The Inquirer, referencing an FAA (Federal Aviation Administration) report, it seems that the guys at Boeing don’t know basic network security concepts, like for example network segmentation. The network access for passengers seems to be in the same network like plane’s control, navigation, communication, etc. Seems that Boeing is going to fix this, but I can’t wait until first passengers start messing around with the final system.

iPhone’s Bluetooth Bug and the Metasploit Framework

hosh — Sat, 29 Sep 2007 20:21:55 +0000

As balle already pointed out, there is a major Bluetooth Bug in iPhones. The SDP-Service can be exploited to execute arbitrary code. The funny thing with iPhones is, that even when Inquiry Scan is disabled (“hidden Bluetooth device”) it’s easy to find out the Bluetooth Address of an iPhone: The WiFi-address is the Bluetooth address incremented by one. When you know the MAC Address of the iPhone, you also know the Bluetooth address.

Another interesting thing: The Metasploit Framework about to be ported to the iPhone. All the applications seem to run as UID 0 on the iPhone – this is going to be fun!

Source: Computerworld

Updates on Wi-Fi Security

hosh — Sat, 21 Apr 2007 23:33:41 +0000

There were some pretty interesting things developments during the last few weeks:

aircrack-ptw or Breaking 104 bit WEP in less than 60 seconds. Works great! There is a tutorial “How to crack WEP with no clients” which helps you to generate the necessary ARP packets.
Lorcon – Loss Of Radio CONnectivity. 802.11 packet generator implementing an hardware abstraction layer – you don’t have to mess around with WiFi drivers anymore. From now on Lorcon does this for you.
Pretty interesting slides on Wi-Fi fuzzing from Black Hat Europe.

Happy hacking.

Roundup on Wireless Security

hosh — Sat, 17 Mar 2007 11:34:44 +0000

There is a pretty good roundup on wireless security at pauldotcom, covering Wifi, Bluetooth and RFID. The slides give a pretty good overview on various topics and are a great entrance point for wireless hacking.