publication croisée depuis : https://lemmy.world/post/1122992
Hi, I realise that this might not be a question for this community; that said, this community is fairly big so I’m sure plenty of people here are already doing this.
I have been interested in hacking wireless infrastructure for a while now, but I’m struggling to find motivation in my day-to-day life to actually embark on said journey. Frankly speaking, I don’t see a point to do so in a modern homelab. If someone is using WPA3, no unsecured wireless connections like Bluetooth, and uses strong passwords, how would someone realistically hack them without a good amount of time/resources?
One avenue that I came up with, related to wireless hacking, is with IOT. I do not know much about the security of various wireless protocols like Zigbee, or if one can somehow decrypt MQTT messages (they are sent using TLS, yes?) or anything of the sort. Other than this, I’m really struggling to see a practical point in pursuing action in this field (other than the basics like upgrading to the most secure protocol and maintaining digital hygiene) unless one is interested in wireless hacking from pure interest (without any need for motivation stemming from problems in their lab).
Thanks!
Do I understand correctly that you’re asking us to give you a good reason to hack wireless signals because you yourself cannot think of a good reason?
If so, I can’t think of a good reason either, unless of course you want to be a white hat for somebody.
Whitehatting is the only legitimate reason I could think of as well. Otherwise, you’re just looking to cause rouble and probably shouldn’t be posting this to the SH community. Not sure how many people would appreciate someone posting about that here.
That would be correct, however, put more precisely, I’m asking for “reasons to hack your own WiFi and other wireless devices/connections”, not to endanger anybody else. I want to know the motivation of pursing wireless hacking skills for one’s own security and privacy, along with securing one’s homelab
for one’s own security and privacy, along with securing one’s homelab
Sounds like you already have a reason
Indeed, but I don’t quite see how I will reach this goal with trying to hack my wireless devices/connections. Using WPA3 + strong passwords + network logging is all I can think of when trying to passively secure my network (including wireless). What specific avenue of WiFi and RF hacking should I be looking at?
Overall, I use “strange WiFi things” techniques for two useful things : audit security cameras, and foxhunting.
I use it to test wireless security cameras on my home network – to see if I can deauth them and/or force them to reconnect to spoofed access points. If it’s easy, then either the router or the cameras are being useless, and I upgrade/replace. Obviously WiFi security cameras can’t be made super secure, but if I know how good they are, I can conclude when they are ‘good enough’.
I only buy routers that support secure management frames, but I want to make sure that it actually works as it should. I test client networks too, with permission, and then plug security holes.
I also specifically disable secure management frames and deauth my cameras to see how they respond. If the system just ‘freezes’ without any warning being raised (and then resumes on reconnect), that is also a fail. Connection dropping must raise some form of alert.
Then for foxhunting, I build multiple antennas and listen to traffic. Then I use the RSSI to perform multilateralization on the signal to get a vector on their position. You can get 3-5m accuracy with some work. This is a neat but complicated way to build an indoor positioning system to track employees, corporate assets, and employees that you treat like corporate assets.
Also you can sometimes hack together WiFi ToF measurements but this is tricky and not widely supported.
This sounds very interesting. I would definitely like to be able to know the intricacies of how I am tracked at work. I assume that in the scenario you describe, said employees are connected to the office WiFi network. Maybe there’s a way for the office to determine one’s location even if they aren’t?
I am definitely interested in testing IOT devices and their resilience to attacks, however I don’t think I’ll have much luck if I’m using something like Tasmota. I might want to check for devices I program myself though. Thanks.
I have yet to fully understand protected management frames, but I believe most operating systems meant for such devices will ship with WPA3 very soon that will require the use of the former technology. I personally want to run OPNSense and OpenWRT, I hope that will keep me relatively secure.
There are a few terms here that I don’t know about, but thank you for your comment. I’ll explore more!
It’s fun to learn a bit more about how wifi and encryption works by cracking it using something like aircrack-ng. There’s not really any other practical use unless you have bad intent or are planning on entering the security field.
I would agree that curiosity is the biggest driver here. A while back I played around with kali and aircrack-ng and was eventually able to crack one of my neighbors WiFi (big city - lots of signals). Even entered the router which was set up with the “standard credentials” of its type. But in general it’s very unlikely that you will successfully crack any WPA2 Wi-Fi signal. If you want to crack a specific signal it gets even trickier…
FWIW that’s illegal and is considered hacking in the US and can result in jail time. You should only do this on equipment you own. Not saying you did anything particularly nefarious or that the chance of getting caught is high but just FYI.
