Modern Wardriving

Posted on December 22, 2023 by Simon Roses

Let’s start by defining the word Wardriving: it is the search for WIFI wireless networks from a vehicle equipped with a computer. This would be the classic definition. I define modern wardriving as the search for WIFI networks, Bluetooth devices and GSM towers independently whether we are in any type of vehicle (plane, boat, bicycle, scooter, skateboard, etc.) or even walking.

I have been analyzing wireless networks since the beginning of 2000 and in 2022 I obtained the well-known Offensive Security Wireless Professional (OSWP) certification, you can read my post about it. Below is an image of the old cards that I used at that time for wardriving and WIFI audits that I still have out of nostalgia.

Modern wardriving requires more advanced hardware as we now have WIFI on 2.4GHz and 5GHz with WIFI 6 and 7 looming on the horizon, Bluetooth devices (with billions of devices in the world and counting) and GSM towers. In addition, we must combine it with a GPS device to save their location.

As you can see in the image, I use different devices for Wardriving and Radio Frequency (RF) audits from my company VULNEX. And what is shown here is not all the gadgets I use 😊 With these devices we can perform everything from wardriving to sophisticated RF attacks (a story for another day).

Starting from the left below we have:

  1. Flipper Zero + WIFI Devboard
  2. Raspberry PI Zero + Pwnagotchi
  3. AWUS036NEH
  4. AWUS036NHA
  5. M5 Stack Fire + ESP32 WiFi Hash Monster
  6. Google PĂ­xel 5 + WiGLE WiFi Wardriving
  7. Hack5 WIFI Pineapple Nano
  8. Wardriving Kit (463n7 Driver kit & Wardriver)
  9. AWUS1900
  10. Raspberry Pi 4 + touch screen

Do you want to get started in wardriving? My advice is that you buy an Android phone (it doesn’t have to be expensive or top of the range) and install the WiGLE WiFi Wardriving App. It is the fastest and most comfortable way to enter this fascinating world. As you progress you can expand your collection of wardriving devices.

What would you like me to delve into in another article?

Merry Christmas and don’t forget the ABC of wardriving: “Always Be Collecting” 😊

@simonroses

Posted in Hacking Etico, RADIO, RF, Security, Technology, Wireless | Tagged , , , , , , | 1 Comment

Fun in a Wild West shooting range with the Flipper Zero

Posted on September 29, 2023 by Simon Roses

For years I always thought about hacking the classic shooting range set in the Wild West powered by infrared shotguns. We can find these shooting ranges in amusement parks and fairs. Well, that moment has come and using the Flipper Zero. A security and pentesting device designed for ethical hackers and IT security professionals that fits in your pocket.

If you want to know in detail the infrared capabilities of the Flipper Zero for remote control, signal analysis and device emulation, I recommend reading my article about it here: Infrared Dominance with Flipper Zero.

Below are some images of the shooting range and videos of the hack, where we observe that when we send the signal previously captured from a shotgun many infrared sensors are activated at the same time.

Videos

Disclaimer: I am not responsible for any misuse of the information presented here.

Here I leave you the signal captured in an .IR file for the Flipper Zero.

Filetype: IR signals file Version: 1</p> <h1></h1> <p>name: Kat type: raw frequency: 38000 duty_cycle: 0.330000 data: 470 373 889 376 886 800 462 381 892 795 467 798 464 801 461 382 891 796 467 377 885 379 883 804 469 14718 467 377 885 379 883 804 469 374 888 799 463 802 460 804 469 375 887 799 463 380 882 384 889 798 464 14723 461 381 892 374 888 798 464 379 883 804 458 806 467 799 463 380 882 804 469 375 887 378 884 802 460 14727 468 375 887 377 885 802 460 383 890 797 465 800 462 803 459 384 889 798 464 379 883 381 892 796 466 14720 464 378 884 381 881 806 467 376 886 800 462 803 459 806 467 376 886 801 461 804 469 796 466 799 463

The next step will be to test this hack with the powerful IR Blaster that expands the infrared capabilities of the Flipper Zero.

The conclusion: never leave home without the Flipper Zero 😊

Leave in comments if you would like to see more articles about the Flipper Zero and what topics.

@simonroses

Posted in Uncategorized | Leave a comment

Information Warfare Strategies (SRF-IWS): Unveiling the Risks: Paris Protests and the potential to compromise the cybersecurity of companies while looting their stores

Posted on July 14, 2023 by Simon Roses

Introduction

The world has witnessed countless protests throughout history, as people express their grievances and demand change. Paris, known for its passionate demonstrations, has experienced its fair share of protests in recent times. Other places such as Barcelona (September 2022) and USA (Black Lives Matter 2020) has suffered looting and even deaths while protests. However, a concerning new trend has emerged, where protesters take advantage of the chaos to break into stores, including prominent ones like Apple Store, Orange, Supermarkets, and a Motorcycle shop among others. While the immediate impact of such actions is evident, there is a lesser-known risk that these protesters could exploit the opportunity to install Red Team hardware and compromise the cybersecurity of these companies. In this post, we explore this potential threat and shed light on the implications it poses.

Understanding Red Team Hardware

Before delving into the potential cybersecurity risks posed by protesters, it’s crucial to understand what Red Team hardware entails. Red Team hardware refers to devices or equipment used to simulate cyberattacks, often employed by ethical hackers or security professionals to evaluate the security posture of an organization. These tools aim to identify vulnerabilities and assess the effectiveness of security measures in place.

The Protester’s Advantage

During large-scale protests, chaos often ensues, leading to vandalism, looting, and destruction of property. In the case of high-profile stores such as the Apple Store or Orange, these incidents attract widespread attention. Amidst the pandemonium, protesters who possess knowledge about Red Team hardware might exploit the opportunity to install such devices within the compromised stores.

Installation of Red Team Hardware

Protesters who gain access to these stores can potentially plant Red Team hardware, ranging from small devices to sophisticated equipment, within the store’s infrastructure. These devices may go undetected initially, as the focus of security teams and law enforcement is primarily on controlling the protests and minimizing damage. The installed hardware can serve as an entry point for cybercriminals to gain unauthorized access to the store’s network, compromising the cybersecurity of the company and potentially accessing sensitive customer data.

Let’s explore different attack vectors that an attacker could use (I used these devices and more in my Red Team engagements):

  1. Search for passwords in the store: post-it, router and access points contain stickers with the password.
  2. Install a dropbox: a Red Team dropbox is a tiny computer such as a Raspberry PI deployed and hidden to launch network and wireless attacks. I have talked about dropboxes at different conferences.BSidesSF 2019 Mundo Hacker Day 2021
  3. Bash Bunny: from pentesting vendor Hak5, the Bash Bunny is a multi-vector USB attack platform.
  4. EvilCrow Cable: is a BadUSB cable.
  5. EvilCrow Keylogger: USB keylogger with WIFI support for data exfiltration.
  6. Jack Shark: Hak5 device for network attacks, plug in to an Ethernet port.
    7. />
  7. Key Croc: Another Hak5 gadget for keylogging.
  8. Lan Turtle: Hak5 covert USB Ethernet adapter for network attacks.
  9. Packet Squirrel: A man-in-the-middle network sniffer by Hak5.
  10. Rubber Ducky: the mighty USB keystroke injection attack platform by Hak5.
  11. WHID Cactus: USB HID injector with WIFI support.
  12. WIFI Pineapple: The powerful wireless attack platform by Hak5. The Nano (left) and the Mark VII (right).

Keep in mind these devices are just some options, many more exist with all kinds of capabilities.

Cybersecurity Implications

The consequences of compromised cybersecurity are severe, not only for the affected companies but also for their customers and business partners. Here are a few potential implications:

Data Breach: A successful infiltration can lead to unauthorized access to customer data, including personal and financial information. This breach can have far-reaching consequences, such as identity theft, fraud, and reputational damage to the affected companies.

Intellectual Property Theft: Companies like Apple often possess valuable intellectual property that is highly sought after by competitors or malicious actors. Breaching their cybersecurity can expose trade secrets, patents, and proprietary information, jeopardizing their competitive edge and potentially leading to financial losses.

Customer Trust: A data breach or compromised cybersecurity can erode customer trust in the affected companies. Customers may hesitate to share their information or engage in business transactions, leading to a loss of revenue and long-term damage to the company’s reputation.

Supply Chain Vulnerabilities: If a compromised company is part of a larger supply chain, the cyber attack can extend its reach to other organizations connected to the network. This ripple effect can further amplify the impact of the initial breach, potentially disrupting entire industries and causing significant economic damage.

Preventive Measures and Mitigation Strategies

To mitigate the risks highlighted above, it is imperative for companies to prioritize their cybersecurity efforts. Here are some recommended preventive measures:

Robust Physical Security: Strengthening physical security measures, including improved surveillance, alarms, and reinforced entry points, can help deter unauthorized access and limit opportunities for protesters to install Red Team hardware.

Network Monitoring: Implementing advanced network monitoring tools can aid in the detection of any suspicious activities or unauthorized access attempts, enabling a swift response to potential threats.

Regular Security Audits: Conducting regular security audits and vulnerability assessments can identify weaknesses in the system and help implement necessary safeguards.

Employee Awareness: Educating employees about the risks of social engineering and physical tampering can help them identify and report suspicious behavior promptly.

Conclusion

While protests serve as an important avenue for expressing grievances, the potential exploitation of such events to compromise cybersecurity is a growing concern. The recent incidents of protesters breaking into stores like Apple Store and Orange in Paris highlight the need for heightened security measures to mitigate the risks posed by Red Team hardware installation. Companies must remain vigilant, continuously enhance their cybersecurity practices, and collaborate with law enforcement agencies to prevent unauthorized access and safeguard sensitive data. By doing so, they can maintain the trust of their customers and protect themselves from potential cyber threats, ultimately ensuring the long-term sustainability of their businesses.

Thoughts? Would you like to learn more about Red Team devices? Let me know in the comments.

@simonroses

Posted in Economics, Pentest, Security, Technology | Tagged , , , | Leave a comment