Dailydave mailing list archives
Re: Without Wires
From: Tracy Reed <treed () ultraviolet org>
Date: Wed, 4 May 2011 12:39:37 -0700
On Wed, May 04, 2011 at 09:15:27PM +0430, Mohammad Hosein spake thusly:
at the risk of being very off-topic i got a question which can be relevant to SILICA at some points . i've read all sorts of crap about direction finding of Wifi targets from people who dont know what they are talking about including
DF/TDOA would be a really nice capability. Way back in 2002 I did this warflying thing: http://tracyreed.org/Writings/warflying http://www.computerworld.com/s/article/73901/War_flying_Wireless_LAN_sniffing_goes_airborne I did it in San Diego and then TechTV invited me up to San Jose. I flew the plane up and appeared on their show and took their reporter for a demo flight and found massive numbers of APs. There would surely be even more today. It was fun but and I have occasionally considered doing it again but aside from the obvious facts that it works and you can see a lot of APs from a couple thousand feet up we didn't learn much so I haven't seen any good reason to try again. Back then we were mostly just interested in unsecured APs. Now of course we would be interested in unsecured and weakly encrypted (WEP etc). Those who are so inclined might be interested in actually cracking the weak encryption and discovering the keys and perhaps even exploring the networks. We passively received and did not transmit on our flights to avoid legal ambiguity. Time over target can get expensive when aircraft are involved although it can be kept down to as low as $50/hr or maybe even less so it wouldn't take much to discover every AP in a whole metro area. A smallish haul of card numbers resulting from the flights would easily cover it: I always consider how much an attacker would stand to gain when considering how likely they are to do something as outlandish as aerial wireless recon. Hmm...I just realized something: A few months ago I attended a briefing by SoCal Approach TRACON. This graphic was presented: http://imgur.com/ul5d6 These are the tracks of all of the aircraft going into and out of CRQ during a 12 hour time span. You can seee the blue tracks inbound for landing coming in from the right (east), the green tracks departing to the left (west), and the tracetrack of the traffic pattern connecting the departures and arrivals. Notice the parallel orange lines left to right (east to west) all up and down the image. Looks like a search pattern. This seems likely to be mostly one aircraft's track, you can almost see the turnarounds on each end. When I first noticed it I wondered what the heck this guy might be doing. Now I have one more thing to add to the list of possibilities. :) Being able to collect semi-accurate location data on the actual AP (instead of just recording the GPS location of the aircraft when the AP was detected which just results in a plot of the aircraft path) would be very nice for aerial discovery and exploration followed by driving to the area for more lengthy probing. Someone with automation like SILICA could open up and explore networks for vulnerabilities and recon a lot of networks fast. It's a shame a good samaritan cannot legally do this kind of mass-recon for the purposes of writing a paper or offering consulting services to improve the security posture of vulnerable networks. Instead they will just have to wait to be notified by their acquiring bank that they have a problem. Making money by flying while also improving the state of computer security is my dream job.
On Wed, May 4, 2011 at 8:12 PM, dave <dave () immunityinc com> wrote: So SILICA has been around for a while - essentially automating wireless attacks in
I don't see a buy link on that page... Does one have to call? -- Tracy Reed
Attachment:
_bin
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Without Wires dave (May 04)
- Re: Without Wires Mohammad Hosein (May 04)
- Re: Without Wires Tracy Reed (May 04)
- Re: Without Wires Mohammad Hosein (May 04)
- REĀ : Without Wires Marc OLANIE (May 05)
- Re: Without Wires Kristian Erik Hermansen (May 05)
- Re: Without Wires Tracy Reed (May 04)
- <Possible follow-ups>
- Re: Without Wires Kristian Erik Hermansen (May 04)
- Re: Without Wires Mohammad Hosein (May 04)