Posts Tagged ‘wifi’

rpp0/aggr-inject · GitHub

Thursday, July 2nd, 2015

aggr-inject is a proof-of-concept implementation of the A-MPDU subframe injection attack, which allows an attacker to inject raw Wi-Fi frames into unencrypted networks remotely. The PoC exploits a vulnerability in the 802.11n frame aggregation mechanism and can be performed against almost any modern Wi-Fi chipset, given that the target is connected to an open network. Results from this research were published in a paper and presented at the ACM WiSec 2015 security conference.

DarkHotel hackers targets company bosses in hotel rooms

Friday, November 14th, 2014
Kaspersky video still Security researchers believe DarkHotel has targeted hotel guests for seven years

Related Stories

Companies are being warned about ongoing hack attacks that target hi-tech entrepreneurs and other corporate executives in their hotel rooms.

The campaign has been dubbed DarkHotel and is believed to single out specific senior staff when they log in to the net via wi-fi or an Ethernet cable.

The technique puts data at risk even if the employees are using encryption.

The attacks began in 2007, according to research firm Kaspersky Lab.

“The fact that most of the time the victims are top executives indicates the attackers have knowledge of their victims’ whereabouts, including name and place of stay,” said the Russian security company.

“This paints a dark, dangerous web in which unsuspecting travellers can easily fall.”

The firm’s research indicates the majority of the attacks to date have taken place in Japan but that visitors to hotels in Taiwan, mainland China, Hong Kong, Russia, South Korea, India, Indonesia, Germany, the US and Ireland have also been targeted.

It said that the effort was “well-resourced”, but it was unclear who was responsible.

One independent expert said the hacks should not come as too much of a shock.

Adobe Flash update The malware was attached to legitimate updates for Adobe Flash and other software

“It’s unsurprising given the high value of the targets,” commented Dr Ian Brown, from the Oxford Internet Institute.

“This is perhaps a wake-up call to big company CEOs who weren’t already aware that this kind of thing was going on.”

Copied certificates

The scheme works by requesting that the targeted user installs an update to a popular software package shortly after they connect to the net.

Examples include new versions of Adobe Flash, Google Toolbar and Windows Messenger.

The installation files include legitimate software, but with the DarkHotel code added on.

To prevent the malware being detected, the hackers use certificates – the equivalent of a digital password, used under normal circumstances to confirm software is trustworthy.

Hotel visitor The majority of the detected attacks targeted visitors to Japanese hotels

They were able to do this by taking copies of valid certificates that were protected by relatively weak levels of encryption, which they were capable of breaking.

Kaspersky said that examples of spoofed certificates that its researchers had found included ones issued by Deutsche Telekom, Cybertrust and Digisign.

The result is that the hackers can then employ other types of malware.

These are said to include:

  • Keyloggers – used to record and transmit a user’s individual keyboard and mouse presses in order to monitor their activity
  • Information stealers – used to copy data off the computer’s hard drive, including passwords stored by internet browsers, and the logins for cloud services including Twitter, Facebook, and Google
  • Trojans – used to scan a system’s contents, including information about the anti-virus software it has installed. The findings are then uploaded to the hackers’ computer servers
  • Droppers – software that installs further viruses on the system
  • Selective infectors – code that spreads the malware to other computer equipment via either a USB connection or shared removable storage. These targets appeared to be “systematically vetted” before being infected
  • Small downloaders – files designed to contact the hackers’ server after 180 days. The belief is that this is intended to let them take back control if some of the other malware is detected and removed

The researchers said workers for electronics manufacturers, pharmaceutical companies, cosmetic makers, car designers, the military and non-governmental organisations had all been targeted.

They added that the employees had probably been identified by the last name and room number they were required to enter in order to access the internet, inferring that they must have had a separate way to determine their targets’ travel dates, assigned room numbers and other details.

“The attackers were also very careful to immediately delete all traces of their tools as soon as an attack was carried out successfully,” they added.


BBC News – DarkHotel hackers targets company bosses in hotel rooms.

‘Kitteh’ finds all the unsecure Wi-Fi with new Cat Collar – Enterprise – |

Monday, August 11th, 2014

war kitteh

A new hi-tech cat collar designed to sniff out unsecure Wi-Fi connections, known as the ‘War Kitteh’, has been showcased at one of the world’s largest hacking events.

Known as Def Con, the convention held in Las Vegas brings some of the world’s brightest and best hackers together and, in many cases, showcases unique and strange security tools.

The War Kitteh collar, while appearing entirely harmless, actually contains a Spark Core Wi-Fi development board which uses the operating system to ‘sniff out’ any Wi-Fi broadcasting devices in people’s homes that might be unsecure. The cat’s location, meanwhile, is monitored using GPS and data stored on the device’s SD card, according to The Guardian.

However, the War Kitteh collar’s creators at Tenacity Solutions have emphasised they don’t intend to release an army of fluffy soldiers to harvest homeowners’ Wi-Fi information, but rather to raise awareness amongst them over the vulnerabilities that exist in their systems.

On one of its test runs, the War Kitteh-wearing cat picked up 23 vulnerable premises, four of which had no password protection on them.

Gene Bransfield of Tenacity Solutions told The Guardian the hacking community has spent far too long abusing its position and knowledge, rather than sharing it with the wider public.

“It’s been a failure of the industry and of Def Con-like hackers to appropriately communicate this stuff to people,” he said. “We need to do a better job of communicating this stuff … You don’t want to scare the shit out of them. You want to effectively communicate to them what the issues are.”

via ‘Kitteh’ finds all the unsecure Wi-Fi with new collar – Enterprise – | – Ireland's Technology News Service.

Multiple Cisco Wireless Gateways Vulnerable to Remote Attacks

Monday, July 21st, 2014

ultiple Cisco Wireless Residential Gateway products have a security vulnerability in the web server that could allow a remote attacker to hijack the devices remotely.

Cisco announced that a number of its Wireless Residential Gateway products are vulnerable to a remote-code execution attack, which is exploited by sending a specially crafted HTTP request to the web server running on the affected device.

According to Cisco, the flaw is due to the incorrect input validation for HTTP requests, which could allow an attacker to exploit a buffer overflow and run arbitrary code on the device. The bug is about as serious as they come, giving remote, unauthenticated attackers access to the affected machines.

“Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges,” the Cisco advisory says, and until now, “There are currently no known workarounds available for this vulnerability.”

The Cisco products affected by the vulnerability are as follows:

Cisco DPC3212 VoIP Cable Modem

Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway

Cisco EPC3212 VoIP Cable Modem

Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway

Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem

Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA

Cisco Model EPC3010 DOCSIS 3.0 Cable Modem

Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Cisco said the security bug exists in the devices whether they are configured in a Gateway mode or Router mode on home or small office gateways.

Cisco uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. This vulnerability received a most critical rating according to its CVSS i.e. base score 10. The vulnerability was reported by Chris Watts of Tech Analysis to Cisco.

Cisco has released and distributed free software updates to its service provider customers that address the vulnerability, the service providers would further pass-on to the affected home and small office customers. The customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix.

via Multiple Cisco Wireless Gateways Vulnerable to Remote Attacks.

FCC proposes $1B per year for Wi-Fi in schools | PCWorld

Friday, June 20th, 2014

U.S. schools could get a cool billion to set up Wi-Fi networks to connect more than 10 million more students by the 2015-2016 school year under a new FCC proposal.Three out of five schools don’t have the Wi-Fi they need, yet no money was available for Wi-Fi last year under E-Rate, the U.S. Federal Communications Commission’s Internet funding program for schools and libraries, FCC Chairman Tom Wheeler said Friday in a proposal circulated to the agency’s other commissioners.Wheeler’s plan would allocate US$1 billion in E-Rate funds for Wi-Fi next year and another $1 billion in 2016, with the goal of getting Wi-Fi to more than 10 million additional students in each of those years. It also calls for predictable funding in future years. If the agency takes action this summer, the Wi-Fi upgrades could be in place for the 2015-2016 school year, according to the proposal.

via FCC proposes $1B per year for Wi-Fi in schools | PCWorld.

Who Needs Keys? Siri Hack equates to Digital Jigglerz

Friday, April 18th, 2014

GoogolPlex answers your commands in one of two ways, depending on your request. Conversational requests, like “tell me a joke,” will simply show up as HTML on your phone’s web browser. However, app-based commands such as “GoogolPlex, post a pficture to Instagram,” use a redirect scheme to open the appropriate software.

It might sound a bit technical, but using GoogolPlex is fairly straightforward — and you can try it today without jailbreaking your phone or downloading anything. After signing up on, you’ll simply open your iPhone’s WiFi settings and change your HTTP Proxy settings to Auto with “” in the URL box.

The Four Loop mentions that third-party app integration won’t work until GoogolPlex hits the App Store, but you can try a few demo commands such as “GoogolPlex, tell me a programming joke.” The Four Loop has ambitious plans for its Siri hack, as the GoogolPlex concept video shows a user interacting with Nest home electronics, opening specific Spotify songs and unlocking a car door all with voice commands.

Apple will likely beef up Siri for iOS 8, but it looks like GoogolPlex beat it to the punch.

via Who Needs Keys? This Siri Hack can Unlock Your Car – NBC

Comcast may be teaming up with Verizon for VoIP service – Android Community

Wednesday, April 9th, 2014

From The Information, we learn that Comcast may take a VoIP wireless service mainstream. While a WiFi connection works around the home, it won’t be something we can use anywhere, any time. It’s believed Comcast may also try to operate as an MVNO on Verizon’s network to bolster the VoIP service. Republic Wireless has done this “VoIP/MVNO” thing with moderate success, so it’s not unheard of.

via Comcast may be teaming up with Verizon for VoIP service – Android Community.