Is it possible for let’s say a hacker to obtain a list of users connected to a WPA2 secured WiFi, if he doesn't know the password and will not be able to obtain it in any way ?
Yes kind of.
You can read out the MAC - Addresses of connected devices without having the passkey. You just would have to run a passive scan.
The MAC - Address is not necessarily unique as you could change it on most devices.
Needless to say:
It's illegal to obtain such data in other Wifi's than your own as this is a breach in personal privacy.
Related
I'm building a commercial esp8266 device. I need it to connect to WiFi to use the device with an app.
I managed to connect it via both WPS and Access Point (getting the SSID and Password from the app by connecting to the Access Point).
I'm trying to understand which of these two would be ideal for commercial use.
WPS compromises network security until a device connects but it is super fast.
AP doesn't compromise security but it is slower + the user loses his WiFi connection until he passes the SSID and Password.
Another problem is that people might not be able to find the WPS button on their router.
Which of these two methods of connecting to WiFi should I use?
So, essentially what should I choose between Speed and Security?
Edit: It's important to note that multiple commercial devices use WPS to connect (printers for example).
In a commercial setting using WPS makes no sense at all, just use the access point information as you do not want to have any chance of security breach.
I am not sure if this is correct but I did see an advert in the newspaper about secure remote access using two usb. One USB is plugged into remote PC and the other USB plugged into the machine through which I am connecting from. It creates the secured remote access without any need of third party software like logmein or gotomyPC or any other commercial remote software.
Can anyone suggest if this is possible and if anyone currently doing this ?
There are 3 basic ways:
secure everything on your pc, by encrypting all files on it with USB
dongle, for example GuardKey or any similar. Btw in China this
method is very popular to keep files safe and no files leaking
outside companies as file actions are logged (can't say what exact dongle they use);
make secure connection between computers by using VPN tunnel
(very popular these days for users), no extra hardware needed;
For server is HSM (hardware security module) what can be as a
box and is considered as military grade or cheaper solution USB
dongle and on other end USB dongle or embedded chip capable to
decrypt and crypt all in/out going data stream usually combined with
KMS (key management software) what can be embedded in hardware or
separate install-able.
I want to figure out the protocol between 2 Bluetooth devices (BT, no BLE). I know they are using SPP as I can use https://github.com/eelcocramer/node-bluetooth-serial-port to connect to the slave.
I was wondering if I could do a MITM attack by emulating the slave so the real master connects to me and to pipe the data through to the real slave?
Does such a tool exist or should I write one myself?
Thanks,
Sam
To answer my own question: YES, it is possible. I successfully did a man-in-the-middle attack using btproxy. I also used bdaddr to spoof the MAC address.
I have a collection of wifi enabled linux devices.
I would like to configure one to use the wifi and the rest to automatically join the same network. It seems to me if I could set up a data link client/server model, all the devices could exchange network credentials and join the same wifi network. Is this possible? Can it be done over command line? How can devices communicate when they have not yet joined a network or received and ip address?
For your devices to communicate they need to connect to something. Since your goal is to have them learn WiFi credentials X, we should assume they can't use credentials X to connect to each other. So they'll have to do something peer-to-peer. Some ideas:
Have the one device which knows credentials X create an "ad hoc" WiFi network. Have the others join it and connect to the creator to learn credentials X.
Use an alternate protocol for credential exchange, such as Bluetooth.
Neither of these ideas will be best implemented in Bash. Something like Python or C may be easier.
I'm currently developing a wireless connectivity between two embedded devices over 802.15.4 RF protocol. One of the devices is the coordinator(server), and the other is a node(client)
I want to make sure that only specific vendor devices will be able to communicate with the coordinator.
What's the best approach to authenticate a device to the coordinator, so other devices couldn't try to cheat. the messages are over RF so anyone can listen to them with a sniffer.
You could filter by MAC address, since all devices from a single manufacturer will start with the same three-byte OUI.
It would be better to look into the security options of ZigBee though. You could configure all of the devices with a secret, pre-shared key, and only devices with that key will be able to join your network.
Or, look at the Smart Energy model, where each device has a unique pre-shared key. The coordinator is given a MAC address and an install code out of band (some method other than over the ZigBee network) and will then allow that single device to join the network.
What level of security are you looking for? Something to prevent accidental interference by non-participating devices, or something to protect sensitive information from prying eyes? If the latter it's best not to try rolling your own solution as it's very hard to get absolute security right. As mentioned in the last answer: a ZigBee stack would provide a comprehensive solution to the problem, but the cost is added complexity and higher spec hardware (you'd need at least 128kB flash, and 4-8kB RAM to run all classes of ZigBee device comfortably).