Sunday, October 15, 2017
Mobile WiFi Jamming (Disrupting WiFi Networks with Mobile Devices) Tom Nardi | 01.09.15 Categories: Blog
At this point, everyone should be pretty familiar with the “rogue AP” concept: an attacker creates an innocent enough looking WiFi access point, hopes people connect to it, and then does nasty things when they do. It’s simple to setup, hard for the average user to detect, and increasingly common.
But putting up an access point is only half the battle. How do you get victims to actually connect to an rogue AP once it’s setup? An attacker can give it a tempting name, and if it’s the only open AP in an area with nothing but encrypted networks it may have a shot, but more often than not the client machines are going to connect to whatever their appropriate network is and ignore any other APs that may have popped up. So the question is, how could one nudge an unsuspecting user off of their own WiFi network and onto another one?
One way is to simply blast the rival networks off the air.
Air Superiority
To be very clear, calling this technique jamming is inaccurate, but that hasn’t stopped a number of developers from using the term, so we’ll just play along for the sake of consistency. To properly jam WiFi (or any other form of radio communication), you basically blast out a lot of random noises on the frequencies that particular technology uses. It’s conceptually very simple, but also a very big infraction as far as our friends at the Federal Communications Commission are concerned; so it isn’t something you won’t be doing with any consumer-level WiFi hardware.
Since jamming on the hardware level is out of the question, a number of developers have found a way to clog up WiFi communications in software. This is much more akin to a denial of service attack, where tools are used to repeatedly spam deauthentication packets at WiFi access points and clients to force them to disconnect. With the appropriate software and a powerful WiFi adapter that supports packet injection, an attacker can put a stranglehold on legitimate communications.
There are a couple of ways it can be done, but for this example we will look at wifijammer by Dan McInerney.
Installing Wifijammer
This tool takes the form of a single Python script, wifijammer.py, that you can grab right from GitHub. Installing it on your device is as simple as opening the terminal and running:
Once you’ve cloned the Git repository and entered the newly created directory, you should be able to run it right away. Unfortunately, when you try and run it you’ll probably get an error about not being able to find “./dvips”.
A little digging around shows this is actually a bug in the python-pyx package that’s been floating around since at least 2012. You can get around this by simply removing the python-pyx package with “apt”, but that will also remove wifitap, which you may not want to do.
In the end, as silly as it sounds, the easiest workaround for this bug is to simply create an empty directory named “dvips” so it finds what it’s expecting:
mkdir ./dvips
After creating the directory (or removing python-pyx), you just need to plug in your external WiFi adapter and you’re set.
Note: In testing, it has been found that unplugging the external WiFi adapter after running wifijammer has a tendency to lock up the device. It’s suggested that you shutdown the device before disconnecting the external adapter to prevent data loss.
Radius Jamming
If ran with no options, wifijammer will select the strongest WiFi interface on your device that supports packet injection (your external WiFi adapter) and puts it into monitor mode. It will spend a few seconds on each WiFi channel collecting data, and then once it has a list of clients and APs, it starts rapidly going through them and firing out deauthentications.
The top of the screen will show the devices that have been deauthenticated, while the bottom of the screen will continually scroll devices that wifijammer has detected.
With a powerful external WiFi adapter, a setup like this will destabilize the WiFi networks within a fairly large radius, say a few hundred feet.
But it’s a completely non-discriminatory attack, it will try to knock out every WiFi network it sees. It may however be advantageous to try and jam one specific access point, or perhaps even just one client device. In other cases the broad radius attack may fail, and a more direct approach is required. For those situations, wifijammer has a number of options to tailor the attack to the situation at hand.
Targeted Jamming
The advanced parameters for wifijammer let you specify things like the target’s MAC address and channel, as well as some under the hood options like how many packets to send and how long to wait between deauthentications.
A good starting point for experimentation is something like the following:
wifijammer -c -a -p 5 -d
Aside from the obvious channel and target variables, the -p option tells wifijammer to send 5 deauthentication packets at a time, and the -d option disables sending deauthentication packets to broadcast addresses (this speeds up the attack, and many devices ignore them anyway).
Practical Use
In practice, tools like wifijammer can be used to disable some or all of the WiFi networks in the target area, which can lead unsuspecting users to an rogue AP under an attacker’s control. It’s important to realize that attacks like this cannot literally force a target to switch networks (they would still need to select the rogue AP in their device’s network settings), but it may give them the impetus to check for additional networks where they otherwise wouldn’t have.
When deployed from a mobile device like the Pwn Pad or Pwn Phone, WiFi jamming attacks can be especially effective, as the source of the transmission can be brought in extremely close to the targets (such as in a coffee shop, office, or other public place) without arousing suspicion.
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt'04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.
In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.
Cryptanalytic side-channel attacks target implementations of cryptographic algorithms which, while perhaps secure at the mathematical level, inadvertently leak secret information through indirect channels: variations in power consumption, electromagnetic emanations, timing variations, contention for CPU resources such as caches, and so forth (see [And08] for a survey). Acoustic emanations, i.e., the noise generated by computers, are one such potential channel. Eavesdropping on keyboards and printers has been well-demonstrated [AA04, ZZT05, BDG+10]. Mechanical noise from fans and storage devices such as hard disks are obviously indicative of system activity, but seem to carry very coarse information that is apparently of little use for cryptanalysis.
We focus on a different source of computer noise: vibration of electronic components in the computer, sometimes heard as a faint high-pitched tone or hiss (commonly called "coil whine", though often generated by capacitors). These acoustic emanations, typically caused by voltage regulation circuits, are correlated with system activity since CPUs drastically change their power draw according to the type of operations they perform. However, the bandwidth of these signals is very low: up to 20 kHz for audible signals and commodity microphones, and up to a few hundred kHz using ultrasound microphones. (Beyond these frequencies, air attenuation and reduced microphone sensitivity render the signals undetectable.) |1| Cryptanalytic side-channel attacks typically require measurements with temporal resolution similar to the time scale of the target operation, but here the target cryptographic computation is many orders of magnitude faster (at the GHz scale), so we have no hope of observing individual operations. Moreover, the acoustic signals of interest are very faint. Indeed, a recent survey on side channels surmised that while "acoustic effects have been suggested as possible side channels |2|, the quality of the resulting measurements is likely to be low" [KJJR11].
Acoustic cryptanalysis. We show that, despite these difficulties, full key recovery via acoustic cryptanalysis is quite feasible on common software and hardware. As a study case, we focus on the GnuPG (GNU Privacy Guard) [Gnu], a popular, cross-platform, open-source implementation of the OpenPGP standard [CDF+07]. We observe that GnuPG's RSA signing (or decryption) operations are readily identified by their acoustic frequency spectrum. Moreover, the spectrum is often key-dependent, so that secret keys can be distinguished by the sound made when they are used. The same applies to ElGamal decryption. We devise and demonstrate a key extraction attack that can reveal 4096-bit RSA secret keys when used by GnuPG running on a laptop computer, within an hour, by analyzing the sound generated by the computer during decryption of chosen ciphertexts. We demonstrate the attack on various targets and by various methods, including the internal microphone of a plain mobile phone placed next to the computer, and using a sensitive microphone from a distance of 4 meters.
In a nutshell, the key extraction attack relies on crafting chosen ciphertexts that cause numerical cancellations deep inside GnuPG's modular exponentiation algorithm. This causes the special value zero to appear frequently in the innermost loop of the algorithm, where it affects control flow. A single iteration of that loop is much too fast for direct acoustic observation, but the effect is repeated and amplified over many thousands of iterations, resulting in a gross leakage effect that is discernible in the acoustic spectrum over hundreds of milliseconds.
Low-bandwidth power and voltage analysis. With this technique for inducing robust low-bandwidth signals, we revisit other channels and observe that similar leakage can often be induced, acquired, and exploited. For example, in many computers the "ground" potential fluctuates (even when connected to a grounded power supply) and leaks the requisite signal; this can be measured by touching exposed metal on the computer's chassis, or at the remote end of VGA, USB and Ethernet cables. We can also acquire and exploit these low-frequency signals by power analysis, using measurement of the power supply current, even if the clockrate-scale high frequencies (needed for standard power analysis) have been filtered out.
Chosen-ciphertext channel by e-mail. The key extraction attack requires decryption of ciphertexts adaptively chosen by the attacker. Prior works requiring chosen plaintext or ciphertext typically attacked network protocols such as SSL/TLS [BB05] or WEP [BGW01, BHL06], or used direct access to a protected device's input. To apply the attack to GnuPG, we identified and exploited a new chosen-ciphertext attack vector: OpenPGP encrypted e-mail messages. We specifically targeted Enigmail, a popular plugin to the Thunderbird e-mail client that enables transparent signing and encryption of email messages using GnuPG, following the OpenPGP [CDF+07] and PGP/MIME [ETLR01] standards. Enigmail automatically decrypts incoming e-mail (for notification purposes), as long as the GnuPG passphrase is cached or empty. In this case, an attacker can e-mail suitably-crafted messages to the victims, wait until they reach the target computer, and observe the acoustic signature of their decryption, thereby closing the adaptive attack loop.
HACKING NATO SERVERS Connecting to a RDS Server from a Local Computer Using SSH Tunneling on a Mac
Connecting to a RDS Server from a Local Computer Using SSH Tunneling on a Mac
Solution
If you scour the internet there appear to two main solutions.
- Add your IP address to a whitelist on rds, but could be problematic since your IP address will probably change.
- Connect to the RDS instance using SSH tunneling.
I had not set up SSH tunneling before and for some reason had a hard time tracking it down. I use sequl pro to inspect our database sometimes, and I realize I was able to connect using SSH tunneling via their gui interface.
So, what is the solution?
There are two steps:
- Set up the SSH Tunnel
ssh -N -L 3306:your.rds.endpoint.rds.amazonaws.com:3306 sshuser@yourserver.com
-N only set up the tunnel
-L set up the forwarding
3306
that first number is the port on your local machine
your.rds.endpoint.amazonaws.com The name of the rds endpoing
3306 the port on the remote computer
sshuser@yourserver.com how you log in to your ec2 instance
2. Use the SSH Tunnel
mysql -u dbuser -p -h 127.0.0.1
This lets you connect to the remote rds instance. Note that you have to use the host here 127.0.0.1 explicitly and that it is not the host you set up earlier. This is because it is now forwarding all of the requests. That’s all.
To be clear on how the ports work, here is another example
ssh -N -L 1234:your.rds.endpoint.rds.amazonaws.com:3306 sshuser@yourserver.com
mysql -u dbuser -p -h 127.0.0.1 -P 1234
This says forward from port 1234 on my computer to port 3306 on the remote instance. I just used 3306 in both as the defaults.
Subscribe to:
Posts (Atom)
