this post was submitted on 07 Jul 2023
4 points (64.3% liked)

Selfhosted

39921 readers
392 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
4
Why learn to hack wireless signals in a homelab? (lemmy.world)
submitted 1 year ago by MigratingtoLemmy@lemmy.world to c/selfhosted@lemmy.world
10 comments fedilink hide all child comments
 

publication croisée depuis : https://lemmy.world/post/1122992

Hi, I realise that this might not be a question for this community; that said, this community is fairly big so I'm sure plenty of people here are already doing this.

I have been interested in hacking wireless infrastructure for a while now, but I'm struggling to find motivation in my day-to-day life to actually embark on said journey. Frankly speaking, I don't see a point to do so in a modern homelab. If someone is using WPA3, no unsecured wireless connections like Bluetooth, and uses strong passwords, how would someone realistically hack them without a good amount of time/resources?

One avenue that I came up with, related to wireless hacking, is with IOT. I do not know much about the security of various wireless protocols like Zigbee, or if one can somehow decrypt MQTT messages (they are sent using TLS, yes?) or anything of the sort. Other than this, I'm really struggling to see a practical point in pursuing action in this field (other than the basics like upgrading to the most secure protocol and maintaining digital hygiene) unless one is interested in wireless hacking from pure interest (without any need for motivation stemming from problems in their lab).

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] Saigonauticon@voltage.vn 4 points 1 year ago (1 children)

Overall, I use "strange WiFi things" techniques for two useful things : audit security cameras, and foxhunting.

I use it to test wireless security cameras on my home network -- to see if I can deauth them and/or force them to reconnect to spoofed access points. If it's easy, then either the router or the cameras are being useless, and I upgrade/replace. Obviously WiFi security cameras can't be made super secure, but if I know how good they are, I can conclude when they are 'good enough'.

I only buy routers that support secure management frames, but I want to make sure that it actually works as it should. I test client networks too, with permission, and then plug security holes.

I also specifically disable secure management frames and deauth my cameras to see how they respond. If the system just 'freezes' without any warning being raised (and then resumes on reconnect), that is also a fail. Connection dropping must raise some form of alert.

Then for foxhunting, I build multiple antennas and listen to traffic. Then I use the RSSI to perform multilateralization on the signal to get a vector on their position. You can get 3-5m accuracy with some work. This is a neat but complicated way to build an indoor positioning system to track employees, corporate assets, and employees that you treat like corporate assets.

Also you can sometimes hack together WiFi ToF measurements but this is tricky and not widely supported.

[–] MigratingtoLemmy@lemmy.world 1 points 1 year ago

This sounds very interesting. I would definitely like to be able to know the intricacies of how I am tracked at work. I assume that in the scenario you describe, said employees are connected to the office WiFi network. Maybe there's a way for the office to determine one's location even if they aren't?

I am definitely interested in testing IOT devices and their resilience to attacks, however I don't think I'll have much luck if I'm using something like Tasmota. I might want to check for devices I program myself though. Thanks.

I have yet to fully understand protected management frames, but I believe most operating systems meant for such devices will ship with WPA3 very soon that will require the use of the former technology. I personally want to run OPNSense and OpenWRT, I hope that will keep me relatively secure.

There are a few terms here that I don't know about, but thank you for your comment. I'll explore more!