29 May 2013

The fly-by, Wi-Fi hacking machine

There's something unusual about the motorcycle Denis Andzakovic likes to ride.

In addition to being able to transport Andzakovic, 22, from A to B, it can also allow him and others to "terrorise their neighbours" by scanning for Wi-Fi access points as it passes them.

Kitted out with a miniature Raspberry Pi computer for a heads-up display (HUD) integrated in an external helmet, two Mikrotik routers, wireless sniffing and attack tools, GPS and a netbook, the motorcycle is able to detect wireless access points and plot them on Google Maps.


It can also wreak havoc by kicking users off Wi-Fi networks on the fly by sending out what's called "deauthentication packets". When Andzakovic gets home he can then attempt to crack the security of protected access points using data collected while passing them.

A New Zealand IT security consultant and motorcycle enthusiast, Andzakovic showed off his custom Suzuki Boulevard M50 on Thursday at the AusCERT security conference on the Gold Coast.

Speaking with Fairfax Media after his talk, Andzakovic said he got into the security industry about a year ago and has been "chopping up and building bikes" since he was about 15.

"My older brother rode a motorcycle so it was something I was always interested in," he said.

"I didn't really have the cash to buy one outright so I ended up building my first bike and that's how I got into the whole mechanics and automotive side of things," he added.

When asked why he built the bike, he said he did it because it "seemed like a good idea".

I suppose for the day-to-day stuff [at work] we really needed something that was like a Wi-Fi review platform that we could go and use when we're doing wireless network penetration testing and things like that," Andzakovic said. "Part of me just wanted to combine the two things that I do, and really enjoy doing, that have absolutely nothing to do with each other, and find a way to go and make them go and talk to each other," he added.

While riding, recently passed Wi-Fi access points are shown on the top left of the head-mounted display, with the colours yellow, green or red indicating what type of security they are using. The centre of the display shows a constantly updating bar graph that presents information on the amount of packets and data transmitted between the access points and the bike.

"So when you ride through a Wi-Fi-dense area you get all these pretty colours," Andzakovic said.

After AusCERT helped ship his bike to Australia, he rode it around the Gold Coast to see how secure local Wi-Fi was.

He found 26.91 per cent of wireless access points he surveyed on the Gold Coast had no Wi-Fi security at all, which he partly put down to hotel Wi-Fi, which is usually left open for ease of use.

A further 6.13 per cent used a form of WEP encryption, which has been found to be easily cracked. The rest, 66.98 per cent, used a form of WPA security, which is generally considered fairly secure if a complex password is used.

(Photos: Denis Andzakovic)
 

 smh.com.au 24 May 2013

Another blatant lie perpetuated by the corporate media.

Since technology is a very dynamic environment, new terminology is constantly being added to the English vocabulary.

What Mr. Andzakovic is doing is actually war driving and NOT hacking.

See wikipedia article which was first described in 2004

http://en.wikipedia.org/wiki/Wardriving

This fact should be well known to a Deputy technology editor of a corporate media outlet.

By the same token Google should have been in the print media as 'hacking', while they were taking photos of the suburban streets for Google Street View.

Here are some comments from Sydney Morning Herald readers:

It isnt hacking. Every device with inbuilt wifi does exactly the same kind of survey for access points on a schedule to show you which access points are nearby. Most do this whether you have the wifi connection program open or not
If that was the definition of hacking, the courts would be very busy.
Just a quick summary:
Accessing open networks without security isnt illegal.
Capturing packets from secured networks for later decryption isnt illegal either.
Decrypting captured packets from secured networks isnt illegal either.
Using the decrypted password and then connecting to the secured network is illegal.
Commenter
stylemessiah Location Date and time May 24, 2013, 6:58PM
 
Hasn't Hollywood taught you anything?
Anything that involves either a command line interface, or purely text output, is hacking, and EVIIIIIIIIL!

But I agree, the term "Hacking" is used purely to grab attention and clicks on the headline, rather than being accurate in even the most basic sense of the word. Once again, Fairfax shows their quality of reporting. "Dont let the truth get in the way of a good story".
Commenter MrDamage Location  Date and time May 25, 2013, 1:13PM

No comments: