Wireless Presenters Attacked Using an Arduino 69
An anonymous reader writes "This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to get remote code execution by sending arbitrary keystrokes to the presenter dongle. He has now released the code and made a blog post explaining how it all works. Better watch out the next time you're giving a presentation using one of these devices!"
This is why standard protocols help (Score:5, Insightful)
Re:This is why standard protocols help (Score:5, Insightful)
While Bluetooth certainly has its issues and took a while to address all the early security concerns, I really wish wireless device creators would stop rolling their own protocols.
Yeah, but then the maker would have to licence the technology and that adds cost. The chip used in the device doesn't come with Bluetooth. It's a very simple chip.
I suspect that the problem here is that the engineer just didn't think about security.
Re:TV / VCR Remote in class (Score:4, Insightful)
In other cases, I imagine, the engineer in charge of knocking together the receiver unit (correctly) realized that implementing a general-purpose system for taking arbitrary keycodes encapsulated in whatever the proprietary RF protocol is and dumping them to the host system just like any USB HID device wouldn't be much harder than implementing just the 6 keycodes found on revision 1 of Product X and would save him from having to do it again when revision 1.1 adds another couple of buttons, and revision 2.0 has to have a special button for the ribbon interface, or whatever it happens to be.
Re:In summary (Score:3, Insightful)