Two Wheeled Wi-Fi Sniffing Robot 81
paulnuyu writes "ZDNet/MSN has an article about a robot that detects Wi-Fi vulnerabilities and intrusions. The two wheeled robot made by the Shmoo Group cruised around the DefCon convention in Vegas last Sunday, picking up telnet and POP passwords. Though still a prototype, the shipping version is projected to have autonomous steering capabilities."
Telnet and POP? (Score:5, Insightful)
If anyone is still using plaintext to send passwords over their lan they are insane. I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.
Re:Telnet and POP? (Score:5, Interesting)
Well, a lot of people don't have any choice. Our cable ISP here, for example, provided the usual email accounts, and for a lot of customers, that is their only email. If you use it, you have no choice other than POP, and I haven't seen anything in several mailers that talks about encrypting the passwords. Our ISP doesn't actually block port 25, so you could run your own mailer. This isn't feasible for most customers, though, for several reasons. One is the dynamic IP addresses and insane hostnames. I've fixed that by using one of the many independent registration services, but to most customers, that would be utterly baffling and unusable. Another problem is that running your own email server is in fact in violation of the TOS in the ISP's contract, and they can legally block your port(s) or kick you off entirely at any time, without warning or recourse.
So for most non-geek customers, unencrypted POP passwords are the only option. There's probably no way they could even learn from the ISP that there's a problem; they certainly wouldn't get (or understand) any advice on how to fix it.
(Myself, I use an account at a school. It has been stable and usable for over 15 years now, unlike commercial email accounts that force you to change your address every 6 months whenever there's a merger, buyout, or corporate renaming. And I can use a plain-text mail reader, eliminating all problems with virii, worms and the like. But I'm not sure I'd recommend this to the typical non-geek.)
Re:Telnet and POP? (Score:2, Insightful)
But DefCon isn't an average-joe situation -- I'm amazed that the attendees at a conference like DefCon wouldn't know better than to wander around a conference filled with other geeks surfing/mailing/etc over WiFi without at least using SSH.
Re:Telnet and POP? (Score:2)
Re:Telnet and POP? (Score:1)
Bait, and false sense of security (Score:3, Insightful)
Did it occur to anyone that maybe those passwords were bait? No better way to catch a scriptkiddie than to make him think he's hit a goldmine. He runs home, logs into that honeypot, and the cops are on his doorstep the next day. Do not pass go, do not collect $200, 'd00d'.
I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless
Re:Bait, and false sense of security (Score:2, Funny)
reader: Parse error in paragraph 4: Triple negative overflow. Giving up.
APOP is worthless (Score:2)
APOP is pretty worthless: it is trading one problem for an even worse one.
The USER/PASS approach means sending all passwords in the clear, so you're subject to evesdropping/replay attacks. (That's, obviously, not so good.) But the server never holds on to your plaintext password; it just encrypts it and compares the result to cipherte
Re:Bait, and false sense of security (Score:2)
I guess if you server uses one-time-passwords (like secure-ID), you'd be OK.
Re:Telnet and POP? (Score:2)
And I am not talking just the custom apps that some dev team in house wrote several years ago. This includes software packages today tha
why does off topic get "insightful"???? (Score:1)
And then, why oh why oh why do these off topic posts get moderated as "insightfull"???
What the hell do these initial responses have to do with a two wheeled robot with automous capabilities?
Mmmhhh... thats nice (Score:3, Funny)
And while you're at it, give it the ability to create a map of the signal strenght, too...
Re:Mmmhhh... thats nice (Score:1)
Re:Mmmhhh... thats nice (Score:1)
Jalics. (Score:2, Interesting)
The thing is, I ask him all the time, "What does your robot do jalics?"
jalics: Right now the first thing it will just be a rover.
jalics: It'll have a webcam, gps, wifi.
jalics: So I can control it remotely.
jalics: To get accurate feedback on wheel position will be harder, but thats what I'm aiming for.
Now THIS (Score:3, Funny)
Obligatory Dr. Evil rejoinder... (Score:2)
BTW: 1,000th post! w00t!
WiFi Robot Wars. (Score:5, Funny)
Ooo.. (Score:1)
Re:WiFi Robot Wars. (Score:5, Funny)
No Ma'am, we are certianly considering changing the flamethrower for a taser or EMP weapon of some sort. Of course we understand - closed casket funerals always raise curiosity. Yes, Ma'am, we'll be sure to do that. Thank you for understanding.
You get the next one Bob, and remember that it's IPAQ, not IRAQ. You got Mrs Fitz really worked up over that slip-up.
-Adam
Don't tell the RIAA (Score:2)
This idea is Copyright (C) 2003 by GordoSlasher, All Rights Reserved. Any use of WiFi-sniffing robots by the RIAA to sniff out and destroy copyright infringers will be prosecuted to the fullest extent of the law.
Re:WiFi Robot Wars. (Score:1)
When signal strength get to a certain level and IP is correct... Blam. It even marks were the problem was!
Re:WiFi Robot Wars. (Score:1)
Let me get this straight... (Score:5, Funny)
Ok, what if these mass produced WiFi sniffing robots are get sold at WalMart? What then? You'll have a WiFi sniffing robot with a RFID tag. What a dilemma.
Re:Let me get this straight... (Score:2)
Similar to the current magnetic tags which are disabled at the counter.
Re:Let me get this straight... (Score:1)
Unintended consequences and all that.
Another possible combination (Score:3, Interesting)
Oh, actually I think that was discussed already...
Use? (Score:4, Interesting)
Re:Use? (Score:2, Interesting)
Look at what the mil has done with the unmanned Predator drones, it
Re:Use? (Score:1)
Re:Use? (Score:2)
You work for company X, who has a wireless network, a large building, and large number of access points and very few geeks employed to make the thing run. You don't know the person who set up the wireless so you don't know how good of a job [s]he did. Enter this robot, it goes through the building scanning the place for insecure areas.
Scenario 2:
You work for a tech firm who employs a large number of hackers/geeks that have the access and the know how to create insecurities in your wireless net
Re:Use? (Score:1)
Perhaps script kiddies will be replaced? (Score:3, Interesting)
Not to mention the fact that you can reach 1e6 times more random systems from location X on AOL than what you from a corporate wifi network.
uh oh (Score:5, Funny)
Two wheeled? Peshaw! (Score:5, Funny)
When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.
"What's that boy?"
"Arf! Arf!"
"JImmy's unsing unencrypted WiFi?"
Re:Two wheeled? Peshaw! (Score:1)
Re:Two wheeled? Peshaw! (Score:4, Interesting)
Re:Two wheeled? Peshaw! (Score:5, Funny)
Make it a standard (Score:4, Interesting)
I know Verisign and others offer services like this often at a high rate but perhaps the initiative can be funded by governments participating in some W3 standard to secure transactions.
not afraid... (yet) (Score:2)
Shameless plug: try the world wide grapevine [wwgrapevine.com]!
Coincidence (Score:3, Interesting)
-Mars
Re:Coincidence (Score:1)
Shmoo Group (Score:1)
I wonder if I would want to trust them with a robot running around scanning my network...
Re:Shmoo Group (Score:2)
hybrid
Re:Shmoo Group (Score:1)
huh?? (Score:2, Insightful)
Laptops change that (Score:3, Insightful)
Re:Laptops change that (Score:1)
This robot is for major businesses, right? So why would a business care that the moron across the street setup a wireless network?
Every decent IT department will lock down the PCs pretty tight, no one is going to be installing a wireless NIC in their laptop or changing the settings without IT knowing it. And
Re:huh?? (Score:2)
I found 6 unencrypted networks by sniffing right outside an office window. (38th and sixth, and all the sids were "linksys"...)
In dense metro areas, new networks are being constantly installed by clueless desktop monkeys. I could easily see an application for this, just to know what was going on in the rf space around your city.
Is it just me... (Score:1)
Robot without the wheels (Score:1)
No need for autonomous capabilities (Score:1)
Its designers said they're still working on the autonomous capabilities--including sensors to detect humans and obstacles--and so they used a game controller that's attached to a laptop in a backpack to maneuver the robot around DefCon.
No need. Just hire some 10-year-old off the street and pay him like $10 to drive it around with a remote control. Man, I would have loved to have that job when I was that age.
Photos & more info soon. (Score:2)
You can see the photo from the news.com article here [hackerbot.com].
We will be releasing all of the code GPL, so keep your eyes on the site for updates.
-Eric
What's next, a unicycle? (Score:2)
Of course, there's always the other possibility that (casters|outriggers|nylon sliding feet|articulated legs) don't count as "wheels" and shouldn't be mentioned.
Re:What's next, a unicycle? (Score:1)
The robot's kind of suspended from the naves (is that the word? Centerpoints...) of the wheels, so that balance isn't an issue. Picture here [hackerbot.com]
think of all the uses (Score:1)