Omega Owners Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Please check the Forum Guidelines at the top of the Newbie section

Pages: [1]   Go Down

Author Topic: And so it begins  (Read 477 times)

0 Members and 1 Guest are viewing this topic.

Gaffers

  • Omega Queen
  • ********
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11150
    • S-Type 3.0
    • View Profile
And so it begins
« on: 23 May 2018, 10:24:53 »

We are going to see more and more vehicles having security vulnerabilities discovered in critical electrical and software systems.  I feel we are currently at the thin end of the wedge.  Considering that half of the vulnerabilities found in this test on Beemers require physical access, how much do you trust your MOT tester, garage, (or in Lord Opti's case) you valet?

https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Logged

tigers_gonads

  • Moaning Haddock Head
  • *
  • Offline Offline
  • Gender: Male
  • Kinston Upon Hull
  • Posts: 8307
    • 02 Mv6 Estate (lpg'd)
    • View Profile
Re: And so it begins
« Reply #1 on: 23 May 2018, 10:29:01 »

Understand and agree so I tend to have all my home and mobile devices either hard wired OR the SSID not visible.
Also my Wi-Fi password uses lets just say a lot of characters across the keyboard.
Is this a help ?
Logged
Please note, 95% of my posts are piss take or banter and should always be taken as so.

Please feel free to give it back in the same spirit.

Gaffers

  • Omega Queen
  • ********
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11150
    • S-Type 3.0
    • View Profile
Re: And so it begins
« Reply #2 on: 23 May 2018, 10:44:16 »

Understand and agree so I tend to have all my home and mobile devices either hard wired OR the SSID not visible.
Also my Wi-Fi password uses lets just say a lot of characters across the keyboard.
Is this a help ?

Hiding the SSID is pretty pointless as anyone with the tools and the intent will be able to see it.  You should also check that WPS is disabled*, you use WPA2 with a nice long key.  WPA2 is the strongest protection but it is still vulnerable to attacks.  However, the only currently known attack requires brute force so go for as long a key/password you can manage (63 characters is possible).  Avoid full words as attackers use dictionary files but you can use doctered words, upper and lower case characters where you alter a letter or add/remove letters.  This would force a full brute force of 63 characters of about 62 possibilities (A-Z,a-z,0-9).  Mine is pretty close to this yet is easy to remember and easily understood by guests when they visit and want to freeload use my wifi.

*Make sure that you dont have a router which leaves WPS on when you explicitly switch it off.  TalkTalk modem/routers are one such example.
Logged

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 34619
    • 3.2 MV6 (LPG), Westfield
    • View Profile
Re: And so it begins
« Reply #3 on: 23 May 2018, 11:10:44 »

Good job I've no intention of ever owning a Panzerwagen, then. ;D

Incidentally, I'm not that familiar with WLan protocols, but, I believe, if you hide the SSID of a network, you force any devices  paired with it to broadcast probe packets identifying that SSID wherever they are, so you're actually broadcasting your SSID wherever any of these devices go - i.e. over a much larger area than the range of your single router!
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/

Gaffers

  • Omega Queen
  • ********
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11150
    • S-Type 3.0
    • View Profile
Re: And so it begins
« Reply #4 on: 23 May 2018, 11:49:59 »

True but given that there are often several wifi APs in a given area it can be difficult to figure out which hidden SSID is network A or B, etc.

Much easier to use Kali, ID the hidden SSID, send a DEAUTH packet and sniff the clients while they reconnect.  It would happen so fast that users would not be aware.
Logged

tigers_gonads

  • Moaning Haddock Head
  • *
  • Offline Offline
  • Gender: Male
  • Kinston Upon Hull
  • Posts: 8307
    • 02 Mv6 Estate (lpg'd)
    • View Profile
Re: And so it begins
« Reply #5 on: 23 May 2018, 13:24:20 »

True but given that there are often several wifi APs in a given area it can be difficult to figure out which hidden SSID is network A or B, etc.

Much easier to use Kali, ID the hidden SSID, send a DEAUTH packet and sniff the clients while they reconnect.  It would happen so fast that users would not be aware.




Kali  8)
Now I haven't played with that for a while  :-X :-X
Logged
Please note, 95% of my posts are piss take or banter and should always be taken as so.

Please feel free to give it back in the same spirit.

tigers_gonads

  • Moaning Haddock Head
  • *
  • Offline Offline
  • Gender: Male
  • Kinston Upon Hull
  • Posts: 8307
    • 02 Mv6 Estate (lpg'd)
    • View Profile
Re: And so it begins
« Reply #6 on: 23 May 2018, 13:25:23 »

Understand and agree so I tend to have all my home and mobile devices either hard wired OR the SSID not visible.
Also my Wi-Fi password uses lets just say a lot of characters across the keyboard.
Is this a help ?

Hiding the SSID is pretty pointless as anyone with the tools and the intent will be able to see it.  You should also check that WPS is disabled*, you use WPA2 with a nice long key.  WPA2 is the strongest protection but it is still vulnerable to attacks.  However, the only currently known attack requires brute force so go for as long a key/password you can manage (63 characters is possible).  Avoid full words as attackers use dictionary files but you can use doctered words, upper and lower case characters where you alter a letter or add/remove letters.  This would force a full brute force of 63 characters of about 62 possibilities (A-Z,a-z,0-9).  Mine is pretty close to this yet is easy to remember and easily understood by guests when they visit and want to freeload use my wifi.

*Make sure that you dont have a router which leaves WPS on when you explicitly switch it off.  TalkTalk modem/routers are one such example.




Routers a Tp-link  :-\
Logged
Please note, 95% of my posts are piss take or banter and should always be taken as so.

Please feel free to give it back in the same spirit.

Gaffers

  • Omega Queen
  • ********
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11150
    • S-Type 3.0
    • View Profile
Re: And so it begins
« Reply #7 on: 23 May 2018, 14:09:43 »

Understand and agree so I tend to have all my home and mobile devices either hard wired OR the SSID not visible.
Also my Wi-Fi password uses lets just say a lot of characters across the keyboard.
Is this a help ?

Hiding the SSID is pretty pointless as anyone with the tools and the intent will be able to see it.  You should also check that WPS is disabled*, you use WPA2 with a nice long key.  WPA2 is the strongest protection but it is still vulnerable to attacks.  However, the only currently known attack requires brute force so go for as long a key/password you can manage (63 characters is possible).  Avoid full words as attackers use dictionary files but you can use doctered words, upper and lower case characters where you alter a letter or add/remove letters.  This would force a full brute force of 63 characters of about 62 possibilities (A-Z,a-z,0-9).  Mine is pretty close to this yet is easy to remember and easily understood by guests when they visit and want to freeload use my wifi.

*Make sure that you dont have a router which leaves WPS on when you explicitly switch it off.  TalkTalk modem/routers are one such example.




Routers a Tp-link  :-\

SOme of the older ones have default WPS credentials and 'always on' :(
Logged

tigers_gonads

  • Moaning Haddock Head
  • *
  • Offline Offline
  • Gender: Male
  • Kinston Upon Hull
  • Posts: 8307
    • 02 Mv6 Estate (lpg'd)
    • View Profile
Re: And so it begins
« Reply #8 on: 23 May 2018, 14:18:32 »

Understand and agree so I tend to have all my home and mobile devices either hard wired OR the SSID not visible.
Also my Wi-Fi password uses lets just say a lot of characters across the keyboard.
Is this a help ?

Hiding the SSID is pretty pointless as anyone with the tools and the intent will be able to see it.  You should also check that WPS is disabled*, you use WPA2 with a nice long key.  WPA2 is the strongest protection but it is still vulnerable to attacks.  However, the only currently known attack requires brute force so go for as long a key/password you can manage (63 characters is possible).  Avoid full words as attackers use dictionary files but you can use doctered words, upper and lower case characters where you alter a letter or add/remove letters.  This would force a full brute force of 63 characters of about 62 possibilities (A-Z,a-z,0-9).  Mine is pretty close to this yet is easy to remember and easily understood by guests when they visit and want to freeload use my wifi.

*Make sure that you dont have a router which leaves WPS on when you explicitly switch it off.  TalkTalk modem/routers are one such example.




Routers a Tp-link  :-\

SOme of the older ones have default WPS credentials and 'always on' :(


Its about 3 years old, one of the cheap ones  :-\  :(
Logged
Please note, 95% of my posts are piss take or banter and should always be taken as so.

Please feel free to give it back in the same spirit.

Gaffers

  • Omega Queen
  • ********
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11150
    • S-Type 3.0
    • View Profile
Re: And so it begins
« Reply #9 on: 23 May 2018, 14:51:00 »

I guess google is your friend to see if your model is affected.  Either way though, what is at risk?  Your browsing activity?  Traffic such as for banking is encrypted and they would need to sit and wait for you to access the bank and manipulate the data in order to do anything.  I mean it's less than ideal if it is vulnerable but these things have to be taken in context of what is at risk and how.
Logged

TheBoy

  • Administrator
  • *********
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 97716
  • Millennium Man
    • The missus mad
    • View Profile
Re: And so it begins
« Reply #10 on: 23 May 2018, 20:17:08 »

And most cheap routers (and a fair few expensive ones as well!!) have so many security flaws that its easier to attack it from the tinterweb
Logged
I don't tolerate bickering, and I'm always grumpy.
And Lizzie Zoom says I'm a heartless bastid...and she's absolutely correct!

aaronjb

  • Senior Member
  • ****
  • Offline Offline
  • Gender: Male
  • Northampton
  • Posts: 975
    • '16 Skoda, '06 BMW 650i
    • View Profile
Re: And so it begins
« Reply #11 on: 24 May 2018, 08:50:50 »

And most cheap routers (and a fair few expensive ones as well!!) have so many security flaws that its easier to attack it from the tinterweb

In a corporate environment my experience has been that it's easier just to wait for some numpty to turn it on with default credentials and stick it on the Internet than actually bother to look for flaws.. ;D
Logged
..and it went 'dugga dugga dugga dugga' no more.
Pages: [1]   Go Up
 

Page created in 0.121 seconds with 21 queries.