SUBSIM: The Web's #1 resource for all submarine & naval simulations since 1997 |
|
|
Thread Tools | Display Modes |
10-16-17, 06:35 AM | #1 | |
Born to Run Silent
|
41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack
Not good
https://www.theverge.com/2017/10/16/...-wpa-2-details Quote:
Wonder how long until updates can handle this?
__________________
SUBSIM - 26 Years on the Web |
|
10-16-17, 01:17 PM | #2 |
Navy Seal
|
Actually for this to be exploited someone would have to sit in range of your wi-fi for hours, patiently waiting to obtain the password. It can take more than 8 hours.
Then he can log into your system and find out what you posted to Facebook. This is big news for huge targets with lots of money. It's less than nothing for the rest of us. Why would a criminal cyber-genius spend thousands for the equipment to sit in your driveway for eight hours sniffing your logon credentials for no gain? Why would they pick your driveway of the 50 million driveways in the United States alone? This is only a concern for places crooks are absolutely positive there is money to be had. In that case there are dozens of less risky things than snatching packets whilst physically waiting to be apprehended with hacking tools in their car. These security wonks have stopped thinking. Crooks want a safe and easy sting. They aren't going to put their butts on the line in your driveway to get your Amazon password, or even your bank password. Too little upside with too much downside. If they do it in their underwear from the safety of their bunker in Turkmenistan there's no risk. They don't have to put their bodies in peril for six or eight hours waiting to be arrested in your driveway. And they don't need your wi-fi passwords! This may not be fake news, but it IS fake danger.
__________________
Sub Skipper's Bag of Tricks, Slightly Subnuclear Mk 14 & Cutie, Slightly Subnuclear Deck Gun, EZPlot 2.0, TMOPlot, TMOKeys, SH4CMS |
10-16-17, 01:34 PM | #3 |
Navy Seal
|
Ran into a situation exactly like this on a Flat Earth You Tube channel. I was saying the the present day Flat Earth Enthusiasts (gotta be nice!) are the first organized group of people in 3,000 years to try to teach the Earth is flat. No Christian and no Jew for that long has taught Flat Earth.
Of course, some bright guy pops up (they always do) and posts "Yeah, redacted, redacted, you're just a redacted redacted. If you had a brain in your redacted strange part of the human body, you'd know that in Christopher Columbus' day everybody thought Columbus would sail off the edge of the redacted world. You redacted redacted. You're a shill for the redacted redacted." Well, I said. The journey du jour for that time was to sail around Cape Hope, into the Indian Ocean and across to China. This took celestial navigation. Celestial navigation demands a spherical earth, of a known size, spinning on its axis at a known rate, and an astrolabe or sextant, which also can't work on a flat earth. Believe me when I say they did not believe in a flat earth at all! That's a fairy tale introduced into American textbooks in the 19th century. What did happen was Chris went to Ferdinand and Isabella to hawk the idea that maybe the earth wasn't 7900 miles in diameter. What if we could go the other way around and get to China before we starved to death. That was what they were REALLY afraid of. But Christopher Columbus was pushing a number more like 2,000 miles. If true he's sail west for three weeks and shazaam! Everybody's rich! Easy peasy! It wasn't that Ferdinand and Isabella really bought the story so much as how cheap it was to verify, and if, on the off-chance, crazy Chris was right, kaching!!! Everybody's rich!! Little downsize and huge upside, it's the ultimate gamble. Of course Chris was wrong. The earth really is 7900 miles in diameter just like they already had known since 300 BC. Two kinda large continents blocked Columbus' way to China. Nobody got rich. On his third journey, Chris' crew sent him back to Europe in chains, disgraced. Maybe now some people celebrate Christopher. In his day he was about as popular as typhoid fever. So today all the Flat Earth Enthusiasts are parotting the story about the ships sailing off the edge of the ocean. The real danger was starving to death at sea for six months.
__________________
Sub Skipper's Bag of Tricks, Slightly Subnuclear Mk 14 & Cutie, Slightly Subnuclear Deck Gun, EZPlot 2.0, TMOPlot, TMOKeys, SH4CMS |
10-17-17, 04:34 AM | #4 |
Soaring
|
My home WLAN is set to minimum emission range (1 wall already is problematic), and my smartphone has a 100% prepaid card, usually I switch its WLAN off when I do not need it (also mobile internet connection is off all the time). I have a deep mistrust against public WLAN hotspots, I would never use them. Since more and more stores use to track and ID customers by their WLAN devices when they enter the shop, I switch it off when leaving the house, if it is not already. Hard to break into this if the attacker needs really several hours and close range to succeed.
However, the example has been set. I say since longer time that Linux systems (Android is a Linux) should not be considered "untouchable". If I understood it correctly, no security scanner can protect you against this abuse. General rule: switch WLAN on only when you need it, on your device. Use the timer of your router to switch it off in times you sleep or are not at home, have its energy signature reduced as much as possible. I never understood why many people have their computers on even when they sleep or leave the house. Do they think the Earth stops revolving around the sun if they go offline for some hours? You can download all mails in your box next time you boot it, or not?
__________________
If you feel nuts, consult an expert.
|
10-17-17, 02:52 PM | #5 |
Navy Seal
|
Those are good points for enhancing individual security. However, I would add the fact a surprising number of apps have the capability to turn on the WiFi port(s) on their own, under certain conditions. If you have the WiFi turned off and happen to have one of these apps, they can override your choice and reopen the connection; for example, say you have an app from some big box store or other and you walk into the store with WiFi off; the store's system will detect your presence and reestablish contact. If you really want to be certain about your security, you should re-check the WiFi status from time to time...
<O>
__________________
__________________________________________________ __ |
10-17-17, 04:40 PM | #6 | |
Soaring
|
Quote:
Can something like this also be done by identifying the presence of a smartphone due to the mobile phone cell it is currently situated in, even if its WLAN and mobile internet connections are turned off? One needs to remember all the time that a smartphone perate in three different radio circuits, minimum: phone, mobil internet, WLAN. I once have red somewhere that the NSA even has methods to turn on a smartphone that was completely switched off, although this, as I remember it, needed a quite targetted an deliberate effort. At least for the time being. And are RFID chips - in plastic cards - really blocked from getting passively read by a close-by detector if you put aluminium metal foil around it? Tin foil hats - that joke maybe already has lost it legitimacy, eh?
__________________
If you feel nuts, consult an expert.
|
|
10-17-17, 04:58 PM | #7 |
Fleet Admiral
|
About 3-4 times per year I open my WIFI on the Smartphone and I always do it at home. I do it to get new updates to what I have, antivirus and other stuff.
I do not watch it all the time when I'm shopping or doing other things when I'm outside. Furthermore, if my WIFI should be turned on by some apps or program, maybe, maybe I would not detect at once but I would sooner or later I would detect it. ´cause it has never happen to me. I'll ask some of my online friends if their WIFI have turned on without their knowledge. Markus |
10-17-17, 08:01 PM | #8 |
Navy Seal
|
To be clear, the apps in question do not turn on shut down phones; they only turn on the WiFi function on an already on phone. As for the question of the unauthorized access to your cell's WiFi, if you install an app that is capable of independent turn on, they almost always tell the user of that ability during the install process and/or in some form of EULA available to the user(s); basically, like a lot of other forms of online consumer offers, you often end up giving up some control in order to get the end "benefit"...
<O>
__________________
__________________________________________________ __ |
10-18-17, 06:41 AM | #9 |
Navy Seal
|
Again, the problem isn't your phone. The malware attacks the router. And the malware is useless. No crook is going to put his body in your driveway when he can hack you in his underwear from Uganda.
Travel is expensive. You have to buy clothes. You have to come up with a vehicle. You must sit in someone's driveway or in front of their house for hours. No crook is going to do this. You don't have enough good stuff for him to be interested in. Now if you are a small business, things might be different. You have no IT department, you are very busy running your business and probably wouldn't notice a wardriver in front for several hours, and probably DO have something worth taking.
__________________
Sub Skipper's Bag of Tricks, Slightly Subnuclear Mk 14 & Cutie, Slightly Subnuclear Deck Gun, EZPlot 2.0, TMOPlot, TMOKeys, SH4CMS |
10-19-17, 03:41 AM | #10 | |
Navy Seal
|
Quote:
Even with the internet and WLAN functions turned off, yes, a cell phone can be located if it has GPS built in; even without GPS, pinging and triangulating off nearby towers can get someone a pretty close approximation of your position and/or location... The NSA has long been reputed to have the ability to turn on turned off devices, but the NSA has been very coy about actually admitting the capability; given it is the NSA, the good bet would be "Yes". However, in order to legally do such an action, the NSA would need a warrant from a FISA court, which would mean a very limited access, both in scope and time and the NSA, or any other agency, would have to give the court very, very specific reasons and/or evidence to back up a warrant request... I've read varied views on the efficacy of aluminum foil to block RFID; some (usually those wanting to sell their nigh-priced alternatives) claim foil does little to block RFID. The most consistent view I've seen is foil will block most RFID readers at long range, but at closer range, say, a couple of inches, the reader may detect an RFID device; what is interesting, in most of the tests I've seen, a majority of the more thorough tests have shown, while the RFID devices are detectable, the foil actually prevents the RFID device from transmitting back to the reader, essentially a one-way situation, sort of like a diode... <O>
__________________
__________________________________________________ __ |
|
10-19-17, 05:24 AM | #11 |
Ocean Warrior
Join Date: Mar 2004
Posts: 3,467
Downloads: 0
Uploads: 0
|
I wonder if I've downloaded an app that turns my wifi on? I've noticed it on a few times lately when I didn't intentionally turn it on. hmm? I wonder if it's that bank app, it's probably counting my money, and telling the police to seize it as in asset forfeiture. lol
At work I have everything on cat 5 with no need for wireless so I have it turned off, until now that is. I'm thinking of introducing a few security cameras to the mix and I believe they'll require wireless. Maybe I can just turn it on each night, and then off the next morning.
__________________
em2nought is ecstatic garbage! |
10-19-17, 05:58 AM | #12 |
Soaring
|
I have GPS off by default, to. Though to ease battery drain, not so much for secuirty concerns. But if I do establish an online connection, the web would know with utmost preicison then where I am, if GPS is on, the web could read out the precise position data. So I only have it on when I need it: both GPS, and internet connections.
I recommend for navigation OsmAnd over Google. Not only doe sit have the far b etter and more updated maps, but it doe snot need online connectivity, can be used via downloaded offline maps and GPS alone. Google Maps does not want to work without online status, even when it is not needed. They want the user to be easily trackable. GPS alone however is fully passive, I believed I understood!? If it emits no signals, how can it be used to track you? Its all no impenetratable walls, its about setting up hurdles nd trapwires. The FISA courts operates outside any countercontrol mechanisms, and below the radar of anyone or anything thta is not the closest circle of the president. Which means they can do what they want, practically. Wich means they are only as responsible as the president thinks he is. Which raises a fundamental principle problem, for it unites legislation, jurisdiction and partly even executive in one and the same hand. These three are not for no reason separated in Western state theory. Considering that the FISA and FISC bodies were created to overview the work of the intelligence services, makes it all even more dangerous. These courts very easily can become part of what they were created to control. To me, their creation always appeared to be more an alibi only and even an indirect strengthening of he intelligence services autonomy (which to huge degrees they de facto have). Lesson of the story: you cannot fight bureaucracy by adding new bureaucracy that should fight bureauracy.
__________________
If you feel nuts, consult an expert.
|
Tags |
android, attack |
|
|