Wireless Security

Wireless Presentation Feedback

I would like to thank everyone who has been sending me feedback on my presentation that I posted the other day. I have gotten some great suggestions which I plan to add to future revisions:

  • A listener pointed out that the Redfang tool can be used to brute force the bluetooth address (MAC) to find non-discoverable devices
  • tbsearch can also be used to do the same, and the authors of this tool appear to be working on a bluetooth sniffer based on gnuradio. (Thanks Nelson!)
  • GNUradio is interesting, touting itself as “GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software.”. Hmmm, sounds like when combined with USRP it could be used for wireless research (Wimax? EVDO? Bluetooth?) They are all just radios…
  • Another listener pointed out that there are vulnerabilities in certain wireless chipset implementations that allow an attacker to dumb-down the connection from WEP to open. You can find more information here at the www.wirelessve.org site. (Thanks Christopher!)
  • Christopher has also built a tool to help people audit mis-configured clients. You can find a copy here. The description reads “ThinkSECURE’s Probemapper is a tool which detects probe requests from 802.11-enabled laptops with wireless client profiles and displays their encryption and capability information.”

I truly believe that I will be able to continue to give modified versions of this presentation for quite some time. I think we are just starting to see wireless technologies such as bluetooth, wimax, EVDO, and RFID make their way into the hacking radar. Of course, I also believe that the recent vulnerabilities found in wireless drivers are going to blow the lid off traditional 802.11 hacking.
Paul Asadoorian

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Researcher for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds