Forgot your password?
typodupeerror
Android Cellphones Handhelds Networking Security Wireless Networking

Wireless Analysis With Monitor Mode On Android 49

Posted by timothy
from the unfling-the-packets-for-examination dept.
An anonymous reader writes "We are a group of three researches, and in the last few weeks, we have been working on Wi-Fi monitor mode for Android devices, based on Broadcom BCM4329 and BCM4330 chipsets. Currently we have a successful PoC for Nexus One and Samsung Galaxy S 2. We've released all the info in our new blog."
This discussion has been archived. No new comments can be posted.

Wireless Analysis With Monitor Mode On Android

Comments Filter:
  • You brick my phone
    (And I'm not alone)
    We'll find us time
    For Amish crime [go.com]
    Burma Shave

    Seriously: great project. As I'm connected using a Galaxy S 2 in hotspot mode as I write this, I may need to have a go at this project.
  • by AmiMoJo (196126) <(mojo) (at) (world3.net)> on Tuesday September 18, 2012 @10:02AM (#41373783) Homepage

    With modern graphics cards dictionary attacks on WPA2 passwords are realistic. Since everyone carries wifi radios around with them and can gather the necessary data you should probably expect more such attacks on your network in the future.

    • What is the best Wifi Encryption?

      My Router offers:
      * WPA(TKIP)
      * WPA2(AES)
      * WPA2 Mixed

      • by L4t3r4lu5 (1216702) on Tuesday September 18, 2012 @10:51AM (#41374249)
        WPA2(AES) is the most secure, as long as your vendor implemented it properly.
      • by spectrokid (660550) on Tuesday September 18, 2012 @10:56AM (#41374301) Homepage
        Use AES with a very long random gobbledigook password. Write the password down on the back of your router. from wikipedia:
        Weak password Shared-key WPA remains vulnerable to password cracking attacks if users rely on a weak password or passphrase. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient.[12] To further protect against intrusion, the network's SSID should not match any entry in the top 1000 SSIDs[13] as downloadable rainbow tables have been pre-generated for them and a multitude of common passwords.
        • Re: (Score:3, Funny)

          by DickBreath (207180)
          That is good advice. After you determine what you will use as a long cryptic password, you should set the SSID to be the same as the password to eliminate the possibility of forgetting the password. Also when guests are over, it is easy to tell them that the password is the SSID that their phone/laptop/tablet just scanned. Since the scanned SSID still has a lock icon next to it in the list of nearby WiFi routers, it is secure.
        • by srussia (884021)

          Use AES with a very long random gobbledigook password. Write the password down on the back of your router.

          My handwriting constitutes a higher encryption level than AES-256, you insensitive clod!

    • by fuzzyfuzzyfungus (1223518) on Tuesday September 18, 2012 @10:46AM (#41374201) Journal

      It doesn't help entities that are likely to be targets of directed attacks(either high value institutional targets, who ideally aren't using PSK and are rotating passwords properly, or people with psycho and/or prankster neighbors); but the easiest way to keep people out of your network, for most of us, might actually to be to give them some of what they want.

      APs with multiple radios, or chipsets capable of handling multiple SSIDs with distinct security and routing rules, are increasingly common and cheap. If you broadcast an open SSID(all traffic originating from there QoS tagged as lower priority than traffic from your internal network, naturally) that dumps anybody who connects straight to the internet, no connection to the internal network or router configuration interfaces(through Tor if you are really worried about somebody's warez and/or kiddie porn pointing back to you), that removes the bulk of most people's interest in cracking your network itself...

      • by Yvanhoe (564877)
        I used to do that, then my government (France) declared that any act committed from my IP address was my responsibility and that if I don't protect my access, my connection can be cut. It kinda slowed me down...
    • by Penurious Penguin (2687307) on Tuesday September 18, 2012 @10:53AM (#41374279) Homepage Journal
      It uses the aircrack suite and supports injection. I imagine if people write convenient scripts for this software, it could get pretty popular. I've never owned a smartphone and don't know what their ranges are, but if they are close to a half-height mini-PCI, then this is a pocket sized menace indeed. Throw in the Cloud, rainbow tables, mega dictionaries and so on, and you get action. I have no doubt that many people will use such an application just as a novelty (because they can) -- but others may opt for more. Of course, those who don't use common ESSIDs and use peculiar passwords along with WPA2, they should have nothing to worry about. The rest, however, should definitely start with stronger passwords.

      For example, someone can crack your WEP regardless of your password; but to enter the router where the real fun can begin, they would encounter great difficulty if a strong password and unique user ID were set. Verizon figured this out some time ago [slashdot.org]. A strong password could limit an "attacker" to simply using your network. While stronger passwords are a good idea, it shouldn't be one's only recourse though.
      • by mjwx (966435)

        Of course, those who don't use common ESSIDs and use peculiar passwords along with WPA2, they should have nothing to worry about.

        This,

        The point of security is not to be uncrackable but to be so difficult and time consuming to crack that an attacker simply gives up (combined with the risk of being detected/caught). The threats to my wireless network consist almost entirely of local neighborhood script kiddies who want free internet, a 64 character randomly generated WPA2 key ensures they'll move onto softer targets before too long.

    • by Anonymous Coward

      lol google REAVER.

      there is no strength that matters anymore. time is all you need.

      • And how much time would you need to crack a password such as:
        GrimTittyPat00shkinGarment
        ?
        Time is all we have. Why squander millennia on a mediocre password? Also, it's not the weakness of passwords, but the weakness of protocols here. Install proper firmware that does not support WPS and REAVER becomes little more than aircrack. With a solid WPA2 setup on open-wrt, I'd relax and not even bother monitoring my network traffic whilst surrounded by hostile REAVER users.
      • by neokushan (932374)

        REAVER takes advantage of a vulnerability in the implementation of WPS in some (many?) routers. It's not the be-all and end-all, if the router is patched or simply not vulnerable, then the same rules apply.

        It also doesn't (currently) work on Android.

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...