Expanding Horizons: The WiFi Module

-

 One feature of the Flipper Zero that was quick to catch my attention isn't a core feature at all -- it's an optional add-on offered by the company. In videos demonstrating this module, users push a few buttons and crash WiFi networks, grab network passwords, and generally make network security look like a joke. So, real or fake? There's abstractness or "well, sort of" about this one. The answer is yes, it is real. So, lets take a look.

 On the top of the Flipper is an array of GPIO (General Purpose Input-Output) pins. Users can, if they know what they're doing, complete any number of electronics projects by way of these pins, from blinking LED's to more complex projects. The Flipper website sells a WiFi Dev board that fits into these pin slots. Coming in at $29.00 at the time of writing, this ESP32-S2 board is marketed for WiFi debugging purposes. However, by loading the Flipper with Unleashed or Xtreme (a quick and relatively easy process), this WiFi board can do much, much more.

The with the module plugged in and the proper firmware loaded, a user can scan WiFi networks and log data about them. That alone is huge. Using the data from this scan, clever users can grab the network's password. But that's just the beginning. After selecting the target network from a list, you have to option to run a deauth command.

When you disconnect from a network on you phone or computer, you're sending a deauth (de-authorize) packet to the network modem. The network receives your request and disconnects you from the network. When a user uses the deauth command on the Flipper, it spams the target network with deauth packets, causing the network to disconnect every device currently connected. Until the user chooses to stop sending deauth packets, no device is able to connect to the network.

This deauth method is extremely powerful. The network has very little recourse against this attack. The first thought of most network technicians would likely be to reboot the system (the old fallback) and that would work... until the user starts sending packets again, which could be immediately. This attack has the ability to cripple an entire building full of computers, so techs would be in a hurry to find a solution. Eventually, they would check the network's packet logs and notice a suspicious number of deauth packets. From there, it's just a matter of finding the device responsible, which can be extremely difficult. There are tools to find the signal's source, but most IT departments don't have then just laying around. 

If a user kept this up for very long, security will start looking for whoever entered the building around the time the packets started coming in, though that would be avoidable with some clever planning.

Where this could really be used maliciously is when avoiding detection by security systems. While businesses are closed circuit, many homes use WiFi cameras. If you deauth the network, the camera becomes useless.

All this is dangerous enough, but that's just half on the story regarding the WiFi module. The other half is what I'll write about next: an Evil Twin Attack. 

Comments

Post a Comment

Popular posts from this blog

Introduction: The Flipper Zero

-
In august of 2020, an odd little device was put on the market. It was cute, white and orange, and would be more influential than anyone expected. This unassuming little handheld toy was marketed as a pen-tester's playground. For many of the real tools used by cyber security professionals, the flipper zero came equipped with a downsized (and powered) but fully functional version.  Within a few months, rumors about his device spread like wildfire all over the internet. Videos popped up showing it doing everything from opening charging ports of Teslas to cracking electronic locks with the push of a button. People would change the channels on restaurant televisions, turn their menu screens to news channels, and much more. Its sale was banned on Amazon after rumors arose that it had credit card skimming capabilities and its sale was banned entirely in Canada after videos showed it getting into locked cars.  So, what is this device really? What can it do and what can't it do? Which ...
Read more

RFID and NFC: The Key Issue

-
 Some of the more popular demonstrations of the Flipper Zero's capabilities are of the RFID and NFC functions. Viral videos showed the Flipper instantly bypassing electronic locks on hotel rooms, homes, businesses, and even cars. Others showed it copying and emulating credit card information. These videos earned the Flipper Zero a nation-wide sales ban in Canada as well as a sales ban on Amazon.  But is there any truth to videos? It's a bit complicated. The Flipper comes with built in RFID and NFC readers, writers, and emulators. Using this function, something like a business key card can be scanned, cloned, and emulated. To the lock, there is no difference between the emulated code from the Flipper and the actual key card. It's a neat little function, but without having physical access to a card, there's not much you can do. In most of the door unlocking videos, that's all that's happening -- they've cloned a card and are emulating its signature. I said mos...
Read more

Sub 1-GHz: The Key Fob

-
 Some of the first viral videos to include the Flipper Zero were of people driving by Teslas and opening the charging port. Once the Flipper had gained a bit of momentum online, more videos came out, this time unlocking doors on various cars, or even starting the car, all with the push of a few orange buttons. In response to the potential for car theft, Canada banned the sale of the Flipper outright. So, is this fact or more fiction? Well, here's where things get interesting. As usual, it's a bit of both. The videos of people popping open the charging ports of Teslas are, for the most part, completely real. Some videos of doing things like unlocking car doors are also real... sort of. You see, cars have used radio signals to remotely perform operations for some time. Your car's key fob is simply a little radio made to serve only the purpose of making your car easier to use and interact with. When you push the unlock button on your key fob, it sends out a radio signal. Your ...
Read more