Quantcast

Any of You I.T. / SysOps Types Try This Thing?

canadmos

canadmos

Cake Tease
May 29, 2011
20,546
19,572
Canaderp
Its not really new. Same concept of someone copying a physical key. If you can find a way to do it and that's the only thing that keeps people out, well...

I don't think its still true, but was there not a "black box" that certain organizations had access to, that could unlock encrypted iphones? People will find holes and exploit them.
 
slimshady

slimshady

¡Mira, una ardilla!
Dec 20, 2007
5,428
3,286
A long time ago, in a galaxy far, far away...
rideit said:
Kind of fucked up that you can just buy one of these.
techcrunch.com

Flipper hacking device on track to make $80M worth of sales | TechCrunch

Flipper Zero is a "portable gamified multi-tool" for anyone with an interest in cybersecurity, whether as a penetration tester, curious nerd or student, or with more nefarious purposes.
techcrunch.com techcrunch.com
Click to expand...
Why? we used to keep a notebook with Kali Linux around and a bunch of scripts to do pentesting on my previous job. This device simplifies the setup and it's also a lot more portable.

I made something similar out of a Raspberry Pi and a power bank.

I'd buy one in a heartbeat if they weren't so darn hard to get these days.
 
slimshady

slimshady

¡Mira, una ardilla!
Dec 20, 2007
5,428
3,286
A long time ago, in a galaxy far, far away...
rideit said:
I mean, I guess its not much different than going to locksmithing school, or buying skeleton keys on Amazon? :confused:
Click to expand...
It depends, are you willing to start picking all the locks in your house/job to verify they're properly secure? Are you trying to unlock some obscure compartment the manufacturer sealed in the machinery you have legally purchased?

This device isn't just a theft tool. It could help you jailbreak a game console, investigate if the authentication methods are robust enough in one of those obscure bluetooth devices (spoiler alert, they probably aren't), determine if the stupid smart lock* in your porch could be opened without a proper key/face/iris, reverse-engineer the communication protocol in your John Deere tractor, etc.

*speaking of smart locks, what the fuck is going on with 'murikans and their need to have stuff unnecessarily connected to the internet? Do you guys really need wifi-enabled window shaders? a new way for somebody with modically appropriate skils to silently break into your house? Are you telling me a keychain has sudenly become too heavy to carry?

The domotics universe is a living nightmare, with companies and protocols going dead overnight left and right. I'd either wait for a more-or-less universal communication protocol, with proper audits and vulnerabilities/bug bounties, or settle for a smaller, open source ecosystem, with almost zero cloud/internet dependency (outside the mandatory security updates).

Either way, it's too soon to jump into the hell of surveillance/hacking/data gathering cesspool it is nowadays.
 
Last edited:
johnbryanpeters

johnbryanpeters

Hero
Sep 27, 2001
36,112
16,572
Making moss sad in New Haven, Vermont
slimshady said:
...
*speaking of smart locks, what the fuck is going on with 'murikans and their need to have stuff unncecesarily connected to the internet? Do you guys really need wifi-enabled window shaders? a new way for somebody with modically appropriate skils to silently break into your house? The domotics universe is a living nightmare, with companies and protocols going dead overnight left and right. I'd either wait for a more-or-less universal communication protocol, with proper audits and vulnerabilities/bug bounties, or settle for an open source ecosystem...
Click to expand...
Most people are utterly clueless regarding security, which ain't too surprising.

Those among us who have worked in the profession know a little to a lot and tend to be correctly paranoid regarding allowing household devices and vehicles to intercommunicate and to communicate with the external world.
 
canadmos

canadmos

Cake Tease
May 29, 2011
20,546
19,572
Canaderp
slimshady said:
It depends, are you willing to start picking all the locks in your house/job to verify they're properly secure? Are you trying to unlock some obscure compartment the manufacturer sealed in the machinery you have legally purchased?

This device isn't just a theft tool. It could help you jailbreak a game console, investigate if the authentication methods are robust enough in one of those obscure bluetooth devices (spoiler alert, they probably aren't), determine if the stupid smart lock* in your porch could be opened without a proper key/face/iris, reverse-engineer the communication protocol in your John Deere tractor, etc.

*speaking of smart locks, what the fuck is going on with 'murikans and their need to have stuff unncecesarily connected to the internet? Do you guys really need wifi-enabled window shaders? a new way for somebody with modically appropriate skils to silently break into your house? Are you telling me a keychain has sudenly become too heavy to carry?

The domotics universe is a living nightmare, with companies and protocols going dead overnight left and right. I'd either wait for a more-or-less universal communication protocol, with proper audits and vulnerabilities/bug bounties, or settle for a smaller, open source ecosystem, with almost zero cloud/internet dependency (outside the mandatory security updates).

Either way, it's too soon to jump into the hell of surveillance/hacking/data gathering cesspool it is nowadays.
Click to expand...
Oh joy the days of using Kali to jump into peoples WEP protected wireless networks was fun.



Not that I ever did such a thing..
 
slimshady

slimshady

¡Mira, una ardilla!
Dec 20, 2007
5,428
3,286
A long time ago, in a galaxy far, far away...
canadmos said:
Oh joy the days of using Kali to jump into peoples WEP protected wireless networks was fun.



Not that I ever did such a thing..
Click to expand...
Ask me how I learned the biggest ISP in Argentina sets up the default WiFi password in their freshly installed routers/modems to either the landline number of the owner (if no VoIP service is contracted) or their personal ID number (DNI here in Argentina) if the contract includes VoIP...


Or better, don't.
 
Last edited:
canadmos

canadmos

Cake Tease
May 29, 2011
20,546
19,572
Canaderp
slimshady said:
Ask me how I learned the biggest ISP in Argentina sets up the default WiFi password in their freshly installed routers/modems to either the landline number number of the owner (if no VoIP service is contracted) or their personal ID number (DNI here in Argentina)...


Or better, don't.
Click to expand...
Thats....yeah, not really shocking if I'm honest.

I wonder if thats how Bell and Virgin do it here. You can easily spot these too, as the default broadcast name is BellXXX.

There's 4 of them around me, I bet these folks haven't changed anything since the local tech installed it. I mean, maybe no fault to them, they don't know how or care.

1687957953462.png
 
You must log in or register to reply here.
Top Bottom