Reply
Thread Tools
qole's Avatar
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#21
There is the possibility that someone in a wifi hotspot can act like a fake DNS and play man-in-the-middle, hijacking your connection. There should be some warning of this, however; the bad certificate warning mentioned above.

If you can't get an SSL connection, and you're paranoid about how dead-easy it is to traffic sniff on wifi, you can set up an encrypted tunnel using SSH.

I explain how to set up the MicroB browser to use this tunnel (as a SOCKS5 proxy) here. Note that your traffic can be sniffed once it leaves the other end of the tunnel for the Internet, but I have a much higher (probably false) sense of security on the wired Internet.
 
qole's Avatar
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#22
One more thing; since we're talking about wifi security, please note that you MUST change your root password if you install SSH on your tablet. If a hacker sees you in a cafe with your N800, and she's a moderately good hacker, she can *easily* gain root access using the default root password, and then run any command and copy files to/from your device with SFTP.

When I say easily, I mean DEAD-EASY. All she needs is your IP address and Google, and she's in your tablet and leafing through your files as she sips her mochaccino latte.

Last edited by qole; 2007-12-12 at 20:30.
 
Posts: 3,401 | Thanked: 1,255 times | Joined on Nov 2005 @ London, UK
#23
Originally Posted by qole View Post
When I say easily, I mean DEAD-EASY. All she needs is your IP address and Google, and she's in your tablet and leafing through your files as she sips her mochaccino latte.
Without giving too many details, can you explain how this is achieved? My N800 isn't as far as I know accessible via WiFi unless I initiate the connection, so are you suggesting someone can establish a connection to my device over WiFi once I've brought up the WiFi interface? I wouldn't have thought this was possible as I'm not running an ad-hoc WiFi connection, and I would have thought my N800 will only accept connections via the access point to which I am authenticated.
 
technut's Avatar
Posts: 574 | Thanked: 166 times | Joined on Oct 2007 @ BC, Canada
#24
Milhouse, you're correct that you'd need to have your Wi-Fi connected to be vulnerable. I think that was assumed in qole's scenario. But then anyone else on the same AP can reach your tablet, and if there is no firewall at the cafe then it could even be reached by anyone else on the Internet.

If you have an open port (eg. because you installed SSH) then they could connect to that and start trying ID/passwords to get authenticated. Which is why it is important that you not leave the default password in place after installing SSH.
__________________
Please follow these simple posting guidelines.
There are no stupid questions, just people who didn't search itT (with Google) first.
 

The Following User Says Thank You to technut For This Useful Post:
Posts: 156 | Thanked: 44 times | Joined on Dec 2007
#25
Originally Posted by Milhouse View Post
Without giving too many details, can you explain how this is achieved? My N800 isn't as far as I know accessible via WiFi unless I initiate the connection, so are you suggesting someone can establish a connection to my device over WiFi once I've brought up the WiFi interface? I wouldn't have thought this was possible as I'm not running an ad-hoc WiFi connection, and I would have thought my N800 will only accept connections via the access point to which I am authenticated.

If you install SSH, it allows anyone to connect remotely to your device if they know your password. The password is widely known for the root account ("rootme"), so anyone who does ssh root@1.2.3.4 (being the IP of the tablet) can use that password to get in.

If you are connected to the same wireless AP as someone, or on the same network as someone they can do this. An assumption was made that if there was a hotspot in the vicinity you'd be on it (being an Internet tablet user and all).

If you do have SSH installed, login as root, and change the root password. If you don't have SSH installed, stop worrying.
 
free's Avatar
Posts: 739 | Thanked: 159 times | Joined on Sep 2007 @ Germany - Munich
#26
the bad certificate warning mentioned above.
Well, if the browser tells you
"Oh somebody is probably trying to hack your computer, do you want to continue" ?
Then
Click No

From the ssh client you will see this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
or this
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!

The bad guy will have to trick the person into clicking yes at this.

I would be interested to see a demonstration

It's not a problem really of Wireless or Nokias.
If you are in your company with wired network (switched on not), anybody skilled enough can do this on your PC.
Good to know..
 
barry99705's Avatar
Posts: 641 | Thanked: 27 times | Joined on Apr 2007
#27
Wifi access points are for the most part just hubs. So once you're connected and browsing it shouldn't be too hard to find it. If I get some time later I'll install openssh on my nokia, and do a port scan of it.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.


SEARCH! It's probably already been answered.
 
Posts: 3,401 | Thanked: 1,255 times | Joined on Nov 2005 @ London, UK
#28
Originally Posted by t3h View Post
If you install SSH, it allows anyone to connect remotely to your device if they know your password. The password is widely known for the root account ("rootme"), so anyone who does ssh root@1.2.3.4 (being the IP of the tablet) can use that password to get in.

If you are connected to the same wireless AP as someone, or on the same network as someone they can do this. An assumption was made that if there was a hotspot in the vicinity you'd be on it (being an Internet tablet user and all).

If you do have SSH installed, login as root, and change the root password. If you don't have SSH installed, stop worrying.
OK that makes sense - all users on the same AP are most likely visible to all other users of the same AP unless the AP takes precautions to prevent users from communicating with each other. I had kind of assumed that a public access point wouldn't allow associated computers to communicate with each other as it's a fairly obvious security risk - does anyone know if public access points provide this level of protection? Of course even if some did, it wouldn't be advisable to depend on such protection as you're bound to end up connecting to some cheap @rse access point that leaves you wide open.
 
barry99705's Avatar
Posts: 641 | Thanked: 27 times | Joined on Apr 2007
#29
Originally Posted by Milhouse View Post
OK that makes sense - all users on the same AP are most likely visible to all other users of the same AP unless the AP takes precautions to prevent users from communicating with each other. I had kind of assumed that a public access point wouldn't allow associated computers to communicate with each other as it's a fairly obvious security risk - does anyone know if public access points provide this level of protection? Of course even if some did, it wouldn't be advisable to depend on such protection as you're bound to end up connecting to some cheap @rse access point that leaves you wide open.
So far all the public wifi I've ever connected to didn't. They were using higher end Cisco gear.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.


SEARCH! It's probably already been answered.
 
Posts: 190 | Thanked: 21 times | Joined on Sep 2006
#30
Originally Posted by Milhouse View Post
I had kind of assumed that a public access point wouldn't allow associated computers to communicate with each other as it's a fairly obvious security risk - does anyone know if public access points provide this level of protection?
All APs I ever had could be set up not to route between different addresses within their wireless network, so the trivial attack with a spoofed packet immediately redirecting traffic to the attackers laptop is blockable. But it barely increases security, what with the waves being sniffable for ARP and BIND requests and fake packets being injectable, an attacker can still do spoofed redirects to any pwned computer anywhere on the internet.
 
Reply


 
Forum Jump


All times are GMT. The time now is 09:42.