← Back to context

Comment by john_strinlai

20 hours ago

you are definitely correct that it is potentially a big deal because it breaks expectation around network segmentation and isolation

however, most people will read "breaks wi-fi encryption" and assume that it means that someone can launch this attack while wardriving, which they cant.

4 comments

john_strinlai

Reply
ProllyInfamous  20 hours ago

>assume that it means that someone can launch this attack while wardriving, which they cant.

As a former wardriver (¡WEPlol!), it only makes this more difficult. In my US city every home/business has a fiber/copper switch, usually outside. A screw-driver and you're in.

Granted, this now becomes a physical attack (only for initial access) — but still viable.

----

>the next step is to put [AirSnitch] into historical context and assess how big a threat it poses in the real world. In some respects, it resembles the 2007 PTW attack ... that completely and immediately broke WEP, leaving Wi-Fi users everywhere with no means to protect themselves against nearby adversaries. For now, client isolation is similarly defeated—almost completely and overnight—with no immediate remedy available.

----

I think the article's main point is that so many places have similarly-such-unsecured plug-in points. Perhaps even a user was authorized for one WiFi network segment, and is already "in" — bless this digital mess!

  • tmp10423288442  18 hours ago

    You have a modem that you can attach to those switches? They’re completely unauthenticated?

    • ProllyInfamous  18 hours ago

      Both, yes. Physical hardware isolation.

      ----

      As a funny personal anecdote, my brother is a state judge. His most personal thoughts & correspondances are crafted upon typewriters (mine as well). He isn't officially allowed to just use any phone/computer/network. He is a "high value target" [0],

      My personal attorney still doesn't use "the cloud" for client documents (which is respectable) — has local servers, mostly offline. No typewriter, though =P

      ----

      I'm just an electrician.

      [0] Does it bother anybody else that Pam Bondi has reports specifically of which documents each congressman reviewed (photographed by AP, during recent testimony)?