Two Wheeled Wi-Fi Sniffing Robot

paulnuyu writes "ZDNet/MSN has an article about a robot that detects Wi-Fi vulnerabilities and intrusions. The two wheeled robot made by the Shmoo Group cruised around the DefCon convention in Vegas last Sunday, picking up telnet and POP passwords. Though still a prototype, the shipping version is projected to have autonomous steering capabilities."

Telnet and POP?

[mjmalone]

Currently, Holman said, the robot can sniff out passwords sent through protocols such as Telnet and POP

If anyone is still using plaintext to send passwords over their lan they are insane. I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.

Re:Telnet and POP?

[jc42]

If anyone is still using plaintext to send passwords over their lan they are insane.

Well, a lot of people don't have any choice. Our cable ISP here, for example, provided the usual email accounts, and for a lot of customers, that is their only email. If you use it, you have no choice other than POP, and I haven't seen anything in several mailers that talks about encrypting the passwords. Our ISP doesn't actually block port 25, so you could run your own mailer. This isn't feasible for most customers, though, for several reasons. One is the dynamic IP addresses and insane hostnames. I've fixed that by using one of the many independent registration services, but to most customers, that would be utterly baffling and unusable. Another problem is that running your own email server is in fact in violation of the TOS in the ISP's contract, and they can legally block your port(s) or kick you off entirely at any time, without warning or recourse.

So for most non-geek customers, unencrypted POP passwords are the only option. There's probably no way they could even learn from the ISP that there's a problem; they certainly wouldn't get (or understand) any advice on how to fix it.

(Myself, I use an account at a school. It has been stable and usable for over 15 years now, unlike commercial email accounts that force you to change your address every 6 months whenever there's a merger, buyout, or corporate renaming. And I can use a plain-text mail reader, eliminating all problems with virii, worms and the like. But I'm not sure I'd recommend this to the typical non-geek.)

Re:Telnet and POP?

[lavorgeous]

I agree -- most non-geeks shouldn't have to worry about such things (and likely don't even know that they might need to).

But DefCon isn't an average-joe situation -- I'm amazed that the attendees at a conference like DefCon wouldn't know better than to wander around a conference filled with other geeks surfing/mailing/etc over WiFi without at least using SSH.

Re:Telnet and POP?

[Knightmare]

Since you obviously don't live in the real world, here is a quick note from it... There are LOTS of devices that don't support encryption that are in use at most organizations of decent size. If you were to take a stroll around all of the fortune 1xx companies I bet you would find un-encrypted traffic that might be considered sensitive data flowing all over the place...

And I am not talking just the custom apps that some dev team in house wrote several years ago. This includes software packages today that don't have below 1mil price points (ERP.)

And we can look at a much lower level, most companies of any size are going to have some Cisco gear on their network. Guess what the normal cisco image doesn't support? Encryption, which means you are giving out passwords to all your layer 2/3 devices to anybody sniffing because Cisco doesn't seem to want to give ssh to everybody.

Even lower down the food chain, home routers, wirless access points, how do you configure them? Telnet or HTTP.

The list of examples goes on for days, before you tear into all the non encryption using admins out there. Try sitting in their shoes and think about the battles they have to fight on a daily basis, just to get the gear they need to do their job, much less change the way HUGE vendors do business. Business case always beats techie's wild brained ideas, like security.

Re:Telnet and POP?

[Istealmymusic]

Use webmail.

Re:Telnet and POP?

[altamira]

Running your own SMTP mailer on DynDNS service with dynamic IP addresses is insane as well, as this creates a considerable time window (of at least 60 seconds, which was the DynDNS.org TTL last time I checked; far more when you're offline for one reason or another) for your messages to hit the wrong customer - that is, assuming DNS in this world is working perfectly and all servers will respect the DynDNS record's TTL. I happen to believe that DNS has never been in this state, even though it appears to have improved a lot during the last years.

Anyway, as far as security is concerned, running your own mailer on dynamic IP addresses WITHOUT the cooperation of your ISP (having the ISP accept mail on behalf of you, then forward it to you based on e.g. RADIUS-supplied 'Current-IP' information) is just as insane...

Mmmhhh... thats nice

[neglige]

Now all it need is a way to create those WLAN grafittis. And a way to publish all found passwords on a web-page.

And while you're at it, give it the ability to create a map of the signal strenght, too...

Re:Mmmhhh... thats nice

[G+Money]

They had that at Defcon. They called it the wall of sheep and would display usernames, partial passwords, and protocols that had been captured over the wireless links at Defcon. I loved seeing a root telnet from someone displayed on the wall.

Re:Mmmhhh... thats nice

[vuud]

A few months ago 2600 magazine had a arial photo of manhattan, with wifi points they found drawn over it. The stronger the signal was, the larger the circle identifiying it was. Cool shot.

Jalics.

There's this one guy in Akron who's building a robot. He has GPS on it. All it does is roll around, it's not exactly that great of a robot.

The thing is, I ask him all the time, "What does your robot do jalics?"

jalics: Right now the first thing it will just be a rover.
jalics: It'll have a webcam, gps, wifi.
jalics: So I can control it remotely.

jalics: To get accurate feedback on wheel position will be harder, but thats what I'm aiming for.

Now THIS

Is what Bond would use! Imagine him controlling this thing with a cell phone or something. He'd sniff around and get the bad guy's password, go to the hideout, kill the henchmen (and the usual: make stupid jokes and steal the villan's women).

WiFi Robot Wars.

[Moosifer]

Now all they need to do is add an axe or a hammer to it so that it can take out rogue access points.

Re:WiFi Robot Wars.

[stienman]

I'm sorry about your husband, Ma'am, but he was carrying an Ipaq on his person, and said Ipaq was running linux with its wireless card configured as an access point.

No Ma'am, we are certianly considering changing the flamethrower for a taser or EMP weapon of some sort. Of course we understand - closed casket funerals always raise curiosity. Yes, Ma'am, we'll be sure to do that. Thank you for understanding.

You get the next one Bob, and remember that it's IPAQ, not IRAQ. You got Mrs Fitz really worked up over that slip-up.

-Adam

Re:WiFi Robot Wars.

[SWTP_OS9]

Just put enough C4 inside of it to do the job! Problem is cleaning up the mess.

When signal strength get to a certain level and IP is correct... Blam. It even marks were the problem was! :)

Re:WiFi Robot Wars.

[AndroidCat]

Wait until someone builds a trapper bot. It broadcasts a rogue access point, and lies in wait for all the sniffer bots to come along. It returns whenever its scrap bin is full to empty it and recharge.

Obligatory Dr. Evil rejoinder...

[MsGeek]

It should be in the shape of a shark with a fricken laser beam on its fricken head!

BTW: 1,000th post! w00t!

Let me get this straight...

[inertia187]

Mass produced WiFi sniffing robots that pick up passwords are fine, RFID tags that keep people from stealing things under their clothes are bad. Ok, just so I understand.

Ok, what if these mass produced WiFi sniffing robots are get sold at WalMart? What then? You'll have a WiFi sniffing robot with a RFID tag. What a dilemma.

Re:Let me get this straight...

You missed the point re: RFID. It's not the tracking while in the store that is so alarming, it's the tracking after you leave and return. It's the potential for information sharing between retailers. Stop spreading deliberate pro-RFID messages without knowing the facts.

Re:Let me get this straight...

[RetroGeek]

And what is wrong with the store burning out the RFID? Using EMP should do it.

Similar to the current magnetic tags which are disabled at the counter.

Re:Let me get this straight...

[CptNerd]

So, just buy stuff at the Goodwill, and you can walk around as everyone who ever bought the stuff before. Too many conflicting RFID tags will cause so much confusion that their use will end up being limited.

Unintended consequences and all that.

Ooo..

[ShadeARG]

What about using the remote to adjust antenna position to figure out signal string so it can tell where other WiFi robots are. Then again, you wouldn't want it attacking the WAPs and ad-hocs.. or would you? >:)

Use?

[Radon+Knight]

Could someone explain just why this is useful? Sounds like a terrible waste of robotics to me.

Re:Use?

[H8X55]

yeah, i was wondering about that myself. I mean, i could just have a seat at a table with my $900 toshiba laptop, netstumbler, and a 802.11b card and get the same results.

Re:Use?

Pah, Netstumbler.
Use something proper like Kismet, and/or Airsnort.

Re:Use?

[segment]

This could actually come in handy for the military industrial complex who will build it for pennies and sell it for millions... Actually think about it, the military could use it for real time war scenarios. tracking their own and the enemies soldiers, aircraft etc., as opposed to purchasing a tracking device for all soldiers, they could have one all inclusive roving machine which if shot at wouldn't have a widow or saddened family members.

Look at what the mil has done with the unmanned Predator drones, it could be used more or less under the same situations, to limit casualties and get into places where it would be too dangerous for soldiers. Or it could be a combo biometric machine for companies (say financial co.'s) to use. Perhaps it could be used for a nightly or daily audit to see which hosts on their machines are using insecure protocols

Re:Use?

Sounds like a terrible waste of robotics to me.

Said by someone wasting his life reading Slashdot.

Re:Use?

[Josh+Mast]

Could someone explain just why your comment is Interesting? Sounds like a terrible waste of mod points to me.

Re:Use?

[sheetsda]

Scenario 1:
You work for company X, who has a wireless network, a large building, and large number of access points and very few geeks employed to make the thing run. You don't know the person who set up the wireless so you don't know how good of a job [s]he did. Enter this robot, it goes through the building scanning the place for insecure areas.
Scenario 2:
You work for a tech firm who employs a large number of hackers/geeks that have the access and the know how to create insecurities in your wireless network for whatever purpose. Enter this robot, it continuously transverses the network watching for vulnerabilities.

Re:Use?

[bobobobo]

Well, say there was an undesirable user on your premises using your BW or something else bad. Great way to find him. Probably better than the old narcileptic security guard too.

Perhaps script kiddies will be replaced?

[calebb]

Hmm: "script bots?" It really doesn't have the same ring though. When I hear 'script kiddie,' my blood pressure starts going up, but 'script bot...' Nah...

Not to mention the fact that you can reach 1e6 times more random systems from location X on AOL than what you from a corporate wifi network.

uh oh

[selderrr]

at 18:18 it went autonomous...

Two wheeled? Peshaw!

[fiftyvolts]

When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.

"What's that boy?"

"Arf! Arf!"

"JImmy's unsing unencrypted WiFi?"

Re:Two wheeled? Peshaw!

[SWTP_OS9]

Even better! Give new meaning to the term "Go Fetch!"

Re:Two wheeled? Peshaw!

[Sanity]

When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.

Actually not as crazy an idea as it sounds since Aibo can have a WiFi card.

Re:Two wheeled? Peshaw!

[frankmu]

how about modifying the aibo to pee on the wifi source instead?

Make it a standard

[segment]

With all these insecurities over protocols not using any form of SSL you would think companies after so much time would have made it a default issue to run these protocols securely. How hard would it be for the developers of BSD/Linux/*Nix to change the settings on this. Well actually someone should create a sort of "Trust" repository for sites that don't know how to set up SSL and the likes. (e.g. the millions of mom and pop shops on the net) and perhaps charge them for securing their data.

I know Verisign and others offer services like this often at a high rate but perhaps the initiative can be funded by governments participating in some W3 standard to secure transactions.

Re:Make it a standard

Some Unix distributions (*BSD, some Linux distros, MacOS X) have made a secure setup the default; almost everything disabled, remote accesss only available through ssh.

For other services, the problem is that you need to install and set them up separately, in any case, and that needs you to understand what you're doing, at least to some extent.

Another problem with SSL is that unlike with ssh, you're not supposed to just generate your own certificates (although you can), and making that the default behavior might not be wise...

Bait, and false sense of security

[SuperBanana]

If anyone is still using plaintext to send passwords over their lan they are insane.

Did it occur to anyone that maybe those passwords were bait? No better way to catch a scriptkiddie than to make him think he's hit a goldmine. He runs home, logs into that honeypot, and the cops are on his doorstep the next day. Do not pass go, do not collect $200, 'd00d'.

I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.

Just a sidenote, but POP itself isn't insecure auth-wise, and neither is telnet. POP3 supports APOP, which uses CRAM-MD5 to encode the password, and is rather secure. Telnet is installed on most linux systems now with kerberos support.

There's nothing particularly secure about SSL or SSH either- unless you've spent several hundred dollars on a cert(for SSL) signed by one of the major CAs, or you have your system with you, and you trust that cert. Walking up to a workstation and logging in to your webmail over https from your home box, when you see that "is this cert ok?" you really have no idea.

It's a little better for SSH- smart SSH users have a printout of their system's fingerprint so they can quickly compare the two, before clicking "yes"...but too many people just blindly click "Yes", and that's your greatest risk right there. Not to mention, that copy of putty on that innocent looking windows box could be trojaned by the last conference guest to use it...etc. etc.

Ultimately, the most secure method is having your own hardware that by mere physical availability can't be tampered with very easily. Your system already knows what SSH fingerprints to trust, it already knows what SSL certs are cool, there's no real danger of keylogging...oh, and you can set up a full-blown VPN connection so nobody can even tell what you're doing.

Re:Bait, and false sense of security

POP itself isn't insecure auth-wise, and neither is telnet

reader: Parse error in paragraph 4: Triple negative overflow. Giving up.

Re:Bait, and false sense of security

[rthille]

If you type your password into some unknown workstation to log into your 'protected' machine with SSH then you instantly have zero security! A small dongle on the box will record all your keystrokes, or software hidden in the kernel or whatever. I trust my laptop plugged into someone else's network port, but I won't trust their computer.
I guess if you server uses one-time-passwords (like secure-ID), you'd be OK.

Give the robot an AI Mind

[Mentifex]

A Robot AI Mind is available free of charge for alteration and installation in any robot.

Do-It-Yourself Artificial Intelligence leads you through the steps of DIY AI for robots.

The main Alife program loop is the first stage of coding robot artificial intelligence in any XYZ programming language.

The Tutorial AI Mind in JavaScript for Microsoft Internet Explorer is one sample pathway in the evolution of Minds for robots.

Reminds me of Matrix

[cronostitan]

An autonomous robot guarding human actions is the first step to a robot race that will develop a consciousness one time and wipe us from the face of this earth.

Another possible combination

[in7ane]

What about a robot that can sniff out RFID tags?

Oh, actually I think that was discussed already...

Re:Another possible combination

Sure, and if they robot was an AIBO and the RFID was on your underwear, it would be just like a real dog.

--
me

not afraid... (yet)

[jacquesm]

Personally as long as these wardriving robots do not come with armaments (remotely or autonomously controlled) I'm not afraid. Feel free to sniff my pop / telnet passwords (don't use either), just please *dont* shoot me :)

Shameless plug: try the world wide grapevine!

Re:not afraid... (yet)

*THUMP* *THUMP* *THUMP* YOU HAVE 20 SECONDS TO SECURE YOUR WI-FI. 18 17 16 ...

Don't tell the RIAA

[GordoSlasher]

They might use the robots to sniff out and destroy copyright infringers.

This idea is Copyright (C) 2003 by GordoSlasher, All Rights Reserved. Any use of WiFi-sniffing robots by the RIAA to sniff out and destroy copyright infringers will be prosecuted to the fullest extent of the law.

Re:Don't tell the RIAA

Copyright is for artistic works, patents are for ideas.

Get a clue.

Coincidence

[Mars+Saxman]

I saw this robot in action Tuesday evening at the opening of the Dorkbot show at COCA here in Seattle. Only it wasn't running around looking for open access points, it was out in front of the DJ stage *dancing*. Someone had brought their daughter, who looked to be about four, and for a few minutes the kid and the wheely-bot were dancing. Quite a scene, though I didn't have my camera handy.

-Mars

Re:Coincidence

[Dr+Cool]

I was just about to post a message that *I* had seen it in action until I read yours. : ) I was the guy who set up the stage lighting. I was really intrigued by the robot because it did such a great job navigating amongst a crowd of slightly inebriated people, both milling about and dancing. And it was my friend who brought the 2-1/2 year-old girl (named Katrina). I kept a sharp eye on Katrina, hoping she wouldn't crash into the rather expensive-looking robot as she danced in front of the stage. Personally, I think the robot has far better uses than sniffing WiFi points. It's too cool to be put to such a utilitarian use.

Shmoo Group

[The+Old+Burke]

Are they the same as the old Ghetto Hackers?

I wonder if I would want to trust them with a robot running around scanning my network...

Re:Shmoo Group

Nah. If you looked at the web pages you'd see you can get a memberhip list of the Shmoo. At Defcon the Ghetto Hackers ran the Root Fu and the Shmoo and Immunix were one of the teams.

Re:Shmoo Group

[Null_Packet]

No, we're not the same as the shmoo group.

hybrid

Re:Shmoo Group

[The+Old+Burke]

Roger that.

Depends on the workplace

I work at a DOE National Lab (therefore posting as AC), and having this thing run around the halls would cause the scientific staff to hoot excitedly (think about the opening scene of 2001) and revel in the computing staff's percieved GeekFu. And the second the robot found a rogue AP the cheering would stop as the offender is terminated on the spot and marched offsite.

Two wheeled?

Hah! Finally someone found what to do with all those unsold segways.

Sounds just like my dog...

...after the car accident. Only with balls instead of wi-fi.

Re:write again?

even ross perot maybe would have had that much insight/compassion.

this misrepresentation/greed/fear based murder is killing us.

for each harmed innocent, there is a bad toll. the felons/walking dead are not going to make reparations. they will be gone as the lights come up. that (reparation/more light bringing) will be left to you/us, if there's any of you/us left.

huh??

[iamhassi]

wireless networks aren't carpets that need constant cleaning: they don't develop vulnerabilities over time. It's either secure or it's not. Once the network is secure you don't need to keep checking if the network is secure, so what's the point of a robot that constantly checks wireless security?

Re:huh??

[jenkin+sear]

Been to manhattan lately?

I found 6 unencrypted networks by sniffing right outside an office window. (38th and sixth, and all the sids were "linksys"...)

In dense metro areas, new networks are being constantly installed by clueless desktop monkeys. I could easily see an application for this, just to know what was going on in the rf space around your city.

Is it just me...

[gremlins]

Or is this the stuipest thing you have ever heard of. There is no pratical application for this thing. Then again it could fight my ABIO in a no holds bar to the death steal cage battlebots match.

Laptops change that

[billstewart]

Sure, access points don't just pop up, and if they've been secured, they'll probably stay secure. And desktop computers are relatively stable. But people get new laptops all the time, and add WiFi cards to existing laptops (especially when they're adding wifi to their home networks), and laptops get their settings messed up all the time.

Re:Laptops change that

[iamhassi]

But people get new laptops all the time, and add WiFi cards to existing laptops (especially when they're adding wifi to their home networks), and laptops get their settings messed up all the time.

This robot is for major businesses, right? So why would a business care that the moron across the street setup a wireless network?

Every decent IT department will lock down the PCs pretty tight, no one is going to be installing a wireless NIC in their laptop or changing the settings without IT knowing it. And if IT doesn't lock down the PCs a robot isn't going to fix the problem, but perhaps replacing the IT department will.

Robot without the wheels

[t_allardyce]

How about an automated wi-fi scanner (basically this thing without the wheels) that you carry around in your pocket/car/bag, it could have gps to mark locations and could then send all the data it automatically gathers (as you go about your daily business) to a central database/web-site, to take the piss it could try and use a connection through a network it just discovered to reach the web-site or if it couldnt it could just save it and it could be uploaded later. This would basically just be automated war driving software, but it would be useful to have an electronic database in your hand on the where-abouts of the nearest hot-spot for your web access, complete with gps pointing out the direction and optionally pointing to where it wants you to go to search for new networks. It could even be peer-based - connecting with similar programs on other people and exchanging data automatically.

No need for autonomous capabilities

[Flamed+to+a+Crisp]

Its designers said they're still working on the autonomous capabilities--including sensors to detect humans and obstacles--and so they used a game controller that's attached to a laptop in a backpack to maneuver the robot around DefCon.

No need. Just hire some 10-year-old off the street and pay him like $10 to drive it around with a remote control. Man, I would have loved to have that job when I was that age.

Photos & more info soon.

[kwj8fty1]

Hi there folks,

You can see the photo from the news.com article here.

We will be releasing all of the code GPL, so keep your eyes on the site for updates.

-Eric

mod parent up

thats some dern good thinkin there! really!

why does off topic get "insightful"????

[mulp]

Why do the the initial replies always stray way off the unique part of the post?

And then, why oh why oh why do these off topic posts get moderated as "insightfull"???

What the hell do these initial responses have to do with a two wheeled robot with automous capabilities?

APOP is worthless

[Jamie+Zawinski]

Just a sidenote, but POP itself isn't insecure auth-wise, and neither is telnet. POP3 supports APOP, which uses CRAM-MD5 to encode the password, and is rather secure.

APOP is pretty worthless: it is trading one problem for an even worse one.

The USER/PASS approach means sending all passwords in the clear, so you're subject to evesdropping/replay attacks. (That's, obviously, not so good.) But the server never holds on to your plaintext password; it just encrypts it and compares the result to ciphertext.

The APOP approach is immune to evesdropping/replay on the password itself, but it requires that the server have access to the clear-text password of every user of the server. So if you hack the server, you've got the passwords of every user of the system, rather than every user who happened to connect while you were snooping; and thus you've made the server be a much more attractive target than it was before.

With USER/PASS, at least the passwords can be stored encrypted on the server side (as in /etc/shadow).

On top of all that, even when using APOP with POP, the password is protected in transit, but the mail is not! So, yeah, the attacker can't get your password: they can only get all of the mail you ever download instead. Wasn't it the mail you were trying to protect in the first place?

I think APOP adds 0.1% security to one end, while borrowing 99.9% of the security from the other end. Encrypt the pipe.

What's next, a unicycle?

[jemenake]

The two wheeled robot...

How is *that* not news in itself? Either they've got a robot that can ride a bike, or they've got a pilotless Segway. Either way, that's pretty impressive. :)

Of course, there's always the other possibility that (casters|outriggers|nylon sliding feet|articulated legs) don't count as "wheels" and shouldn't be mentioned.

Re:What's next, a unicycle?

[Man+Eating+Duck]

The robot's kind of suspended from the naves (is that the word? Centerpoints...) of the wheels, so that balance isn't an issue. Picture here

think of all the uses

[lostinchicago]

think of all the uses for a little guy like this. set it loose in the halls of micro$oft HQ and see what you get