Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Wheeled Wi-Fi Sniffing Robot

Posted by CowboyNeal on from the tom-servo-totally-jealous dept.

paulnuyu writes "ZDNet/MSN has an article about a robot that detects Wi-Fi vulnerabilities and intrusions. The two wheeled robot made by the Shmoo Group cruised around the DefCon convention in Vegas last Sunday, picking up telnet and POP passwords. Though still a prototype, the shipping version is projected to have autonomous steering capabilities."

10 of 81 comments (clear)

  1. Telnet and POP? by mjmalone · · Score: 4, Insightful

    Currently, Holman said, the robot can sniff out passwords sent through protocols such as Telnet and POP

    If anyone is still using plaintext to send passwords over their lan they are insane. I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.

    --
    Visualize the world of wine
    1. Re:Telnet and POP? by jc42 · · Score: 5, Interesting

      If anyone is still using plaintext to send passwords over their lan they are insane.

      Well, a lot of people don't have any choice. Our cable ISP here, for example, provided the usual email accounts, and for a lot of customers, that is their only email. If you use it, you have no choice other than POP, and I haven't seen anything in several mailers that talks about encrypting the passwords. Our ISP doesn't actually block port 25, so you could run your own mailer. This isn't feasible for most customers, though, for several reasons. One is the dynamic IP addresses and insane hostnames. I've fixed that by using one of the many independent registration services, but to most customers, that would be utterly baffling and unusable. Another problem is that running your own email server is in fact in violation of the TOS in the ISP's contract, and they can legally block your port(s) or kick you off entirely at any time, without warning or recourse.

      So for most non-geek customers, unencrypted POP passwords are the only option. There's probably no way they could even learn from the ISP that there's a problem; they certainly wouldn't get (or understand) any advice on how to fix it.

      (Myself, I use an account at a school. It has been stable and usable for over 15 years now, unlike commercial email accounts that force you to change your address every 6 months whenever there's a merger, buyout, or corporate renaming. And I can use a plain-text mail reader, eliminating all problems with virii, worms and the like. But I'm not sure I'd recommend this to the typical non-geek.)

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. WiFi Robot Wars. by Moosifer · · Score: 5, Funny

    Now all they need to do is add an axe or a hammer to it so that it can take out rogue access points.

    1. Re:WiFi Robot Wars. by stienman · · Score: 4, Funny

      I'm sorry about your husband, Ma'am, but he was carrying an Ipaq on his person, and said Ipaq was running linux with its wireless card configured as an access point.

      No Ma'am, we are certianly considering changing the flamethrower for a taser or EMP weapon of some sort. Of course we understand - closed casket funerals always raise curiosity. Yes, Ma'am, we'll be sure to do that. Thank you for understanding.

      You get the next one Bob, and remember that it's IPAQ, not IRAQ. You got Mrs Fitz really worked up over that slip-up.

      -Adam

  3. Let me get this straight... by inertia187 · · Score: 4, Funny

    Mass produced WiFi sniffing robots that pick up passwords are fine, RFID tags that keep people from stealing things under their clothes are bad. Ok, just so I understand.

    Ok, what if these mass produced WiFi sniffing robots are get sold at WalMart? What then? You'll have a WiFi sniffing robot with a RFID tag. What a dilemma.

    --
    A programmer is a machine for converting coffee into code.
  4. Use? by Radon+Knight · · Score: 4, Interesting

    Could someone explain just why this is useful? Sounds like a terrible waste of robotics to me.

  5. uh oh by selderrr · · Score: 4, Funny

    at 18:18 it went autonomous...

    --
    When will I end this grieving ? When will my future begin ?
  6. Two wheeled? Peshaw! by fiftyvolts · · Score: 5, Funny

    When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.

    "What's that boy?"

    "Arf! Arf!"

    "JImmy's unsing unencrypted WiFi?"

    --
    100% Crunchier
    1. Re:Two wheeled? Peshaw! by frankmu · · Score: 4, Funny

      how about modifying the aibo to pee on the wifi source instead?

      --
      Supreme executive power derives from a mandate from the masses, not from some farcical aquatic ceremony.
  7. Make it a standard by segment · · Score: 4, Interesting
    With all these insecurities over protocols not using any form of SSL you would think companies after so much time would have made it a default issue to run these protocols securely. How hard would it be for the developers of BSD/Linux/*Nix to change the settings on this. Well actually someone should create a sort of "Trust" repository for sites that don't know how to set up SSL and the likes. (e.g. the millions of mom and pop shops on the net) and perhaps charge them for securing their data.

    I know Verisign and others offer services like this often at a high rate but perhaps the initiative can be funded by governments participating in some W3 standard to secure transactions.

    --
    MoFscker