Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker-Built PC Scans 300 Wifi Networks At Once

Posted by ryuzaki0 on from the quite-the-multitasker dept.

An anonymous reader writes to mention an Engadget post on an incredibly powerful wifi scanner. The 'Janus Project', as it is called, can sniff 300 networks simultaneously. It stores and encrypts the data as it receives it, for later use. From the article: "In addition, the Janus Project has an instant off switch, which requires a USB key that has a 2000-bit passkey and a separate password to regain access. What's under the hood? Williams packed an Ubuntu Linux machine running on a 1.5GHz VIA C7 processor with an Acer 17-inch screen into that snazzy little rugged yellow box. Oh, and the closed case is waterproof too, in case you need to transport Janus Project on a whitewater raft to your next hacking hotspot. We don't doubt someone will." The post leads to a tgdaily article, which offers more details.

6 of 121 comments (clear)

  1. This device is against FCC Part 15 rules by w9ofa · · Score: 5, Interesting

    The one watt amplifiers mentioned in the article almost guarantees that this device is operating outside the FCC part 15 rules.

    I know everyone on /. hates the FCC, but consider how many nearby wireless networks might be effectively DoS'ed while he is trying
    to hack some schmuck's WEP key.

  2. Sell? by SocialEngineer · · Score: 2, Interesting

    I'm sorry, but I don't see much in the way of commercial application for this thing - we know standard wireless networking encryption isn't secure. We know it can be cracked, and it can be cracked with just 2 cheap laptops to capture the data. There isn't much more of a need for proof-of-concept anymore.

    --
    "Better to be vulgar than non-existent" -Bev Henson
  3. Re:Just about time by Kadin2048 · · Score: 4, Interesting
    Did you even read the article?
    In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.
    ...
    Williams is improving the Janus computer to crack wireless networks even faster. He is optimizing software routines to use the C7 chip to crack WPA and WPA2 protected networks without the use of Rainbow tables. He is also working on breaking SHA1 and RSA encryption in a single processor instruction cycle.

    No, it can't decrypt traffic from 300 networks at once, but it can certainly crack one that's encrypted with some of the most common algorithms rather quickly. It's more than just a recording device. Although, if it really can crack networks that quickly, then concievably you could crack all the WEP-enabled networks in range, and then start logging all the traffic on all the networks that you could hear, encrypted and not, for later analysis.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. So use VPNs. by Randseed · · Score: 4, Interesting
    You'd think by now that people would go ahead and use WEP or WPA, but tunnel traffic over a VPN even to internal sites. That's what I do. While someone may be able to crack my WEP or WPA keys, all that gets them is the ability to access the VPN port on the router. Everything else, including traffic to internal machines, is dropped unless it comes from the VPN. And since the VPN address is on a seperate subnet, the WAP won't route the traffic if you force your IP address to be open, but appear as the VPN IP address.

    Obvoiusly not foolproof. I need to get all the machines to drop the traffic unless it's routed through the router. In other words, it doesn't matter where it comes from, but the machines will only listen to traffic coming in off the VPN subnet, and then only listen to that if it's being routed by the internal router. That keeps someone from being cute somehow and confusing the network by plugging something in with an IP address that's on the VPN subnet; since it wouldn't come via the internal router (VPN server), the machines would go "Uh, WTF?"

  5. 283 * 0 = 0 by Doc+Ruby · · Score: 3, Interesting

    The WiFi bandwidth has 17 data channels, each of which can be controlled by only one network at one time. How can a single node sniff more than 17 networks simultaneously.

    --

    --
    make install -not war

  6. Re:Just another way to get thrown into Gitmo. by hazem · · Score: 2, Interesting

    If you are not under arrest, and if they are simply investigating, you don't have as many protections and you can be charged with interfering with a federal investigation. There's some kind of legal "trilemna" that is considered unethical - but is often used by the government to get around the "self-incrimination" issue:

    Your three choices are:
    1) answer the questions/comply with information requests - which ends up incriminating you
    2) refuse to answer the questions - now you can be charged with interfering with the investigation
    3) lie - and now you're lying to a federal investigator, which is also a crime

    Sure, the 5th ammendment says you're not supposed to be compelled to testify against yourself - but you have to be arrested before that protection really comes into play.

    Oh, I know, if you haven't done anything wrong, you have nothing to worry about... because the government never makes mistakes, never does things out of malice, and never has an agenda other than liberty and justice for all.