Slashdot Mirror
Wireless Presenters Attacked Using an Arduino
An anonymous reader writes "This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to get remote code execution by sending arbitrary keystrokes to the presenter dongle. He has now released the code and made a blog post explaining how it all works. Better watch out the next time you're giving a presentation using one of these devices!"
You said "dongle".
Useful for:
* Corporate espionage
* Screwing with professors at school
* Pissing off Steve Jobs.
We all know which one's most likely.
#fuckbeta #iamslashdot #dicemustdie
Strictly speaking, Arduinos aren't microcontrollers. They're a popular hobbyist embedded platform based around the Atmel AVR microcontroller family. Much like Dells are a particular brand of computer based around x86 architecture microprocessors.
But yes, "Arduino this", "Arduino that" gets tiring after a while. Arduinos have a huge following, but there are zillions of alternatives of all shapes and sizes (many of them better in many ways). There's nothing Arduino-specific about this hack.
dunno about that -- from the article (yes, i RTFA in this case) it seems you can send any keystrokes you want... so as long as the system accepted the commands you were giving it (presumably anything that doesn't require user elevation) you could make it do whatever you wanted.
While Bluetooth certainly has its issues and took a while to address all the early security concerns, I really wish wireless device creators would stop rolling their own protocols. With limited engineering, they are almost certainly guaranteed to do it badly. As of Bluetooth 2.1, all communication aside from service discovery is encrypted. There are still pairing exploits and implementation defects, but at least they have the core idea right. In order to monkey with a Bluetooth presentation remote, you would have to (a) discover the shared key during the speakers presentation, (b) convince the presenter to redo pairing prior to speaking and somehow get them to pair with your evil device instead (has a Bluetooth man-in-the-middle attack been tried yet?), or (c) give up and settle for just jamming the communication, causing a whopping 30 seconds of confusion. If you design a wireless protocol now without over-the-air encryption, you are doing it wrong.
Did you rta? He demoed getting a Metasploit payload on the system
While strictly true (once you attach a microcontroller chip to a PCB board, it's no longer just a microcontroller), there isn't much to an Arduino board aside from the controller. Most include some basic power management and a USB-to-serial chip for programming and comms, but those are just common features rather than requirements to be considered an Arduino. IMO, what defines an Arduino is its software package... Or is that what you were getting at? ^_^
You could implement a better attack by just throwing Arduinos at the presenter.
The World Wide Web is dying. Soon, we shall have only the Internet.
Well, technically, Arduinos are defined as whatever Smart Projects labels an Arduino (it's their trademark). However, yeah, Arduinos (in common usage) are defined more by their software rather than their hardware(in particular, a compatible bootloader that works with the Arduino development environment), because you don't really need much hardware to make a modern microcontroller run.
Which really just goes on to prove that there isn't anything special about Arduino at all. It's really just a bog-standard simple microcontroller breakout board (power regulator, serial I/O either via RS232 or USB, and pin headers for the micro pins) and a standard bootloader and development environment, using a slightly cooked version of C/C++ for programming (they just pre-include a header and tack on a standard main() before feeding it to GCC). Everything else is just positive feedback: Arduino is popular, so people use Arduino, so there's a large community of projects and examples and prewritten code, so Arduino becomes more popular.
I started off with microcontrollers using a crappy development board for PIC micros quite a few years back, and quickly outgrew it and have never really bothered with dev boards ever since. There isn't much of a point when you literally just feed the micro power and ground and it runs. I've built projects where the number of support components for the micro was literally zero (one, if you count the programming connector).
It's clear that you and the moderators haven't bothered to actually read the article. The research and tools used for the attack were non-trivial, and the impact is remote code execution.
In many of these cases the little proprietary receiver dongle accepts arbitrary keystrokes, not just the ones that the remote has buttons for, because it is exactly the same item as the one being sold(under that brand, or one or more others) in a package with a wireless keyboard and often a mouse as well. Some kits come with everything in one box, receiver, keyboard, mouse, little powerpoint clicker widget.
In other cases, I imagine, the engineer in charge of knocking together the receiver unit (correctly) realized that implementing a general-purpose system for taking arbitrary keycodes encapsulated in whatever the proprietary RF protocol is and dumping them to the host system just like any USB HID device wouldn't be much harder than implementing just the 6 keycodes found on revision 1 of Product X and would save him from having to do it again when revision 1.1 adds another couple of buttons, and revision 2.0 has to have a special button for the ribbon interface, or whatever it happens to be.
I would agree that the desire for "cheap" is arguably behind this problem; but I would disagree about "shiny". The problem isn't that the protocol is general purpose(particularly in those cases where the receiver was sold in a set that contained a mouse and/or keyboard in addition to the little PPT remote...) but that absolutely no useful effort was made to apply what we already know about authentication and encryption. For just slightly more, you could just have a bluetooth device that(while certainly not free of security issues throughout its history) at least takes security into account, and isn't some poor bastard who knows very little about crypto reinventing the wheel at the last second.
But yes, "Arduino this", "Arduino that" gets tiring after a while. Arduinos have a huge following, but there are zillions of alternatives of all shapes and sizes (many of them better in many ways). There's nothing Arduino-specific about this hack.
What's cool about Arduino is how it reduces development time through the use of readily available shields. So if he used any of them then it's worth mentioning and not if not (I skimmed but did not actually read the article, I didn't notice ANY of the Arduino details, but I did get momentarily flustered about the idea of owning a USBee.)
Speaking of cool stuff I could own, can anyone recommend a cheap USB JTAG with Windows and Linux support? I would accept RS232 as a second option. LPT is not eligible.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
there is nothing special with the Arduino when you look at it from a technical standpoint. But it all changes when you look at it from a human stand point. Since the release of the Arduino platform I have seen so many more people that would probably never picked up a soldering iron in their lives make cool stuff. The platform itself inspired many, which is much more important than it being some sort of special hardware.
Balderdash!