Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Presenters Attacked Using an Arduino

Posted by Soulskill on from the watch-out-steve dept.

An anonymous reader writes "This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to get remote code execution by sending arbitrary keystrokes to the presenter dongle. He has now released the code and made a blog post explaining how it all works. Better watch out the next time you're giving a presentation using one of these devices!"

12 of 69 comments (clear)

  1. hmmm.... by girlintraining · · Score: 5, Funny

    Useful for:

    * Corporate espionage
    * Screwing with professors at school
    * Pissing off Steve Jobs.

    We all know which one's most likely.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:hmmm.... by Dragoniz3r · · Score: 4, Funny

      I guess we all know what Gizmodo will be doing at the next major conference.

  2. Re:Microcontroller, not Arduino by marcansoft · · Score: 4, Informative

    Strictly speaking, Arduinos aren't microcontrollers. They're a popular hobbyist embedded platform based around the Atmel AVR microcontroller family. Much like Dells are a particular brand of computer based around x86 architecture microprocessors.

    But yes, "Arduino this", "Arduino that" gets tiring after a while. Arduinos have a huge following, but there are zillions of alternatives of all shapes and sizes (many of them better in many ways). There's nothing Arduino-specific about this hack.

  3. This is why standard protocols help by Anonymous Coward · · Score: 5, Insightful

    While Bluetooth certainly has its issues and took a while to address all the early security concerns, I really wish wireless device creators would stop rolling their own protocols. With limited engineering, they are almost certainly guaranteed to do it badly. As of Bluetooth 2.1, all communication aside from service discovery is encrypted. There are still pairing exploits and implementation defects, but at least they have the core idea right. In order to monkey with a Bluetooth presentation remote, you would have to (a) discover the shared key during the speakers presentation, (b) convince the presenter to redo pairing prior to speaking and somehow get them to pair with your evil device instead (has a Bluetooth man-in-the-middle attack been tried yet?), or (c) give up and settle for just jamming the communication, causing a whopping 30 seconds of confusion. If you design a wireless protocol now without over-the-air encryption, you are doing it wrong.

    1. Re:This is why standard protocols help by mc6809e · · Score: 4, Insightful

      While Bluetooth certainly has its issues and took a while to address all the early security concerns, I really wish wireless device creators would stop rolling their own protocols.

      Yeah, but then the maker would have to licence the technology and that adds cost. The chip used in the device doesn't come with Bluetooth. It's a very simple chip.

      I suspect that the problem here is that the engineer just didn't think about security.

    2. Re:This is why standard protocols help by DeadCatX2 · · Score: 4, Informative

      Whereas your average Arduino board is about $20-30 or so, an Arduino board with Bluetooth costs about $150.

      http://www.sparkfun.com/commerce/tutorial_info.php?tutorials_id=148

      Yes, Bluetooth is that expensive. The ArduinoBT board uses an off-the-shelf BlueGiga WT11. Newark sells those for about $60.

      http://www.newark.com/bluegiga/wt11-a-ai/class-1-bluetooth-2-0-edr-module/dp/15P4005

      Mind you, this is a Class 1 (i.e. long range) transmitter, using BT 2.0 and not BT 2.1. Compare this to a standard RF transmitter and receiver, which is a couple bucks per chip...

      --
      :(){ :|:& };:
    3. Re:This is why standard protocols help by DeadCatX2 · · Score: 3, Informative

      Do you mean the Bluetooth USB modules used to add Bluetooth support to a PC that doesn't have it? Unfortunately, an embedded system doesn't have a desktop-class processor to run the Bluetooth stack.

      Oh, and those el-cheap-o Bluetooth modules you're suggesting are probably very out-dated, which is why they're so cheap. That $3 module probably cost more when it was less than a year old and they weren't trying to dump the inventory that they can't sell at a higher price...

      --
      :(){ :|:& };:
  4. Re:Hacking by Anonymous Coward · · Score: 3, Informative

    Did you rta? He demoed getting a Metasploit payload on the system

  5. Re:Microcontroller, not Arduino by iksbob · · Score: 3, Informative

    While strictly true (once you attach a microcontroller chip to a PCB board, it's no longer just a microcontroller), there isn't much to an Arduino board aside from the controller. Most include some basic power management and a USB-to-serial chip for programming and comms, but those are just common features rather than requirements to be considered an Arduino. IMO, what defines an Arduino is its software package... Or is that what you were getting at? ^_^

  6. Better attack by FooAtWFU · · Score: 3, Funny

    You could implement a better attack by just throwing Arduinos at the presenter.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  7. RTFA? by WD · · Score: 4, Informative

    It's clear that you and the moderators haven't bothered to actually read the article. The research and tools used for the attack were non-trivial, and the impact is remote code execution.

  8. Re:TV / VCR Remote in class by fuzzyfuzzyfungus · · Score: 3, Insightful

    In many of these cases the little proprietary receiver dongle accepts arbitrary keystrokes, not just the ones that the remote has buttons for, because it is exactly the same item as the one being sold(under that brand, or one or more others) in a package with a wireless keyboard and often a mouse as well. Some kits come with everything in one box, receiver, keyboard, mouse, little powerpoint clicker widget.

    In other cases, I imagine, the engineer in charge of knocking together the receiver unit (correctly) realized that implementing a general-purpose system for taking arbitrary keycodes encapsulated in whatever the proprietary RF protocol is and dumping them to the host system just like any USB HID device wouldn't be much harder than implementing just the 6 keycodes found on revision 1 of Product X and would save him from having to do it again when revision 1.1 adds another couple of buttons, and revision 2.0 has to have a special button for the ribbon interface, or whatever it happens to be.