Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Presenters Attacked Using an Arduino

Posted by Soulskill on from the watch-out-steve dept.

An anonymous reader writes "This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to get remote code execution by sending arbitrary keystrokes to the presenter dongle. He has now released the code and made a blog post explaining how it all works. Better watch out the next time you're giving a presentation using one of these devices!"

2 of 69 comments (clear)

  1. hmmm.... by girlintraining · · Score: 5, Funny

    Useful for:

    * Corporate espionage
    * Screwing with professors at school
    * Pissing off Steve Jobs.

    We all know which one's most likely.

    --
    #fuckbeta #iamslashdot #dicemustdie
  2. This is why standard protocols help by Anonymous Coward · · Score: 5, Insightful

    While Bluetooth certainly has its issues and took a while to address all the early security concerns, I really wish wireless device creators would stop rolling their own protocols. With limited engineering, they are almost certainly guaranteed to do it badly. As of Bluetooth 2.1, all communication aside from service discovery is encrypted. There are still pairing exploits and implementation defects, but at least they have the core idea right. In order to monkey with a Bluetooth presentation remote, you would have to (a) discover the shared key during the speakers presentation, (b) convince the presenter to redo pairing prior to speaking and somehow get them to pair with your evil device instead (has a Bluetooth man-in-the-middle attack been tried yet?), or (c) give up and settle for just jamming the communication, causing a whopping 30 seconds of confusion. If you design a wireless protocol now without over-the-air encryption, you are doing it wrong.