Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
john_strinlai 3 hours ago

you are definitely correct that it is potentially a big deal because it breaks expectation around network segmentation and isolation

however, most people will read "breaks wi-fi encryption" and assume that it means that someone can launch this attack while wardriving, which they cant.

ProllyInfamous 3 hours ago | parent [-]

>assume that it means that someone can launch this attack while wardriving, which they cant.

As a former wardriver (¡WEPlol!), it only makes this more difficult. In my US city every home/business has a fiber/copper switch, usually outside. A screw-driver and you're in.

Granted, this now becomes a physical attack (only for initial access) — but still viable.

----

>the next step is to put [AirSnitch] into historical context and assess how big a threat it poses in the real world. In some respects, it resembles the 2007 PTW attack ... that completely and immediately broke WEP, leaving Wi-Fi users everywhere with no means to protect themselves against nearby adversaries. For now, client isolation is similarly defeated—almost completely and overnight—with no immediate remedy available.

----

I think the article's main point is that so many places have similarly-such-unsecured plug-in points. Perhaps even a user was authorized for one WiFi network segment, and is already "in" — bless this digital mess!

tmp10423288442 2 hours ago | parent | next [-]

You have a modem that you can attach to those switches? They’re completely unauthenticated?

ProllyInfamous an hour ago | parent [-]

Both, yes. Physical hardware isolation.

----

As a funny personal anecdote, my brother is a state judge. His most personal thoughts & correspondances are crafted upon typewriters (mine as well). He isn't officially allowed to just use any phone/computer/network. He is a "high value target" [0],

My personal attorney still doesn't use "the cloud" for client documents (which is respectable) — has local servers, mostly offline. No typewriter, though =P

----

I'm just an electrician.

[0] Does it bother anybody else that Pam Bondi has reports specifically of which documents each congressman reviewed (photographed by AP, during recent testimony)?

3 hours ago | parent | prev [-]
[deleted]