COLUMNS

Home
Consoles
Games
HardWare
LimeLight
Security
SoftBox
Search..
 

   FEATURES

Tech News
Virus Alerts
 

   GARNISH

Free Stuff
Fun Stuff
Customise
 

    LINKS

RJL Home
Portfolio
DocType
 

   CONTACT

General
Advertising
 

 Server time:
 9:45:32 PM



US Map


 

 
 Security
 The ins and outs of computer security

WiFi VOIP Pranks
We look at some great practical jokes for WiFi and Voice over IP

Image

Ever since the WEP (RSA4) encryption cipher was leaked to the public and subsequently cracked by the eminent guru's Scott Fluhrer, Adi Shamir and Itzik Mantin back in 2001 there has been a bit of a shadow over the RSA4 cipher also known as Wired Equivalency Privacy scheme.

The fact that the FBI demonstrated that they too had the know-how in 2005 meant that even the good guys were telling you to stay away from it. Now you would think that this would be enough to hint at the fact the the cipher was about as good as wrapping a banana peel around your door handle - That's to say that it might be a little slippery but most burglars or even ten year old kids (but not the kids that live in my street as they seem content on decorating the place with their own names) could in fact gain access to all your private bits n pieces.

Oh sure the best defence against unwanted visitors is to open your doors and say "hey c'mon in guys, there's nothing here of value, but grab a seat and take a load off." Sure you might not attract the most high powered hackers with stories of your web browsing habits but you'll sure as hell attract all sorts of bums, script-kiddies and other wannabe hackers that have a day off from school, work, university or the dole.

When the CDC (that's cult of the dead cow) demonstrated their latest nastie at Defcon 12 the alarm bells should have been ringing. These crazy guys cooked up a Linux notebook with two wireless cards and a small script in between that pretty much spells doom for the concept of wireless networking as we know it.

ImageYou see they managed to work out a way to inject traffic into your wireless data (go switch your wireless access point off right now, I hear the distant thunder of war drivers). Now this cute little program could intercept a request, say for a google search and inject whatever nasties the attacker had cooked up that night into the reply from your accees point. It still looks as though your're simply viewing the google website, but the attacker is able to insert extra malicious code into the reply. This is done by eavesdropping on the communications between the access point and the computer. The atacking computer reads the TCP sequence number from the traffic it sees and then forulates reply packets with the correct sequence numbers and then transmits. Your pc will read the packet because the sequence number is valid.

This could mean receving viruses and trojans inserted into any web page you looked at via a wireless connection. No longer would a malicious website operator have to attract you to their web pages to execute script is your browser.  The attacker can choose which data you receive on the fly. Whilst the CDC app was only a proof of concept the program could be coupled with a WEP or WPA cracking algorithim to gain access to secured networks

This means that the next time you do a search for "roses" you could receive the search results from a search for "poo". Worse than this, if said war drivers were very mean they could send you the search results from something illegal. And that's that, you're logged as having requested that information from your computer.

It's not just web browsing traffic that is prone to attack from this technique. Pretty much any program that you use to access the internet with could be messed with for fun or for profit. This could include injecting viruses into downloads, RSS news feeds, FTP downloads and even VOIP. Using this technique against a wireless voip user could be devilishly annoying if used in the right situations.

So with that in mind what sort of foul play one could get up to with a bit of spare time and access to your VOIP via your WiFi accsspoint?

The Genuine Internet Crossed Call
Tell the people on the line that you are in Fiji and your phone won't stop ringing, tell them they have a virus or something and demand they hang up. Roll around laughing while they ring their ISP to report a network crossed call!

The Woopie Call
Intercept a wireless Voice-over-IP (VOIP) telephone call and play wave samples of burps and farts down the phone line. This will have you in hysterics as the people on the call blame each other for their flatulence.

The Touret Telephone
Simply intercept a VOIP telephone call and inject wav samples of continuous swearing. The VOIP clients will endeavour to hang-up and redial suspecting some kind of internet crossed call but it will not help one bit.
 
The Spam Phone
Hey Spammers! Want to spam people's telephones this could be the next big one, you could play adds down the phone line till people buy your damn Viagra to make you shut up.

The I'm-sorry-dave-I'm-afraid-I-can't-do-that call
Grab all your favourite sci-fi wav samples and inject them into the phone line. The callers will think their computers are having a discussion at the same time!

The Binary Baloney
Simply mutter "zero one zero zero one zero one one"  the entire time they're on the phone, the poor suckers will think there's something wrong with their voip telephony yep that banging sound is them smacking their router...

Anyway, we're interested to hear other suggestions of fun things to do with wireless access points, so if anyone out there has come up with something hilarious, please let us know by adding a comment below.

Software Links for more information:

Article Comments / Talkback Add Your Comments
Be the first to write a comment

Your Comments
Your Name:
Comments:
Please note: Your comment may take up to a day to appear on this website as all comments are checked for relevance and profanities.
Verification Code:
ASP CAPTCHA Generator
(required)
Please type the number displayed above in the textbox.
This helps us distinguish between real people and spam bots

 
 Security
 The ins and outs of computer security

Zoneminder
Make your own dedicated video security monitor

Perth's own Y2K
Western Australia is introducing Daylight savings, but are the computers ready for it?

Webcam Computer surveillance
Make your pc into a fully functional security monitoring system for virtually no money

SPIT - Spam over Internet Telephony
You probably know what spam is but what about it's cousins spim and spit?

WiFi VOIP Pranks
We look at some great practical jokes for WiFi and Voice over IP

Find more information on Google

Google
Web www.rjl.com.au

 


Get our Feed

Home      Back
 
 (c) 1999-2005 RJL DEVELOPMENT Privacy Statement | Compatibility  http://www.rjl.com.au/marketplace