Wireless-ul, un risc imens de securitate



Autor: John Cohen


Cu totii ne bucuram atunci cand reusim sa scapam de cabluri pentru a ne facem casele sa fie din ce in ce mai autonome, astfel incat totul sa fie conectat la internet. Vrem sa avem frigidere, care sa ne comande alimentele necesare. Vrem sa avem gadget-uri care sa fie actionate prin comanda verbala. Vrem sa ne facem viata foarte usoara, astfel incat automatizarile sa ne faca toata munca manuala. Chiar si lumina, o dorim actionata prin batai de palme si nu numai.... Televizoarele sa apara din locasul ascuns, atunci cand senzorii simt prezenta stapanului in casa. Cu toate acestea, nu ne gandim ca, desi casa devine mai "smart", introducem inamicul in casa. Nu-i asa?! Routerele wireless pe care le avem sunt si ele niste dispozitive care functioneaza cu un sistem de operare pe baza de Linux. Ele sunt necesare, deoarece ofera internet laptop-urilor, televizoarelor si altor dispozitive pe care le mai avem in casa, precum aer conditionat, frigider, instalatie electrica, incalzire etc., fara a folosi un cablu care sa se conecteze la toate aceste dispozitive electronice. Routerele au 2 sisteme de criptare a informatiei tranzitate. WPA si WPA2. Asta inseamna ca, intr-un mod automat, toata informatia utilizata de laptopuri, de telefoanele mobile, este criptata de catre router prin acesti doi algoritmi. Comunicarea wireless a dispozitivelor este realizata printr-un `punct de access`(AP), care este practic router-ul nostru si un `Client`, adica dispozitivele care au nevoie de internet (telefoane, tablete, laptop-uri, frigidere, televizoare etc.) Cele doua dispozitive `(AP si Client)` pentru a se conecta si a face schimb de informatii digitale, trebuie sa schimbe o cheie, care este hashuita `(hash key)`. Acea cheie este insasi parola de la reteaua noastra wireless, care nu este facuta vizibila in format text ci e hashuita tocmai pentru a nu fi vizibila atacatorilor. Este un mic nivel de protectie. De fiecare data cand se conecteaza, trebuie sa comunice cheia (OK!), iar cand se deconecteaza trebuie sa o comunice la fel `(NOT OK!!)`. De ce? Fiindca, un atacator asteapta in mijlocul conversatiei celor doua dispozitive, poate sa para el ca este AP sau Client, iar routerul sa creada ca el este Clientul `( ceea ce nu este)`, ori Clientul sa creada ca el este router-ul. Printr-o comanda simpla de deconectare, poate sa deconecteze conversatia lor, iar cele doua dispozitive sunt obligate sa se re-conecteze. In acel moment de re-conectare, atacatorul colecteaza acea "cheie", care este practic parola de conectare la retea. In prima instanta, va primi parola hashuita, pe care o va putea decoda cu un proces de tip -BruteForce, analizand-o cu ajutorul unei liste de parole furate. Ati vazut recent ca unele site-uri au pierdut parolele utilizatorilor. Multi dintre noi folosim aceleasi parole, fiindca este mult mai simplu sa le salvam in mintea noastra, insa, in acelasi mod, ele sunt vulnerabile in fata unor persoane, care au intentii rele! Ceea ce v-am enumerat mai sus, poate fi considerat a fi contra-atacat prin utilizarea unei parole foarte complicate si mai lungi. In general, cu cat parola este mai lunga, cu atat mai mult vor avea nevoie de o putere computationala mai mare pt a va sparge parola. Tineti minte ca ruterele care sunt si ele niste mici computere (mai mici, ce-i drept), care ruleaza pe Linux, pot fi si ele transformate, cu usurinta, in ceea ce se numeste in literatura de specialitate "rogue device", adica dispozitiv necinstit. Daca deschideti o fereastra de terminal si tastati comanda `netstat -an`, care va arata toate conexiunile, ip-urile active care sunt conectate la laptop-ul Dumneavoastra, atunci veti avea o mica surpriza cand veti vedea niste IP-uri ciudate, care sunt geolocalizate in mijlocul unui lac. <br><br> <img src="https://preview.ibb.co/fY4MVq/p1.png" alt="p1" class="img-fluid"> <img src="https://image.ibb.co/kuTZGV/Screenshot-2018-10-29-at-13-49-07.png" alt="7" class="img-fluid"> <br><br> In speranta ca va veti schimba parolele la router-ele wireless, astfel incat parolele simple, precum zile de nastere sa devina siruri de caractere aleatori, urmate de majuscule si alte semne, ca de exemplu semnul intrebarii/ exclamarii, va las in plina siguranta, cu datele personale protejate, pana la urmatorul articol.


Share on Facebook Share on Linkedin

COHEN INVESTIGATIONS AGENCY SRL
Ilfov, Romania
Telefon: 0771.060.860.    
Site: www.cohen.ro 
Email: [email protected]

#detectivparticular #pi #romania #bucuresti #investigatii #it #cybersecurity #detectiv #detectivi #politia #police #inselaciuni #verificari #siguranta #incredere #iubit #iubita #iubire #security #homeprotection #protection #tscm #facialrecognition #recunoasterefaciala #soft #phishing #scams #chatboot #pi #robot #malitious #html #car #carrecognition #bucharest #bucuresti #nato #wearenato #heroku #development #nato #security #cybersecurity #wireless #pentestings #penetrationtesting #personrecognition #indivizi #recunoasterepersoane #video #searex #privatesearch #internet

Pictures Copyright Pozele acestui articol au fost luate de pe site-ul www.pexels.com, site care ofera gratis spre uz personal si comercial aceste poze. --- [All photos on Pexels can be used for free for commercial and noncommercial use](https://www.pexels.com/photo-license)

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Our Company will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only! Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator nor Our Company is responsible for the comments posted on this website.

Any linked sites are not under the control of author or Our Company and the author or Our Company is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. We are providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us.

In any site as large as ours that deals with so many controversial topics and skills, it has become necessary to address a few incidents and implement a user terms and services agreement. We want to provide a free, safe and legal training environment to the users of this site.


Our Aim

Our Company : This website will help you gain entry into the minds of seasoned computer criminals, so that you can forestall their attempts and you will be hence well equipped to detect the ways in which hackers can infiltrate your system.

Your usage of this website constitutes your agreement to the following terms.

  1. All the information provided on this site are for educational purposes only. The site is no way responsible for any misuse of the information.
  2. Our Company is a site related to Private Investigation and not a site that promotes hacking /cracking / software piracy.
  3. This site is totally meant for providing information on "Private Investigation", “Computer Security”, “Computer Programming” and other related topics and is no way related towards the terms “CRACKING” or“HACKING” (Unethical).
  4. Few articles (posts) on this site may contain the information related to “Hacking Passwords” or“Hacking Email Accounts” (Or Similar terms). These are not the GUIDES of Hacking. They only provide information about the legal ways of retrieving the passwords. You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing these attempts (without permission) on computers that you do not own is illegal.
  5. The virus creation section on this site provides demonstration on coding simple viruses using high level programming languages. These viruses are simple ones and cause no serious damage to the computer. However we strongly insist that these information shall only be used to expand programming knowledge and not for causing malicious attacks.
  6. All the information on this site are meant for developing Defense attitude among the users and help preventing the hack attacks. Our Company insists that these information shall not be used for causing any kind of damage directly or indirectly. However you may try these codes on your own computer at your own risk.
  7. The word “Hack” or “Hacking” that is used on this site shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively.
  8. We believe only in White Hat Hacking. On the other hand we condemn Black Hat Hacking.
  9. Some of the tricks provided by us may no longer work due to fixture in the bugs that enabled the exploits. We are not responsible for any direct or indirect damage caused due to the usage of the hacks provided on this site.
  10. We reserve the right to modify the Disclaimer at any time without notice.
  11. We are not the vendors of any products (software, books etc.) that we recommend on our website in the PRODUCTS section and other selected posts/articles. Hence we do not have any liability related to the products recommend by us. It is the responsibility of the buyers to contact the respective vendors for any queries related to the products.