Sunday, 10 December 2017

IoT Security: Denial of Service Attack

In this post, I  demonstrate  a Denial of Service Attack that can be targeted towards any WiFi IoT device. In this case, I use a WiFi camera (TPLink's NC200 Camera) and show how easy it is to bring-it down and stop video streaming.  Not just the WiFi Camera, using this attack, one can bring-down any WiFi IoT device like Baby Monitor, Sprinkler, Motions Detectors, Fire Alarms etc. 

There can be many Denial of Service Attacks on WiFi protocol.  For this demo, I show De-authentication attack on a WiFi Camera. These attacks are very easy to generate and hence easy to bring-down the network. You don't need to know the Key / Password of the targeted WiFi Router.  

Most of the IoT devices come with a provision to monitor them remotely on your mobile using an app. With this kind of attacks, forget about receiving the IoT  alerts remotely  on your mobile app, you will not get alerts even if you are connected directly to the targeted WiFi Network.

Note: It is illegal to attack WiFi Networks. This post is for demonstration purpose and to make people aware of the attacks. 

Setup

The setup is as follows. 
  • A WiFi Router running OpenWRT's firmware.
  • TPLink's NC200 WiFi Camera is connected to the Router and streaming works perfectly fine.
  • Another OpenWRT Router to generate the Denial of Service Attacks. You need to install mdk3 onto this Router.   Lets call this Attacker Router. In fact, you can use any Linux Laptop too for this. It does n't need to be a Router. Usage of OpenWRT Router is my personal choice.

Attack Generation


The attack generation is very simple, as explained below.
  • As a first step,  you need to identify  the targeted AP's / Router's MAC Address. 
  • Goto Attacker Router's command prompt and  and copy the Router's MAC  into a temporary file ie echo E4:95:6E:42:00:0A > /tmp/black.txt
  • Create monitor interface and  issue the commands as shown below.

iw phy phy0 interface add mon0 type monitor
ifconfig mon0 up
mdk3 mon0 d -b /tmp/black.txt  -c 6

Thats it..  The above command de-authenticates all the connected clients from the targeted Router. The attack happens in such a way that the clients will not get any breathing space to do any meaningful data transmissions or receptions. 

Demo

We use TP-Link's NC200 camera for this. Demo Video is shown below. I have captured a rotating ceiling FAN to show a meaningful demo. Before the attack is generated,  you can see that FAN rotation is captured nicely. The moment the attack is generated (mdk3 command is given), streaming stops and you can see this as if the FAN is switched-off.


IoT Security: A Myth from Venkat on Vimeo.



It is as simple as that to bring down any IOT device or in fact the complete Network. Can't image the consequences though. Do we have products / solutions to detect or prevent this in IoT space? I know there are some enterprise grade solutions from companies like Mojo to detect (or mitigate some) some of these attacks. 

Wednesday, 1 November 2017

Case Study: WiFi Surveillance Cameras on Wireless Mesh

I have been waiting for a FREE weekend for a long time to install Surveillance Cameras in our  Apartment complex.After many "working' weekends, I have got FREE weekend in last week. Having known the differences between Analog and IP Cameras, I definitely want to install IP Cameras. But it involves a lot of wiring and again as a WiFi guy, I explored  WiFi Cameras. We did a site-survey and finally concluded that we need 8 cameras.


Personally I love to install  networking devices at customer's places. Fortunately I have got multiple chances right from college days where I tested my master's thesis on a live long-distance WiFi Link testbed in Kanpur and also got an opportunity to do a site-survey and install a relatively big Outdoor-WiFi testbed in Detroit, USA.  Now its time to install Wireless Cameras.

Cameras

On some research on Internet, we have got this wonderful Wireless Surveillance  System from Zmodo.  It is a set of 8 WiFi cameras (4 Indoor and 4 Outdoor)  and NVR (which includes hard-disk too). It is available on Amazon.  https://www.amazon.com/Zmodo-Channel-Wireless-Security-Available/dp/B01N5Y7UI5/ref=sr_1_1_sspa?ie=UTF8&qid=1509528326&sr=8-1-spons&keywords=Zmodo+8+Channel+1080p+HDMI&psc=1 . One of my friends, Kiran Reddy shipped this product to me from USA.





Range Issues and Mesh Network 

Given the area of the premises, I know, one Router cannot cover the entire premises.  But again, I don't want to use any Cables. So, an alternative is to use a Mesh Network as backhaul to which all the WiFi cameras will connect to. Fortunately it is not an issue for me. I have developed multiple mesh solutions in the past and BANA is the most economical solution. So, BANA is a trivial choice.  Please check: http://www.nearhop.com

 Here is the cute little Router sleeping like lizard on the ceiling.





RF-Survey

We have already decided on placement of Cameras. We have to decide on the placement of Routers. I thought to use 3 Routers to cover the entire premises. But after a little effort on Site-Survey, I find that two Routers could cover the entire premises. One Root device and one Repeater are sufficient. We have connected the NVR to the Root. The distance between Root and Repeater is around 25 meters with a big cement wall 

Powering the Cameras and Routers

You can't avoid one thing, whether your surveillance system is wired or wireless. That is Power supply. So we have added some plug points and it needs some wiring. But it is very little and not a big issue. 

So, now we have the power supply, Cameras  and Routers. All set. I have configured the Routers and Cameras before installing them. 

All the cameras are live in the first attempt itself. Four cameras have connected to Root and the other four connected with the Repeater.

 I have waited for 4 days to see if things are stable. The system seems to be running smoothly and quality is good. I will try to post some snapshots in some other post.

Quality

As per Zmodo, each camera needs a bandwidth of 1Mbps. So for 8 cameras we need 8Mbps of effective throughput in the Mesh network. 8Mbps of throughput in a mesh network is not a big deal for this mesh network.This Mesh network easily pulls-off this and quality is really good.  I will try to post the videos very soon.

Hardware and Softwae

The mesh network in this case is running on very ordinary Routers with a single 2.4Ghz Radio configured in 20Mhz (Do we really get 40Mhz channels in 2.4Ghz). It has 64MB of RAM and runs on MediaTek's processor MT7620N. Firmware is based on heavily modified OpenWRT and uses a proprietary Mesh Network protocol.

Learning

Point#1, To deploy  WiFi cameras on large scale, one needs to do an RF-survey. Point#2, you don't need a high-end expensive mesh products even for bandwidth sensitive applications like video streaming.


Friday, 3 March 2017

WiFi Router vs WiFi Range Extender vs WiFi System

WiFi Access is one thing that people can't live without. Traditionally you need something called WiFi Router through which you can access Internet.

WiFi Routers have a range of around 30 meters. In case you need to access beyond this range, you need something called WiFi Repeater / WiFi Range Extender. 

WiFi Repeaters have some limitations though.  Some of them are enumerated below.

  • WiFi Repeaters are not that easy to configure
  • Sometimes they create a new Network
  • There might be some compatibility issues between multiple vendors


WiFi Systems address the above limitations. They are easy to configure. There will be exactly one WiFi network with a typical WiFi System and there will be smooth roaming for clients between Routers.


People started moving towards WiFi Systems from traditional WiFi Routers / WiFi Repeaters and next few years belong to WiFi Systems. 

Thursday, 2 February 2017

Data Usage History with BANA

Reaching FUP limit is a nightmare :). But you can plan and use your bandwidth effectively if you know the  amount of data  that you (and other devices in your Network) consume every day / week / month.  Using BANA's UI you can know how much data is consumed everyday / week / month. You also can know which device eats up  data. 

Copying a screenshot of the data usage. 

Check our website, http://www.nearhop.com or read more posts on this blog to explore more features. Or shoot an email to us, contact@nearhop.com




Connected Clients and their Bandwidth on BANA Router

Using BANA's Android app, you can see the list of Connected Clients in your Network. You can see the list from anywhere. Say if you are in office and want to see who all are connected to your home Network...

Copying a screenshot below


Port Scanning with BANA

Open Ports   make the clients  (Laptop, Mobile etc) devices vulnerable to cyber attacks. It would be good to know the opened ports and take appropriate action like killing an application or removing an app etc. 

BANA helps you to find the open ports on your Laptops, Tablets and Mobile Phones using an easy to use interface. Copying the screenshot below. . There are a maximum of 65536 ports that a system can have. You can choose the number of ports to scan using BANA's UI.