In this post, I demonstrate a Denial of Service Attack that can be targeted towards any WiFi IoT device. In this case, I use a WiFi camera (TPLink's NC200 Camera) and show how easy it is to bring-it down and stop video streaming. Not just the WiFi Camera, using this attack, one can bring-down any WiFi IoT device like Baby Monitor, Sprinkler, Motions Detectors, Fire Alarms etc.
There can be many Denial of Service Attacks on WiFi protocol. For this demo, I show De-authentication attack on a WiFi Camera. These attacks are very easy to generate and hence easy to bring-down the network. You don't need to know the Key / Password of the targeted WiFi Router.
Most of the IoT devices come with a provision to monitor them remotely on your mobile using an app. With this kind of attacks, forget about receiving the IoT alerts remotely on your mobile app, you will not get alerts even if you are connected directly to the targeted WiFi Network.
Note: It is illegal to attack WiFi Networks. This post is for demonstration purpose and to make people aware of the attacks.
The setup is as follows.
A WiFi Router running OpenWRT's firmware.
TPLink's NC200 WiFi Camera is connected to the Router and streaming works perfectly fine.
Another OpenWRT Router to generate the Denial of Service Attacks. You need to install mdk3 onto this Router. Lets call this Attacker Router. In fact, you can use any Linux Laptop too for this. It does n't need to be a Router. Usage of OpenWRT Router is my personal choice.
The attack generation is very simple, as explained below.
As a first step, you need to identify the targeted AP's / Router's MAC Address.
Goto Attacker Router's command prompt and and copy the Router's MAC into a temporary file ie echo E4:95:6E:42:00:0A > /tmp/black.txt
Create monitor interface and issue the commands as shown below.
iw phy phy0 interface add mon0 type monitor
ifconfig mon0 up
mdk3 mon0 d -b /tmp/black.txt -c 6
Thats it.. The above command de-authenticates all the connected clients from the targeted Router. The attack happens in such a way that the clients will not get any breathing space to do any meaningful data transmissions or receptions.
We use TP-Link's NC200 camera for this. Demo Video is shown below. I have captured a rotating ceiling FAN to show a meaningful demo. Before the attack is generated, you can see that FAN rotation is captured nicely. The moment the attack is generated (mdk3 command is given), streaming stops and you can see this as if the FAN is switched-off.
It is as simple as that to bring down any IOT device or in fact the complete Network. Can't image the consequences though. Do we have products / solutions to detect or prevent this in IoT space? I know there are some enterprise grade solutions from companies like Mojo to detect (or mitigate some) some of these attacks.
I have been waiting for a FREE weekend for a long time to install Surveillance Cameras in our Apartment complex.After many "working' weekends, I have got FREE weekend in last week. Having known the differences between Analog and IP Cameras, I definitely want to install IP Cameras. But it involves a lot of wiring and again as a WiFi guy, I explored WiFi Cameras. We did a site-survey and finally concluded that we need 8 cameras.
Personally I love to install networking devices at customer's places. Fortunately I have got multiple chances right from college days where I tested my master's thesis on a live long-distance WiFi Link testbed in Kanpur and also got an opportunity to do a site-survey and install a relatively big Outdoor-WiFi testbed in Detroit, USA. Now its time to install Wireless Cameras.
Given the area of the premises, I know, one Router cannot cover the entire premises. But again, I don't want to use any Cables. So, an alternative is to use a Mesh Network as backhaul to which all the WiFi cameras will connect to. Fortunately it is not an issue for me. I have developed multiple mesh solutions in the past and BANA is the most economical solution. So, BANA is a trivial choice. Please check: http://www.nearhop.com
Here is the cute little Router sleeping like lizard on the ceiling.
We have already decided on placement of Cameras. We have to decide on the placement of Routers. I thought to use 3 Routers to cover the entire premises. But after a little effort on Site-Survey, I find that two Routers could cover the entire premises. One Root device and one Repeater are sufficient. We have connected the NVR to the Root. The distance between Root and Repeater is around 25 meters with a big cement wall
Powering the Cameras and Routers
You can't avoid one thing, whether your surveillance system is wired or wireless. That is Power supply. So we have added some plug points and it needs some wiring. But it is very little and not a big issue.
So, now we have the power supply, Cameras and Routers. All set. I have configured the Routers and Cameras before installing them.
All the cameras are live in the first attempt itself. Four cameras have connected to Root and the other four connected with the Repeater.
I have waited for 4 days to see if things are stable. The system seems to be running smoothly and quality is good. I will try to post some snapshots in some other post.
As per Zmodo, each camera needs a bandwidth of 1Mbps. So for 8 cameras we need 8Mbps of effective throughput in the Mesh network. 8Mbps of throughput in a mesh network is not a big deal for this mesh network.This Mesh network easily pulls-off this and quality is really good. I will try to post the videos very soon.
Hardware and Softwae
The mesh network in this case is running on very ordinary Routers with a single 2.4Ghz Radio configured in 20Mhz (Do we really get 40Mhz channels in 2.4Ghz). It has 64MB of RAM and runs on MediaTek's processor MT7620N. Firmware is based on heavily modified OpenWRT and uses a proprietary Mesh Network protocol.
Point#1, To deploy WiFi cameras on large scale, one needs to do an RF-survey. Point#2, you don't need a high-end expensive mesh products even for bandwidth sensitive applications like video streaming.
Reaching FUP limit is a nightmare :). But you can plan and use your bandwidth effectively if you know the amount of data that you (and other devices in your Network) consume every day / week / month. Using BANA's UI you can know how much data is consumed everyday / week / month. You also can know which device eats up data.
Copying a screenshot of the data usage.
Check our website, http://www.nearhop.com or read more posts on this blog to explore more features. Or shoot an email to us, firstname.lastname@example.org
Using BANA's Android app, you can see the list of Connected Clients in your Network. You can see the list from anywhere. Say if you are in office and want to see who all are connected to your home Network...
Open Ports make the clients (Laptop, Mobile etc) devices vulnerable to cyber attacks. It would be good to know the opened ports and take appropriate action like killing an application or removing an app etc.
BANA helps you to find the open ports on your Laptops, Tablets and Mobile Phones using an easy to use interface. Copying the screenshot below. . There are a maximum of 65536 ports that a system can have. You can choose the number of ports to scan using BANA's UI.