'Pwnagotchi' Is the Open Source Handheld That Eats Wi-Fi Handshakes (vice.com) 29
Ever wondered what would manifest if you mixed 1990s nostalgia with a clever name and some futuristic hacking tech? The answer is the Pwnagotchi: a DIY, open source gadget for hacking Wi-Fi that gets smarter the more networks it gets exposed to using machine learning. From a report: It also has an adorable interface that reflects different "moods" depending on what it's doing, and echoes the Tamagotchi digital pets of the 90s. The idea is for its user to take it around the city and "feed" it with Wi-Fi handshakes, the process that allows phones or laptops to communicate with other wireless devices like a router or a smart TV. In theory, these handshakes can then be cracked to reveal the Wi-Fi network's password, which would be useful if the Pwnagotchi user wanted to hack into the Wi-Fi network at a later time. Hackers, of course, love it. The software for the Pwnagotchi was publicly released on September 19. Barely a month later, and with little promotion other than on Twitter, there's already an enthusiastic community of hundreds of security researchers and hackers all over the world who are playing with it, modding it, writing plugins to improve it, and helping each other out on a Slack channel.
Wardriving cuteified (Score:1)
The last time I tried to go warbiking was with a raspberry pi b (not plus) and it hard a hard time keeping kismet refreshed. I think if I were just running a filtered package capture instead of the whole interface, it might have had better results.
Why use a Pi? (Score:2)
Re: (Score:3)
Phones are not open platforms. The corporations that own the platforms would not allow such an app on their network. Why do people insist on using closed platforms?
Re: (Score:2)
Thats nice. Android is not an open platform.
Re: (Score:1)
Yeah, but it's really really easy to run stuff on android that didn't come from google...
Re:Why use a Pi? (Score:4)
Re: (Score:3)
This is why I don't have wifi (Score:2)
Hardwired is more secure. Cable comes into house, plug into router, plug into machine. Done. No fiddling with passwords or keys, no worries about your cheap, lazy neighbor bugging you to use your connection. Nor do you have to worry about your signal dropping off.
Simple. Neat. Clean.
Re: (Score:2)
no worries about your cheap, lazy neighbor bugging you to use your connection. Nor do you have to worry about your signal dropping off.
I haven't had either of those problems.
Cable comes into house, plug into router, plug into machine.
Run wires all throughout house to any device you'd like to get Internet access to. Entering a wifi key seems a lot easier.
Hardwired is more secure.
Nobody gives enough of a crap what you are doing on your home network to try and break into it.
Re: This is why I don't have wifi (Score:2)
Re: This is why I don't have wifi (Score:2)
Re: (Score:3)
I'm interested in how you'd solve these:
1. Any tips for convincing a landlord to allow modifying the wiring in the walls of a rented house or apartment?
2. Which Ethernet adapter do you recommend for use with a tablet or smartphone in order to use your house's wired network instead of more expensive cellular?
Re: (Score:2)
1. Any tips for convincing a landlord to allow modifying the wiring in the walls of a rented house or apartment?
Encourage the landlord to reconsider by operating a WiFi jammer.
So (Score:2)
So they put aircrack ng on a pi with a dongle and hooked it up to a battery?
I did that years ago, and there's dozens of tutorials on doing it yourself with a simple google search. /yawn
I think the real story here is that people STILL don't decently secure their WiFi
Re: (Score:2)
I don't think this uses aircrack itself. It just is a collection device.
1. Wifi handshake; 2. ???; 3. HACKED (Score:2)
This reads like one of those dotcom bubble business model jokes.
Step two is the ONLY important step here!
Re: (Score:2)
Re: 1. Wifi handshake; 2. ???; 3. HACKED (Score:2)
Re: 1. Wifi handshake; 2. ???; 3. HACKED (Score:2)
This would work on the client too though. (Score:2)
You can just refuse to renegotiate on the client too.
Somebody could still DOS you, of course. But not get in a MITM situation.
Denial of Service Attacks are lame (Score:1)
Re: (Score:3)
...and illegal. Hacking into networks, even if they are only protected with lazy ass passwords, is also very illegal. Just because the device is cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. Think twice before getting a criminal record for the lulz.
This doesn't hack anything. It's a wardriving stack that only captures packets, apparently by trying to learn the most efficient way to capture handshakes.
Re: (Score:1)
Re: (Score:2)
Well, there's this in the FAQ: "Just how politely does Pwnagotchi deauth?" Just because it's cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. It's not just passively wardriving. It disconnects (deauths) clients from their access points to record the handshake when they reconnect. That's where this device crosses the line even without any 3rd party plugins. You have been warned.
Hmm. I thought it was only passively picking them up but it appears to have optional (default?) deauths. It makes sense--you'd never get enough handshakes otherwise. Well, this is the kind of thing that doesn't worry me other than it puts an unnecessary spotlight on legitimate research, and so should not be promoted to a wide audience. A simple shell script could cause far more disruption and would be much easier to set up.
Re: (Score:2)
I doubt there's danger of causing much of a DoS attack. From the featured article:
Or was it also considered a DoS attack to post a link to a website on the front page of Slashdot?
Re: (Score:2)
Will it break any sane laws, or just the one that has been mocked for decades?
I find your statement confusing. Is it possible for a legislature to pass sane laws?