Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
AI Open Source The Internet

'Pwnagotchi' Is the Open Source Handheld That Eats Wi-Fi Handshakes (vice.com) 29

Ever wondered what would manifest if you mixed 1990s nostalgia with a clever name and some futuristic hacking tech? The answer is the Pwnagotchi: a DIY, open source gadget for hacking Wi-Fi that gets smarter the more networks it gets exposed to using machine learning. From a report: It also has an adorable interface that reflects different "moods" depending on what it's doing, and echoes the Tamagotchi digital pets of the 90s. The idea is for its user to take it around the city and "feed" it with Wi-Fi handshakes, the process that allows phones or laptops to communicate with other wireless devices like a router or a smart TV. In theory, these handshakes can then be cracked to reveal the Wi-Fi network's password, which would be useful if the Pwnagotchi user wanted to hack into the Wi-Fi network at a later time. Hackers, of course, love it. The software for the Pwnagotchi was publicly released on September 19. Barely a month later, and with little promotion other than on Twitter, there's already an enthusiastic community of hundreds of security researchers and hackers all over the world who are playing with it, modding it, writing plugins to improve it, and helping each other out on a Slack channel.
This discussion has been archived. No new comments can be posted.

'Pwnagotchi' Is the Open Source Handheld That Eats Wi-Fi Handshakes

Comments Filter:
  • by Anonymous Coward
    It seems like a new generation is discovering that war driving/walking/biking can be a fun way to get to know your neighborhood. At the very least you learn who cares enough to personalize their SSID.

    The last time I tried to go warbiking was with a raspberry pi b (not plus) and it hard a hard time keeping kismet refreshed. I think if I were just running a filtered package capture instead of the whole interface, it might have had better results.
  • Seems you could write an app to do the same thing. Be interesting to leave it running as I go about my day, then at night see how many handshakes I gathered. Especially when they add the feature that lets my phone force another device to disconnect, so my phone can then gather the handshake when the other device reconnects.
    • Phones are not open platforms. The corporations that own the platforms would not allow such an app on their network. Why do people insist on using closed platforms?

      • My bad. Been running Linux for so long I forgot not everyone can run stuff like aircrack.
  • Hardwired is more secure. Cable comes into house, plug into router, plug into machine. Done. No fiddling with passwords or keys, no worries about your cheap, lazy neighbor bugging you to use your connection. Nor do you have to worry about your signal dropping off.

    Simple. Neat. Clean.

    • by Pascoea ( 968200 )

      no worries about your cheap, lazy neighbor bugging you to use your connection. Nor do you have to worry about your signal dropping off.

      I haven't had either of those problems.

      Cable comes into house, plug into router, plug into machine.

      Run wires all throughout house to any device you'd like to get Internet access to. Entering a wifi key seems a lot easier.

      Hardwired is more secure.

      Nobody gives enough of a crap what you are doing on your home network to try and break into it.

    • "Hardwired is more secure." True, but most |-|/\{{5 are done through net accessable exploits, and malware "Cable comes into house, plug into router, plug into machine. Done. No fiddling with passwords or keys, no worries about your cheap, lazy neighbor bugging you to use your connection." You have a door, right? Close it. "Nor do you have to worry about your signal dropping off" Normally, it's not a problem in a modest size house or having people living really close to you shitting all over the Wi-Fi
    • by tepples ( 727027 )

      I'm interested in how you'd solve these:
      1. Any tips for convincing a landlord to allow modifying the wiring in the walls of a rented house or apartment?
      2. Which Ethernet adapter do you recommend for use with a tablet or smartphone in order to use your house's wired network instead of more expensive cellular?

      • by Agripa ( 139780 )

        1. Any tips for convincing a landlord to allow modifying the wiring in the walls of a rented house or apartment?

        Encourage the landlord to reconsider by operating a WiFi jammer.

  • by TFlan91 ( 2615727 )

    So they put aircrack ng on a pi with a dongle and hooked it up to a battery?

    I did that years ago, and there's dozens of tutorials on doing it yourself with a simple google search. /yawn

    I think the real story here is that people STILL don't decently secure their WiFi

  • This reads like one of those dotcom bubble business model jokes.

    Step two is the ONLY important step here!

  • ...and illegal. Hacking into networks, even if they are only protected with lazy ass passwords, is also very illegal. Just because the device is cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. Think twice before getting a criminal record for the lulz.
    • ...and illegal. Hacking into networks, even if they are only protected with lazy ass passwords, is also very illegal. Just because the device is cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. Think twice before getting a criminal record for the lulz.

      This doesn't hack anything. It's a wardriving stack that only captures packets, apparently by trying to learn the most efficient way to capture handshakes.

      • Well, there's this in the FAQ: "Just how politely does Pwnagotchi deauth?" Just because it's cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. It's not just passively wardriving. It disconnects (deauths) clients from their access points to record the handshake when they reconnect. That's where this device crosses the line even without any 3rd party plugins. You have been warned.
        • Well, there's this in the FAQ: "Just how politely does Pwnagotchi deauth?" Just because it's cute doesn't mean you're not in violation of the Computer Fraud and Abuse Act. It's not just passively wardriving. It disconnects (deauths) clients from their access points to record the handshake when they reconnect. That's where this device crosses the line even without any 3rd party plugins. You have been warned.

          Hmm. I thought it was only passively picking them up but it appears to have optional (default?) deauths. It makes sense--you'd never get enough handshakes otherwise. Well, this is the kind of thing that doesn't worry me other than it puts an unnecessary spotlight on legitimate research, and so should not be promoted to a wide audience. A simple shell script could cause far more disruption and would be much easier to set up.

    • by tepples ( 727027 )

      I doubt there's danger of causing much of a DoS attack. From the featured article:

      In fact, the tool is designed to limit itself not to cause any denial of service on the devices it collects handshakes from, according to Margaritelli.

      Or was it also considered a DoS attack to post a link to a website on the front page of Slashdot?

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...