Útok na WiFi síť s využitím ESP32/8266 / WiFi Attacks Using ESP32/8266

Stehlík, Richard

January 2021

The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.

Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följder

Bakhshiyeva, Afruz, Berefelt, Gabriel

January 2022

Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar.

Connected vehicle

hacking

pentest

eavesdropping

security

Tesla Model 3

Volvo XC40

MG Marvel R

automotive cybersecurity

interception attacks

passive attacks

wireless attacks

Wi-Fi attacks

attack surface

relay attack

port scan

man-in-the-middle attack

Uppkopplade fordon

hacking

avlyssning

säkerhet

Tesla Model 3

Volvo XC40

MG Marvel R

fordonscybersäkerhet

avlyssningsattacker

passiva attacker

trådlösa attacker

Wi-Fi-attacker

attackyta

relä-attack

port-skanning

mannen-i-mitten attack

Computer Sciences

Datavetenskap (datalogi)