Blue Screen of DeAuth

Blue Screen of DeAuth

7th April 2020

No, that’s not a typo. I’m also not proud of myself but all I have for comfort is the ability to stream Taskmaster over a shocking broadband to calm a massive anxiety attack so I’m afraid my needs are greater than anyone else’s at this moment in time.

There are times when we’ve all got to cut costs and I thought it would be an interesting experiment to see how cheaply I could stay in London for a few days to attend a course. So I took to one of those price comparison sites and found “a bargain”. One of the reviews mentioned bed bugs. Others said it was overpriced. Another said it “smelled like milk”. Despite those, I booked and just got on with it, undeterred. It was cheap.

Now I’m not a snob when it comes to staying anywhere. So long as it is clean and it isn’t like the jungle floor in Belize, I’m usually happy. Opening the door, I was greeted with all mod cons - fridge, washer/dryer, microwave, oven, hob, kitchenette, digital tv, bed, loo, shower, HUGE wardrobe and a vaguely overwhelming fusty smell that stung the nostrils ever so slightly. Truly a bargain.

Anyway, day one of the course had been quite demanding so I thought a bit of telly would be an option. After fixing the seemingly unfixable and precariously dangling “aerial” by just fitting it back to the wall mount, the fruitless search for TV channels started. 5 minutes later and I was a tad disappointed that no channels had been found. But this was a smart TV. That wasn’t connected to the WiFi and there wasn’t a WiFi password. What to do…

Looking out onto the landing, I found a WiFi access point which was merrily flashing away. Someone had WiFi. I needed the password. Time for some fun. One of the joys of being in this cyber security game means that you know how to do some stuff and grabbing WiFi passwords is some stuff that we need to do in order to keep our hand in. Normally, this would be in a test environment on a client’s site but seeing as I’d paid for WiFi, this became my test.

Out came the laptop and a bit of aircrack-ng action ensued. Access point identified. Connected devices kicked off. Packets captured. Default password found and entered into the telly. Bingo! I had UK TV Play! I had Taskmaster! Then the buffering started…

There were only three rooms in this place but 12 devices - only one of them my TV. Fortunately, the walls were paper-thin so I could hear the folky-type music from the room next door and the laptop-based sound of The Last Jedi from the room upstairs. They were streaming and hogging all of the bandwidth. Not for long…

The thing with aircrack-ng is that it is a very handy and flexible tool for analysing WiFi networks. It does many things, one of them being the ability to kick devices off the network through a technique called deauthentication or deauth. Aircrack-ng will happily just create deauth packets and send them to target devices on a WiFi network. Forever. So it did. Music stopped. The Last Jedi stopped. Greg Davies and Alex Horne were now on my telly in glorious HD.

Now there are a few things wrong with this. Yes, you’ve spotted it, this wasn’t exactly an ethical use of skills but trying to maintain some sense of mental wellbeing has become a bit of a thing for me of late so ethics went out of the window, I’m afraid.

The other thing wrong here was that this WiFi network that was being sold was far from OK. I shouldn’t have been able to just “find” a WiFi password as part of a password list I already had. I’m definitely not the only person on this planet to have the password. If I could get in to the network, I could plant a device on the network. There were only three of us in the “accommodation” - why were there 12 devices? Why was there a Raspberry Pi sat on that network? Why did it have unusual ports open? Why did that device run a port scan on any devices that joined the network? Why did it try to connect to any open services on these devices? Many questions arising from one WiFi network.

We rely on WiFi pretty much wherever we go yet many people who deploy it don’t understand how it can be compromised or taken out of action. Few organisations scan their WiFi networks. Few organisations separate their wireless networks from their wired networks with a firewall.

WiFi is an easy path for anyone to get access to your important assets. If you’re not segmenting your networks, if you’re not using a firewall to protect your WiFi or aware of what is joining your WiFi, we really, really need to chat. We’re on 01673 898001. Give us a call and let’s get you mastering this task.

Don't forget to check out our remote working packages here!

Written by Stuart Green - Managing Director