Fon Bomb: Wireless sabotage for ninjas

by postbreak

The FON has been hacked to shreds since it launched a few years ago. One of the more interesting hacks is running karma on the FON making it a black hole for wireless clients. You can do this with Open-wrt and karma or with Jasager featured on Hak5.org. I’m going to share a few of my ideas for the ultimate FON bomb.

So running karma or Jasager on the FON allows you to force all wireless clients to join your network. This is great because it puts you directly in the middle for a man in the middle attack. Right now you have to do a lot of things behind the scenes to actually get anything out of it. That could be anything from stealing sessions to logging passwords. Too much work for me in my opinion and it wouldn’t work for a “set it and forget it” device.

The Fon needs to be completely independent for my application. Here is where things get complicated. For my “Fon Bomb” I want to encase a Fon running Jasager in a weather proof box containing the Fon, a pay as you go phone with an internet connection, and a large lithium polymer battery to power the whole box for at least a couple of days. The case would be painted to look like a normal service box with a powerful magnet on the outside so it could be attached to something metal preferably high up out of reach.

The hardware required for this device is pretty simple with the exception of interfacing the cell phone to the Fon which is the most difficult. The beauty of this device will be the software. Because I am simply prototyping this device in my mind I have not checked out the full logistics of the software however with a lot of free time I am sure I can get it working.

What this box needs to do is run ettercap or MDK3 on the wireless interface looking for URLs, usernames and passwords, and anything else I’d like to know such as AIM names or emails ect. A script needs to be written to forward this information to a throw away email address once an hour. From there a cron will be running once an hour to tell that dummy email that the device is still alive. That cron is very important because it tells you that your bomb is still ticking. When you check your disposable email and notice that your device hasn’t sent an email in a few hours then the battery has probably died and it’s time to fetch the device.

This device in the form I’d like to see it used is completely blackhat. It basically does only evil things right now. You could push it into the grey area but simply logging URLs for a sort of social experiment.

Once again this is just a concept idea and I have yet to get my hands on a Fon (If anyone has one they’d like to donate please email me). The pay as you go cell phone plan will be difficult to spec out but I believe it could be done.

Advertisements