I am trying to establish a wifi connection between iPhone and another ARM device(as AP), and thanks to NEHotsportConfiguration added in iOS11, the connecting process becomes easy and quick and all I need is AP's ssid and password which will be transmitted via BLE, Of cause they must be encrypted. now here comes the question if it's possible to use WPS instead of transmitting password in air.
I have read something and given my own answer No, so please correct me if have any mistakes, thank you.
No. No version of iOS or OS X supports WPS because it has fundamental security flaws that cannot be readily fixed. More to the point, you should disable WPS on any router that does support it, because it is a security hole so big you can drive a truck through it.
For more information, see:
https://apple.stackexchange.com/questions/81994/is-it-possible-to-connect-an-iphone-ipad-via-wifi-protected-setup-wps
and
http://routersecurity.org/wps.php
Related
I am trying to find a way to secure our robot against unwanted Choregraphe connections. We are required to work on a University-wide network, and we need a way to stop people from connecting who may have obtained the robot's IP address at some stage without our knowledge.
As there is no access to the root user account on the Pepper, I cannot simply lock down access using iptables, so I thought I might try looking at a way to forcibly close connections from ALChoregraphe when it registers on the robot.
However, running the command:
qicli info ALChoregraphe
I can see that the only method available is requestDisconnection. There is no way to close the connection forcibly.
I have tried using ALServiceManager to stop the service, but it apparently only knows about services that are installed as packages.
So far the only solution I have is to change the color of the eye LEDs to indicate that a connection has been established, and reset them when a disconnect is received.
Aside from moving the robot to its own network, do you have any suggestions on how I could go about handling this?
Thanks!
At the moment, there is no other way to prevent connections to the robots. All you can do is to make sure that unwanted clients cannot access the network of your robot.
In Choregraphe 2.4 and later, you can kick the existing Choregraphe after 30 seconds. If anyway it fails, you should unregister the services ALChoregraphe and ALChoregrapheRecorder using qicli call ServiceDirectory.unregisterService <serviceID> where serviceID is the number facing the services when listed with qicli info.
Hi guys
I'm working on this project where I'll need to retrieve information from a database through sms/ussd, much like how you would check you credit on you mobile phone.
Would appreciate any help to head me in the right direction.
(Hope I put my question out clearly, if not ask me so I can clarify)
I can help you extensively in solving your problem. As far as I got understood what you want to achieve is, perhaps that when a SMS message comes to your GSM Modem or GSM Phone, your software should be capable enough to interpret that message according to your protocol and should respond accordingly, also when it needs to process database. This is absolutely possible. Let me describe it in brief. Following are the general steps:
You must connect your GSM Phone or Modem through your software with a particular COM port.
After assigning and configuring the port, You issue AT+CNMI=2,2,0,0,0 command to Modem, if it responds to OK, then it indicates that it supports this command, else an error is generated.
Now send an SMS from some other phone, you will see that the SMS directly goes to your software, now you can process it as per your needs.
The whole process is slightly a lengthy description, but it is possible.
Assumption : Open wifi networks are susceptible to software like firesheep but WPA2 Enterprise networks are safe. (Thanks for the clarification TheBigO)
To avoid the security issues of firesheep, I am wanting to create a WPA2 Enterprise network that accepts any password - therefore acting like a public wifi network.
Using which libraries and preferably c could I create a WPA encrypted wifi network that accepts any password?
Other options are welcome provided they make a "secure public network." :)
Edit: Unfortunately I didn't ever accomplish the task of accepting any password for the wpa 2 enterprise network. I felt a correct answer needed to be given.
I don't think this will approach will work; even if you allow the router to accept any password, it will probably still need to advertise itself as being WPA2 encrypted, in order for standard computers to set up communication with the router in the standard WPA2 manner, which will still lead to a password prompt, which means you'll still be asked what the password is, and you'll still need to tell your customers that they can enter anything, so you might as well tell them a specific password that they should type. Why not just advertise the password in the SSID, like "free-wifi-password-is-LOLZ"?
Anybody can use a man-in-the-middle technique to bypass a wap wifi and still use a firesheep and some arpspoof to do the job. The safest way is to have the user always use https. Maybe force ssl usage on chrome...
Assume I,m in a LAN, that uses a Router. If someone redirects my all data packets to his computer then there is no privacy. This is happening in real. when I run "arp -a" command, I can see his IP address and I couldn't remove it using command "arp -d ". Does anyone know a way to avoid this arp access? or any other suggestions?
Thank you.
Once a packet leaves your computer, there is really nothing you can do to choose where it goes or who captures it. It's best to always assume that anyone can capture and observe all of your traffic on the network. If that is not acceptable, you should use a protocol (e.g., SSL) that encrypts the communication.
Actually it is "ARP protocol Vulnerability" which is in the OSI model. As far as I know , this is under research & currently UNRESOLVED. iN lINUX U CAN AVOID THIS BY USING IPTABLES.
I know its probably possible, but is it practical and doable to try and geo-position someone using WiFi to triangulate...
Thinking if I was underground and didn't have access to GPS, could I setup WiFi spots around the place to help locate someone.
Or if I was on a plane or a train (which is constantly moving), could I setup WiFi spots around the place to help locate someone.
Where would I start in doing this? Is there software components/infrastructure? If not would it be possible to do this... i.e. at a router level add location information to the packets about which router the incoming message was coming from and then the server being able to pick up on this...
This is exactly how the Skyhook database (built into many phones) works. It uses cell towers and WiFi points to triangulate the position in the absence of a GPS signal.
Google also does this with their street view vans—they look for open wi-fi networks as they go, and record their positions.
This is already widely available. Google the terms wifi location aware.
This is how laptop "Lo Jack" theft recovery systems work, for example.