Thread: [FRC Blog] Einstein Report Released
View Single Post
  #175   Spotlight this post!  
Unread 14-07-2012, 14:38
techhelpbb's Avatar
techhelpbb techhelpbb is offline
Registered User
FRC #0011 (MORT - Team 11)
Team Role: Mentor
  
Join Date: Nov 2010
Rookie Year: 1997
Location: New Jersey
Posts: 1,624
techhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond repute
Re: [FRC Blog] Einstein Report Released
Quote:
Originally Posted by Alan Anderson View Post
I don't think you understand what the actual problem was. The system is indeed vulnerable to a deauthentication flood, or even a fast trickle. However, there were no such attempts detected, and there is no evidence to suggest that any occurred. The testing did show that it was possible to disrupt the connection without triggering a warning, so the detection parameters need to be tweaked to something more appropriate to the FRC use case. Still, it doesn't look like this was something that actually happened during competition.

The confirmed problem was instead an unknown and unexpected bug in the access point firmware that broke the existing connection when another client tried to authenticate and failed. Nothing special needs to be downloaded in order to cause this bug to be expressed.
Unless you have something more than what is in the presented information I think you assume that AirTight which we now know can not see this issue under the right circumstances is sufficient reason to assume it did not happen. I draw nothing from this report that indicates to me they have actual raw data to confirm that a deauth attack did not happen on Einstein or elsewhere and it clearly is a well known vector with tools that often allow setup to exploit that hole in AirTight. Also you can make this work even if AirTight can detect it when fixed.

The second problem. The one you have listed as confirmed may be far more practical to point at and say well they did it and it requires no special tools we confirmed it. I actually mentioned that aggressive attempts to gain WiFi access could lead to this pages back. So I have acknowledged it but I think that concern about this and finger pointing is sort of crazy. There's actually premade devices you can buy that will locate and crack WPA passwords. Anyone could have brought one and had it in their pocket. Anyone at any point in the competition could have tripped over this. In point of fact well before Einstein suggestions about the versions of AP hardware surfaced. There where options to deal with this including spare parts in dumb luck you may get another version. The assumption here is that this person targeted teams with a mind to carry out rigging. How could they be sure the teams in question would be effected? They certainly can't walk over and offer to swap the AP.

On the other hand having now personally setup and torn down a field twice and looked at how AirTight is used. I am positive that a person could easily disable a robot or robots at will. They will still be able to do that when AirTight is patched and the AP versions are upgraded. I view this confirmation as a way to distract from the larger issue.
Last edited by techhelpbb : 14-07-2012 at 14:51.
Reply With Quote