Thread: [FRC Blog] Einstein Report Released
View Single Post
  #284   Spotlight this post!  
Unread 17-07-2012, 21:17
techhelpbb's Avatar
techhelpbb techhelpbb is offline
Registered User
FRC #0011 (MORT - Team 11)
Team Role: Mentor
  
Join Date: Nov 2010
Rookie Year: 1997
Location: New Jersey
Posts: 1,620
techhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond repute
Re: [FRC Blog] Einstein Report Released
Quote:
Originally Posted by Greg McKaskle View Post
I don't believe the report says anything about the FMS being hacked, scores being changed, or robots being seized. There is no evidence those actions occurred on Einstein.

The report discusses how the FIRST staff performed some typical DoS attacks on the bridge and router to learn what the symptoms would look like. The report discusses that a bug was discovered in the field wifi components that allowed for a disruption of service. The FIRST staff then explored the various symptoms and the requirements for the bug to manifest. The bug allowed for service disruptions, but no foreign device joined any field access point.

Also, the exploit required no hacking skills. Hackers everywhere are cringing when this is referred to as a hack. The term hack never appears in the report. Sorry to be such a stickler for terminology, but inaccurate descriptions of what took place do not help matters. If there are parts of the report which need clarification, please ask rather than jump to conclusions.

Greg McKaskle
There are 2 vectors in that report.

The confirmed vector was the one that needed very little beyond a phone. They found someone that admitted to that on Einstein.

The other vector (which does work but we have no evidence either way it was used) was deauth and generally that one is described on hack a day in October 2011.

As a person that works in computer security I know most big bad 'hackers' people find are just exploiting the much more time consuming efforts of others.

In this person's case it is more social engineering. They must have tested this before they reported it. The manipulation is in reporting it in such a way we will not be able to find out how and when that was done before.

Course they may not have realized that there were insufficient logs stored on the field servers so that was a gamble.

Still there is no evidence presented to support the idea that this person intended to influence the Einstein matches in a particular direction (who got hit was just a function of proving it worked at all).

The trick with the phone wouldn't have worked on at least 2 of the robots because those 2 had the B version of the D-Link AP on them at the time. Without logs we have no way of knowing whether the person with the phone knew that those 2 teams had that B version AP and ignored them in their effort. So there's no reason to suspect that this person knew anything more than this trick they pulled worked before somewhere, somehow.

Keeping in mind that this trick with the phone also requires the Cisco field AP to have a specific version of firmware the only practical place to test that without heavy reverse engineering would be on a field.
Last edited by techhelpbb : 17-07-2012 at 21:42.
Reply With Quote