Possible FLR Hacking?

[Blackphantom91]

I agree with most of the above, Basicly WPA is much harder to hack and tamper with and it takes time to crack it because of the vast amount of possibilities. As far as the field acting "funny" this is a possibility but that wouldn't mean foul play was involved. Communications are delicate thing and one entry can mess up the whole thing. Sorry to hear that about your team.

[JesseK]

As for the DAP1522 placement: does it broadcast its signal like a typical antenna does? For those curious, current running in a loop creates a propagating magnetic field that DOES have polar regions. Thus, antennae always seem to work better when pointed up since the magnetic waves propagate tangental to the direction of current flow. Am I totall off here?

As for the hacking issue: go to arstechnica.com and read their 5-piece segment on how Anonymous hacked HBGary. They did the most damage via social engineering after they got some basic information via garbage data in URL's of the website (a database generates a webpage based upon these variables; if the database input isn't 'cleaned' before its used, then the database can be manipulated in various ways -- such as returning all of the user passwords). That FIRST changed our router this year is reassuring: there's less 'basic' information known about it than perhaps previous years. Yet there isn't even any brute force needed to crack the durn things if the WPA keys are left in the open (the social engineering aspect). I'm not sure if the keys are even given out to teams, or if they're on a clipboard on a wall, or were ever left unattended on a table. If they were, then there IS a SLIM (very slim) possibility that someone DID crack it. IF I were to try to figure out motive, I would say that it was hacking for fun, or more maliciously, hacking lower-priority targets in order to learn things that are useful for hacking higher-priority targets.

I'm not saying I condone hacking in any of its malicious aspects; I'm simply saying that if we're all better educated about it, we're better prepared for those with malicious intent. To think that it's impossible to do is ... well ... hopefully we're not THAT naive, with all of the quotes in signatures running around here about engineering feats that were once impossible.

[TD912]

I only read the first 2 pages of this post, but hacking the system is very unlikely unless someone managed to brute force the WPA2 keys, which is highly unlikely to happen during the limited time on the field. Another possibility is a person swiping the keys if they were written down somewhere easily accessible, which is possible but still very unlikely.

Still, the FMS should only allow data to be transferred between the specific IP addresses allocated to the Robot and the Driver Station. Even if a malicious person did have the WPA2 keys, I would think any additional devices connected to the FMS would be quite easy to detect.

A person would have to know a lot about how the entire communications system works. They would need to have the specific team's WPA2 key, know a way to fool the FMS, override the real Driver Station, intercept and emulate commands, figure out the controls to the specific robot, and pull all of it off within 2 minutes without being detected. Highly unlikely.

In any case, I'm >99% sure it was a field error.

[ChrisH]

Quote:

Originally Posted by JesseK

As for the DAP1522 placement: does it broadcast its signal like a typical antenna does? For those curious, current running in a loop creates a propagating magnetic field that DOES have polar regions. Thus, antennae always seem to work better when pointed up since the magnetic waves propagate tangental to the direction of current flow. Am I totall off here?

As for the hacking issue: go to arstechnica.com and read their 5-piece segment on how Anonymous hacked HBGary. They did the most damage via social engineering after they got some basic information via garbage data in URL's of the website (a database generates a webpage based upon these variables; if the database input isn't 'cleaned' before its used, then the database can be manipulated in various ways -- such as returning all of the user passwords). That FIRST changed our router this year is reassuring: there's less 'basic' information known about it than perhaps previous years. Yet there isn't even any brute force needed to crack the durn things if the WPA keys are left in the open (the social engineering aspect). I'm not sure if the keys are even given out to teams, or if they're on a clipboard on a wall, or were ever left unattended on a table. If they were, then there IS a SLIM (very slim) possibility that someone DID crack it. IF I were to try to figure out motive, I would say that it was hacking for fun, or more maliciously, hacking lower-priority targets in order to learn things that are useful for hacking higher-priority targets.

I'm not saying I condone hacking in any of its malicious aspects; I'm simply saying that if we're all better educated about it, we're better prepared for those with malicious intent. To think that it's impossible to do is ... well ... hopefully we're not THAT naive, with all of the quotes in signatures running around here about engineering feats that were once impossible.

One of the reasons for the kiosks is to better secure the WPA keys. There is now no need for the field crew to print the keys at all. Instead they are loaded directly into the kiosk. It is possible to make a printout of them, but that would take a deliberate effort by somebody who knows what they are doing. There is little value in doing so just for kicks, so anybody who did so would probably have another goal in mind, which brings us back to "social engineering" (the current euphimism for espionage where I work)

[jtdowney]

Quote:

Originally Posted by ChrisH

One of the reasons for the kiosks is to better secure the WPA keys. There is now no need for the field crew to print the keys at all. Instead they are loaded directly into the kiosk. It is possible to make a printout of them, but that would take a deliberate effort by somebody who knows what they are doing. There is little value in doing so just for kicks, so anybody who did so would probably have another goal in mind, which brings us back to "social engineering" (the current euphimism for espionage where I work)

At events I've been to in the past there were print-outs of instructions on how to configure the bridges which includes the teams key. The "new-style" bridges last year couldn't be configured with the kiosk so teams had to manually configure them. These print-outs often got pushed aside and could easily be lifted. I haven't yet been to an event this year so I do not know if the print-outs are still being given.

However what is to keep someone from bringing their own DAP-1522, walking up the kiosk and programming it with any teams key. After that they have a wireless bridge that gets them on the same network as the robot as long as they change the bridges static IP. I am not sure if the field would attempt to detect if this happens but I cannot think of a reason it wouldn't work.

The kiosks may be different this year but in the past there was no reason I could not enter another team at the events number and get their settings instead.

I am not suggesting anything happened, just pointing out that it is possible.

[gaby1367]

Sure blame the "hackers" lmao if you could provide more info maybe we could help.

[Steve W]

I was not at FLR but from last years experience I remember that RIT has an IPS(intrusion prevention system) active on campus. This is to prevent rougue APs from running onsite. Most likely this is what caused the problems on Thursday and "could" possibly cause other issues even if turned off in the field house. "Breaking" WPA2 is possible but very unlikely in the short timeframe of the event.

[gblake]

Here are a few thoughts

1) I personally would be more likely to look for snowballs in hot places than look for hackers who break WPA2 keys and issue legit commands to teams' robots.

2) It is dead easy for any team to insert their own error detection and correction bits/words into application-level messages that travel to and from their robot. If a hacker was given or stole a WPA2 key and was creating garbled message payloads within otherwise valid messages, the team's custom, application-level detection/correction code would/could record the evidence.

3) It is dead easy for any team to create a 1-time pad cipher that would be shared by the application code in their driver station and their robot. Using one (plus a few other simple tricks) would prevent anyone with intimate knowledge of their robot and of their error detection/correction schemes from sending bogus messages to to the robot (unless they also had a copy of the pad).

4) If you want to implement items 2 & 3 go right ahead, you will learn something. One thing you are almost certain to learn is that your robot communication path is not being hacked. Maybe the path is having messages get lost due to environmental interference or unfortunate radio locations, but I'll risk betting a nice pizza that it isn't being hacked.

5) Have a contest to see who can hack your comms. Offer a pizza in exchange for each new method someone uses to successfully and non-trivially interfere with operating the robot (put it up on blocks for these experiments...). Report your findings to FIRST. Other than by using raw noise to simply overpower the radios, I'll bet few pizzas will be earned.

6) If you do ever think you have detected true malicious interference with robot comms, DON'T BE OBVIOUS about it. Don't grandly announce to your team and to the world that you have solved/discovered "the problem". That rumor will go through the tournament faster than an offer of free Red Bull & Krispy Kremes. Be mature and professional. Double and triple-check your evidence, then discretely contact FIRST and have a quiet conversation to see what they think.

Blake

[BrandonD-1528]

As a result of certain recent events, I am revoking my comments about the possibility of hacking at FLR. I realized from the start that it was highly unlikely and was simply posting to point out possible causes to the issues that we saw occurring. Sorry if I started any controversy, and I certainly hope I haven't begun a whole new rumor about what could happen at future events. Hopefully I've learned my lesson about posting anything controversial on a high-traffic site.

[Matt Krass]

Quote:

Originally Posted by BrandonD-1528

As a result of certain recent events, I am revoking my comments about the possibility of hacking at FLR. I realized from the start that it was highly unlikely and was simply posting to point out possible causes to the issues that we saw occurring. Sorry if I started any controversy, and I certainly hope I haven't begun a whole new rumor about what could happen at future events. Hopefully I've learned my lesson about posting anything controversial on a high-traffic site.

You have nothing to be ashamed of. There's no reason to be afraid of controversial topics, and you should never be afraid to question the system. Maybe your initial post could have been written better, and that is the lesson you should take from this, but don't think you did anything wrong by discussing this topic.

It's better to be a little disgruntled and aware of a potential problem then blissfully ignorant until the bus hits you. While FIRST has a pretty decent system in place, the only reason is because people looked at it and said "How can I break this system?". And honestly, it still has a lot to be desired in my opinion, but it's getting there.

I reiterate my point, you did nothing wrong, and there is no reason such topics should be so problematic. If anyone disagrees with, bring it on

Matt

[boomergeek]

Quote:

Originally Posted by Matt Krass

You have nothing to be ashamed of. ...
If anyone disagrees with, bring it on

Matt

ORIGNAL POST: (but I embolded key phrases):
"I know this is nothing more than speculation, but it's extremely fishy. While our team was at the Finger Lake Regional in New York, several teams had their robots suddenly act erratically during teleop, sometimes in a very suspicious manner."


Curiosity is one thing: casting aspersions as to a significant likelyhood of intentional unfairness perpetrated by someone is something else. It calls into question the fairness and the legitimacy of the entire competition.
I thnk Brandon no longer thinks such sentiments are appropriate to a large public forum without greater evidence.

The gracious thing is to assume a team's problems are it's own fault and to ask for help isolating them and not assume someone associated with FIRST or attending FIRST is out to get them by nefarious means.

The volunteer field crews work very hard. I know from personal experience that if a robot "misbehaves" on the competition field but does not misbehave on the practice field or on tether, it can be very frustrating. Isolating the cause of the difference of behavior can sometimes be very hard.

As demonstrated in Update #17, the technical staff is working quite hard to help teams identify issues with their robot prior to connecting to the FMS.

Teams should also know how and be ready to reset their robot if it "bricks" on the competition field.
We weren't.

[Matt Krass]

Quote:

Originally Posted by boomergeek

ORIGNAL POST: (but I embolded key phrases):
"I know this is nothing more than speculation, but it's extremely fishy. While our team was at the Finger Lake Regional in New York, several teams had their robots suddenly act erratically during teleop, sometimes in a very suspicious manner."


Curiosity is one thing: casting aspersions as to a significant likelyhood of intentional unfairness perpetrated by someone is something else. It calls into question the fairness and the legitimacy of the entire competition.
I thnk Brandon no longer thinks such sentiments are appropriate to a large public forum without greater evidence.

The gracious thing is to assume a team's problems are it's own fault and to ask for help isolating them and not assume someone associated with FIRST or attending FIRST is out to get them by nefarious means.

The volunteer field crews work very hard. I know from personal experience that if a robot "misbehaves" on the competition field but does not misbehave on the practice field or on tether, it can be very frustrating. Isolating the cause of the difference of behavior can sometimes be very hard.

As demonstrated in Update #17, the technical staff is working quite hard to help teams identify issues with their robot prior to connecting to the FMS.

Teams should also know how and be ready to reset their robot if it "bricks" on the competition field.
We weren't.

If you read my post (instead of just looking for something to be annoyed about) you'll see I also stated he should learn from this is regards to how he wrote the post. I believe he also understands he approached this thread the wrong way, and that is a valuable lesson to learn. However, another, incorrect lesson, that is being pushed here is that uncomfortable topics need to be tiptoe'd around and those who dare to confront them are wrong strictly because it's an uncomfortable topic.

Yes, he jumped to conclusions, and yes he made a mistake. And yes, he acknowledged that. That doesn't mean broaching the topic was a bad idea, just that next time, be a bit more careful how it is done, and I'm sure he will be.

Nobody ever did anything great by playing along and not making waves, sometimes waves need to be made. As far as your teams troubles go, I'm sorry you had them and I'm sorry you were unprepared. Personally, I don't think there's any shame in getting caught by something you didn't know was a problem, now you learned your lesson and you'll watch out for it next time. I'm sure you wouldn't appreciate someone coming on CD and ripping in to you for not thinking to check your robot for a problem you weren't aware existed.

Matt

[ChrisH]

Quote:

Originally Posted by jtdowney

At events I've been to in the past there were print-outs of instructions on how to configure the bridges which includes the teams key. The "new-style" bridges last year couldn't be configured with the kiosk so teams had to manually configure them. These print-outs often got pushed aside and could easily be lifted. I haven't yet been to an event this year so I do not know if the print-outs are still being given.

However what is to keep someone from bringing their own DAP-1522, walking up the kiosk and programming it with any teams key. After that they have a wireless bridge that gets them on the same network as the robot as long as they change the bridges static IP. I am not sure if the field would attempt to detect if this happens but I cannot think of a reason it wouldn't work.

The kiosks may be different this year but in the past there was no reason I could not enter another team at the events number and get their settings instead.

I am not suggesting anything happened, just pointing out that it is possible.

The field crews have been instructed not to print out the key lists. It is possible to do but there really is no reason to do so. While somebody could theoretically program their own DAP with a particular team's key, there are other measures in place to help detect this sort of activity. I will refrain from elaborating for obvious reasons.

[boomergeek]

Quote:

Originally Posted by Matt Krass

If you read my post (instead of just looking for something to be annoyed about) you'll see I also stated he should learn from this is regards to how he wrote the post. I believe he also understands he approached this thread the wrong way, and that is a valuable lesson to learn. However, another, incorrect lesson, that is being pushed here is that uncomfortable topics need to be tiptoe'd around and those who dare to confront them are wrong strictly because it's an uncomfortable topic.

Yes, he jumped to conclusions, and yes he made a mistake. And yes, he acknowledged that. That doesn't mean broaching the topic was a bad idea, just that next time, be a bit more careful how it is done, and I'm sure he will be.

Nobody ever did anything great by playing along and not making waves, sometimes waves need to be made. As far as your teams troubles go, I'm sorry you had them and I'm sorry you were unprepared. Personally, I don't think there's any shame in getting caught by something you didn't know was a problem, now you learned your lesson and you'll watch out for it next time. I'm sure you wouldn't appreciate someone coming on CD and ripping in to you for not thinking to check your robot for a problem you weren't aware existed.

Matt

I did read your whole post: my point is: the heat of a loss is never the time to publicly insinuate that someone may have the ability to cheat and used it against you. I don't know how Brandon could have written it publicly and still be graciously professional. Maybe you can suggest a few sentences of what he could have publicly written that would have been appropriate to get his sentiments across.

Insinuating problems should be investigated or blamed on the dishonesty efforts of others without any real evidence is a "sour grapes" meme that unintentionally disparages the competition. Brandon seems to have acknowledged this: you seemingly have not.

If you play a friendly card game and lose, it is not appropriate to immediately publicly ask if one of the friendly players cheated in the timeframe that the valid winners are enjoying their props.

One can choose the level of awareness to the potential for cheating. FIRST tries to be friendly, professional, and gracious.

I do not know how Brandon could have publicly approached the subject of his feeling his team was likely a recent victim of cheating at a FIRST competition in a manner would be seen as graciously professional.

If you can, I will certainly admit I was wrong and apologize to you.

I don't think Brandon should be ashamed: in fact, he's better for having made a mistake and admitting it and moving on. You seemed to imply that Brandon had just chosen the wrong words. I think it's not the words that were the issue- it was the sentiment, timing and location of that sentiment.

There is a huge amount of this competition that is mostly an honor system.
There are also many EASY ways to cheat that do not involve hacking- I'm going to assume that those ways to cheat aren't used sufficiently to worry about and I'm going to spend my energy elsewhere.

Are you starting with the position that there are likely enough cheaters involved in FIRST that we should spend our brainpower looking for them?

I have focused my brainpower on looking for the understanding of the laws of nature on highly complex equipment causing the seemingly nefarious robot behavior. I view it as time better spent.

I think we can agree that the right time to be broadcasting talk about potential hacking victimization is not the day the winning team is supposed to be celebrating their win.

[BrandonD-1528]

Quote:

Originally Posted by boomergeek

I did read your whole post: my point is: the heat of a loss is never the time to publicly insinuate that someone may have the ability to cheat and used it against you.

Whether or not we lost the match is not relevant to me, and I already know the battery was at fault. I'm only pointing out a possibility as to the cause of certain specific problems, not necessarily with our team or alliance. Please don't take it as if I think people are actually cheating at all.