network hacking discussion

[roboengr]

When will first tell us to turn on the security for the wireless network devices?

I can think of a number of things that will interfer, but I am not going to write about it here.

I hope we have profesionalism and no dishonest people. I know seting up the security will cause some initial setup and troubleshooting errors for a lot of the teams.

The ssid will not prevent anything but make wrong doers know whos network it is. Not brocasting the ssid will help for security. what would prevent someone from down loading thier program to another robot?

These issues and others must be addressed?!!

Lets talk about it?

[usbcd36]

From the way the network setup was described in the manuals, it appears that there will be no network security this year. If security had to be used, the people running the field control system would need the password for every team, something that would cause much hassle.

It's also likely (if not already confirmed) that teams won't be able to use wireless in the pits to interface with their robots. This eliminates the possibility of a dishonest person wirelessly downloading a program to someone else's robot.

Furthermore, in the past, competition officials have monitored the airwaves for signals that shouldn't be there and told teams to stop broadcasting. Anyone who sets up an unauthorized WAP will likely be caught and asked to stop.

[nathanww]

Quote:

I can think of a number of things that will interfer, but I am not going to write about it here.

Please do. Chances are, at least one other person is thinking about them, and keeping it a secret only makes it easier for black hats to cause havoc

As for preventing unauthorized downloads, encryption would be the main thing. Another thing that would be useful from a forgetting-to-download-the-new-code view as well would be a feature, say, in a dashboard program that continously checked the version of your code, and initiated a redownload if it didn't send a version or sent the wrong one?

Quote:

It's also likely (if not already confirmed) that teams won't be able to use wireless in the pits to interface with their robots. This eliminates the possibility of a dishonest person wirelessly downloading a program to someone else's robot.

There's a number of ways this could still happen, however. First of all, one could in theory "spoof" a field control system(since it's all 802.11) and use that to download malicious code(though I haven't tested this). It's also possible to get a malicious version of a file from someone else(for example, I could download WPIlib from source, stick a logic bomb in it, and hand it on a flash drive to an unsuspecting team)

[techsupport07]

I really hope no one would be dishonest enough to hack into someone else's robot...that would definately go against the principles behind FIRST. This is not necessarily a competition...it is much more than that. It is mainly a learning experience and a way to learn team work. You see teams helping other teams all the time...they would not help them get their robot running if they thought they were the "oppenent."