More secure WiFi setup #179
Comments
|
Yes, /recommend/ Ethernet. There could be much more to it.
Hotspots typically display SSID & PW either on the home screen or from 1
button press. The former is nicer when the screen will blank after a
timeout.
WPA2 is fine.
…On 6/2/24 07:25, Jens Scheidtmann wrote:
As I am going to go to a star party in September, I was wondering how to
give PiFinder a better default security posture:
First, the documentation should recommend to attach an Ethernet cable
during the build phase to setup local WiFi client access. This avoids
entering WiFi passwords over unencrypted channels, as the documentation
currently recommends.
Second, if the unit activates access point mode, it should:
* attach a random number (5 decimal places from 00000-99999) to the
SSID, such that PiFinders in the vicinity use different SSIDs (at
least a collision is rather unlikely),
* At least WPA2 should be configured on the WiFi, using a random
password of 15 or 20 places consisting of characters a-z0-9, in
groups of 5.
* This password should be displayed after boot up and be part of the
"main" screens, i.e. it must be accessible from pressing "A"
multiple times (screen can be deactivated in settings)
* This configuration shall be created once and be stored and reused by
each boot up,
* until a new configuration is generated by the user in settings.
What do you think?
—
Reply to this email directly, view it on GitHub
<#179>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACLERHL7276HKNNDZCGRC6LZFMTOXAVCNFSM6AAAAABIVDP7HWVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDSNRYGUYTMNY>.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
dnl
|
|
Thanks @jscheidtmann for thinking about this and for your passion about security! I'm on-board with all of your thoughts, except the suggestion of using an ethernet cable. It seems if your other suggestions were implemented, the need for this would be removed, but I may be missing something. I have some hints/suggestions for anyone who wants to take this change on, but in the meantime, here are a couple things which can help anyone who is using a PiFinder at a public event:
These two steps will discourage/prevent any accidental and general mischief. A determined attacker can still do packet collections and such, but the cost/benefit for this attack would be pretty low as there is not much value to a compromised PiFinder. A quick/easy software change could enable manual mitigation of the remaining risks: Allow the setting of a WPA password on the Access Point network via the web interface. Yes, initial configuration is done in the clear, but the chance of an attacker being in the right place at the right time to take advantage of this is, seemingly, quite small. BUT, better is better and your suggestions are very good ones that should not negatively impact the usability very much. For anyone who wanted to take a run at implementing some of these, here are some thoughts:
|
brickbots
added
enhancement
As I am going to go to a star party in September, I was wondering how to give PiFinder a better default security posture:
First, the documentation should recommend to attach an Ethernet cable during the build phase to setup local WiFi client access. This avoids entering WiFi passwords over unencrypted channels, as the documentation currently recommends.
Second, if the unit activates access point mode, it should:
What do you think?
The text was updated successfully, but these errors were encountered: