[HN Gopher] Alexa, what is my wifi password?
___________________________________________________________________
Alexa, what is my wifi password?
Author : voxadam
Score : 328 points
Date : 2023-04-01 12:08 UTC (10 hours ago)
(HTM) web link (dragon863.github.io)
(TXT) w3m dump (dragon863.github.io)
| AshamedCaptain wrote:
| > When using this tool, it is good practice to hash the password
| for the wireless network before storing it in the configuration
| file (encrypt it in a way that cannot be reversed). This can be
| done with one simple command (wpa_passphrase),
|
| Huh? Anyone who has that hash can still connect to your Wi-Fi
| network, which kind of defeats what is being claimed. At that
| point you can also bruteforce the plaintext password (offline, at
| your leisure), or worse...
| Dragon863 wrote:
| Sorry about that! I misunderstood how hashing works, and I've
| updated the page with a correction at the bottom
| [deleted]
| badkitty99 wrote:
| But don't you need the preimage of the hash to generate it in
| authentication?
| _Nat_ wrote:
| It wouldn't matter if the preimage of the hash were needed
| for authentication.
|
| Because, if a device has all of the information needed to
| connect to a network on it, then.. well, it has all of the
| information needed to connect to a network on it. Could be
| passwords, hashes, or whatever -- doesn't really matter.
| overthrow wrote:
| On Linux you can auth using the hash instead of the password.
| Other OSs probably have something similar.
|
| https://unix.stackexchange.com/questions/40/use-wpa-
| supplica...
| lxgr wrote:
| Yes, but I suppose GPs question was "is that enough to
| authenticate?" - and given that as you say Linux and
| iOS/macOS (for Wi-Fi "password" sharing with nearby
| devices) do support that, and my other comment, the answer
| is "yes".
| lxgr wrote:
| Not for WPA-PSK. The PSK is used to derive the PMK from
| (simplified) something like PMK = Hash(PSK, SSID). This key
| is static and never changes for the lifetime of a particular
| SSID, and is also shared across all devices in WPA-PSK.
|
| From the PMK, all other per-connection keys are then derived
| at association time, but everybody that captures that
| conversation can derive all further keys since that exchange
| uses only symmetric functions with all secret inputs derived
| from the PMK, not something like Diffie-Hellman.
|
| It's unfortunately not easy to do anything more resistant
| against compromised clients without storage on the APs (or at
| least a stable encryption key available to all access points
| of an SSID), so WPA-PSK doesn't - for anything more robust
| than that, you need WPA-EAP. (Some networks support a per-
| station/MAC address PSK as a proprietary feature, but that's
| only possible because they do have some management plane that
| allows the APs to share the required state.)
| [deleted]
| lxgr wrote:
| Exactly, and you can also derive all other devices' pairwise
| session keys from the password hash as well, i.e. intercept
| their traffic.
|
| The only thing you can't get from the hash (without reversing
| it) is the password itself, so if you use the same high-entropy
| one for a different SSID or non-WPA-PSK purpose (but why would
| you?), it helps a bit in that specific scenario.
|
| Apple has annoyingly decided to share the password hash using
| the "share Wi-Fi password with nearby devices" at least in some
| versions, which makes it impossible to actually manually copy-
| paste over a password received in such a way. I consider that
| pretty poor security-by-obscurity as well.
|
| If you need your network to be resilient against such attacks,
| you need WPA-EAP ("enterprise"). PSK was never designed for
| that threat model. That said, it's a shame WPA-EAP is as
| complicated to set up and poorly supported by most routers as
| it is.
| lostlogin wrote:
| > share Wi-Fi password with nearby devices
|
| You dislike this feature? It's pretty amazing compared to
| explaining which letters are uppercase and what an '&' is
| called.
| est31 wrote:
| > you can also derive all other devices' pairwise session
| keys from the password hash as well, i.e. intercept their
| traffic.
|
| Note that deriving keys in a passive fashion only works with
| WPA2. With WPA3 SAE you must do an active Man in the Middle
| attack, which means also that you need to possess the key at
| the time of the handshake. With WPA2 you can decrypt any
| historic traffic you have recorded.
| johnwalkr wrote:
| Apple password sharing is definitely annoying. I mainly use
| Apple stuff including iCloud for password management.
| Surprisingly, it even works well enough on chrome for
| windows. It doesn't work for the 10 game launchers I'm forced
| to use, but it's not a huge inconvenience, I can just grab
| those from my iPhone. But I cannot grab wifi passwords from
| my iPhone, that can only done in keychain in MacOS.
| lxgr wrote:
| On iOS 16 (and possibly earlier), it's finally possible to
| view passwords!
|
| On exception are those originally received via nearby
| sharing, potentially also those afterwards synced to other
| devices via Keychain, as the iPhone does not have the
| preimage to display.
| johnwalkr wrote:
| Oh wow! I'm happy to read that!
| geokon wrote:
| I always thought this aspect of Wifi password security was a
| weird annoyance. It just makes thing inconvenient without
| providing any real security - and it's leaked into Android and
| taken to new extremes. For instance you can get and share Wifi
| with goofy QR codes - but syncing the whole wifi password list
| between devices? Impossible without rooting your device
|
| They then up the goofyness in that it doesn't provide any
| mechanism in the UI to actually see the password, but you can
| screenshot the "share QR" code, read the QR in an app, and
| finally extract the password phrase that way (at least in all
| the Android versions I've tried). I have to do this dance
| regularly b/c scanning a QR code from a laptop is a pain
|
| Loosing all my wifi passwords when I get a new phone always
| kinda sucks...
| lxgr wrote:
| Couldn't have said it better.
|
| Apple used to play that security-by-obscurity game too in
| their implementation of password sharing with nearby devices,
| and by not allowing users to view passwords in the Wi-Fi
| settings (even passwords they hand-entered themselves, as if
| they can't also make a copy of that in a much less secure
| place at that point). Fortunately, they've come around in the
| newer iOS versions.
|
| But which Android feature are you referring to? On my Pixel,
| I can share the PSK as a QR code - not just the hash as far
| as I can tell.
| bombolo wrote:
| He wants to share it as a string, since humans aren't too
| well versed into reading qr codes.
| lxgr wrote:
| Huh? The password is displayed right below the QR code,
| at least on my Pixel. Must be a difference between
| Android versions or vendor customizations, which is why I
| asked.
| tryauuum wrote:
| can confirm
| bombolo wrote:
| Not on my phone.
| franga2000 wrote:
| You _can_ sync your WiFi passwords....to your Google account.
| It 's a privileged permission, like most fun things on
| Android these days are, for totally legit and not at all
| anticompetitive reasons.
| cma wrote:
| At least in the past there was no fine-grained option to
| backup other things like bookmarks without also giving
| google all of your wifi passwords:
|
| https://micahflee.com/2013/07/use-android-youre-probably-
| giv...
|
| The only way was turning on some enterprise mode most home
| routers don't have, I think because they didn't want to get
| sued for leaking company passwords.
| jeroenhd wrote:
| I wanted to write a quick app to switch between VPNs based
| on which WiFi network I'm connected. The Wireguard app
| exposes an API for this and many years ago I remember
| enjoying the broadcast receiver API of Android to react to
| such general changes. Thought I'd have myself an app in
| half an afternoon.
|
| Well, it turns out getting the name of the current WiFi
| network is near impossible. There are four different ways
| for four different ranges of Android versions, the most
| recent of which plain doesn't work on my phone.
|
| Somewhere down the line the greedy tracking on mobile apps
| has gotten so bad that even Google wants to make sure their
| users know they're being tracked. Without a permanent
| notification and a permission you can't grant in a popup,
| you're just not getting the WiFi name.
|
| I completely understand why they changed the API and I'll
| even agree with the most recent incantation, but the state
| of mobile app development has become truly deplorabele
| because of tracking companies and everyone must now suffer
| the consequences.
| AndriyKunitsyn wrote:
| On my Pixel, Android 13, I can see the wifi password in plain
| text on the QR code screen, below the QR code.
| crtasm wrote:
| I recently discovered that on LineageOS (Android 10), good
| to know Google does this too.
| lozf wrote:
| The `zbar' package (specifically `zbarcam`) makes scanning QR
| codes easier (especially when you can hold a phone in front
| of the webcam).
| cjxjxjxjxjxjxxj wrote:
| [flagged]
| cjxjxjxjxjxjxxj wrote:
| [flagged]
| Dwedit wrote:
| If you can get to somebody's Echo and short that capacitor to
| dump the rom, chances are good that you can also just walk up to
| their wireless router.
| asveikau wrote:
| > When using this tool, it is good practice to hash the password
| for the wireless network before storing it in the configuration
| file (encrypt it in a way that cannot be reversed).
|
| This is bullshit. The device ultimately needs the wifi passcode
| in plaintext. What this person is asking for is obfuscation and
| cryptography theater, not real security.
|
| Of course if you root the device you can read the wifi passcode.
| This is not shocking.
| Aissen wrote:
| Meh, the PSK can be used to connect to the network. The
| "cleartext" really does not matter unless you reuse passwords,
| which you shouldn't do.
|
| Anyone with physical access to your Echo probably has a dozen
| other methods to get access to your password.
|
| Now dumping this is still quite impressive for 14 year old.
| Kudos.
| codetrotter wrote:
| > Anyone with physical access to your Echo probably has a dozen
| other methods to get access to your password.
|
| For example, walk two meters to the side over to where the
| router sits, flip it over and read the label where the PSK is
| printed on the router. :D
| toast0 wrote:
| Nobody read the password when it was on the router... So now
| I have it (with a big QR code that sometimes works) on a
| printed page taped to the side of the printer.
| dzhiurgis wrote:
| NSA has cameras that can scan your router QR code from
| space satellite
| dcow wrote:
| > Now dumping this is impressive for a 14 year old. Kudos.
|
| The only part I don't believe is the three Makefiles. Even grey
| beards struggle write correct Makefiles. If Daniel wrote those
| too then that's the truly impressive feat.
| photochemsyn wrote:
| It's a nice project, the Makefiles are cloned from the amonet
| project this is based on. I tried understanding them with the
| help of ChatGPT, that was an illuminating exercise. I think
| (not sure) that the build rules could be better ordered, it
| seems like they're just scattered about in the Makefile
| relative to the order of events (compiling the C and assembly
| source code into the ELF file and hence to the binary).
| notum wrote:
| Not to diminish the effort (I love seeing these things cracked):
| if you have physical access to an Alexa device you likely have
| access to the router as well.
|
| The better coarse of action for a wrongdoer would be to get
| everything off the router using a serial interface and leave no
| traces behind for an extended remote access.
| voxadam wrote:
| As I mentioned in a reply to another comment there's a
| lifecycle issue to consider. People frequently upgrade their
| devices (IoT and otherwise) or dispose of them entirely. Often
| times these old devices are disposed of in insecure curbside
| trash bins. With every old IoT device being tossed into the
| trash without though it's starting to look like this is a more
| and more effective attack vector with each passing day.
| lxgr wrote:
| The "old device offered on the curb with a 'still working'
| note" threat scenario is actually a more realistic one than
| something like a corporate Wi-Fi in my view, since the latter
| would hopefully have any physically exposed client devices
| like that in a separate subnet/VLAN/SSID.
|
| The added benefit is that any possible attacker gets two
| additional data points for free: Where the corresponding SSID
| is most likely located, and that that household can afford to
| give away the hardware for free instead of reselling it or
| trading it in.
| JohnBooty wrote:
| that that household can afford to give away the
| hardware for free instead of reselling it or trading it in
|
| The Echo Dot in the article retails for $40, cheap enough
| to be considered disposable by many/most.
|
| Would probably gain much more useful socioeconomic
| information simply by looking at the neighborhood in which
| said curb is located, right? :)
| xupybd wrote:
| I'm not sure there is much point in encryption if the OS is used
| to protect the encryption keys the same way it is used to protect
| the data it is encrypting.
| MuffinFlavored wrote:
| what's something harmful you can maliciously do once you are on
| somebody's typically password protect wifi network?
|
| sniff traffic? you can't MitM due to HTTPS
|
| so... curious. what can be done?
| addandsubtract wrote:
| Access (or try to) connected devices, such as a NAS?
| dfxm12 wrote:
| Aside from just stealing the Internet service, you can set up a
| device to do something (of questionable legality), either
| attended or not, that you don't want associated with your own
| wifi network.
| fffffo wrote:
| Interesting read. I'm surprised Amazon haven't blocked UART
| access in bootrom mode, considering there's an efuse they can
| blow, from the bootloader (LK) environment, that will permanently
| disable it. As an example, Motorola did this on their Mediatek-
| based phones as part of a firmware update.
| PinguTS wrote:
| So the attack vector is: you need to flash a device in a certain
| place. That means, you need to open the device and do other
| things.
|
| Honestly, who has an Amazon Echo dot on a private network in a
| public place?
|
| Yes, it is a valid attack vector but I would vote the likelyness
| and importance at very very low risk.
| lxgr wrote:
| I've seen at least Chromecasts, Apple TVs etc. in quite a few
| corporate offices, so it's not completely unrealistic. Maybe
| somebody wants to use the Echo as a cheap speaker with the
| microphone disabled, or it's in a non-sensitive location.
|
| That said, in a corporate network, admins would hopefully put
| these in a pretty isolated subnet (by SSID+PSK, since they
| presumably don't support WPA-EAP where you could VLAN/subnet
| them based on their credentials).
| sureglymop wrote:
| A better way to prevent this would be to use One Time
| Passwords for every device joining the network. If the
| password is reused from a different device it gets
| invalidated.
|
| I don't know if such a mechanism exists for networks and I
| guess it would also be trivial to just spoof a mac address. I
| guess it does for something like a captive portal.
| smashed wrote:
| The best you can do is have a PSK per mac address.
|
| Hostapd which manages the encryption of wifi access point
| in pretty much all wireless aps already supports it. You
| can supply a list of mac address to psk or obtain the psk
| from radius server. The mac address is provided as the
| username, all your need to do is return a different psk
| depending on the mac address. I have POC code lying around
| I should probably publish somewhere.
|
| Like pointed in sibling comments, it is pretty trivial to
| clone a mac address so if you were to dump a "unique" psk,
| all you need is the mac address that goes with it.
|
| What it does gain you though and that is a big plus in some
| situations, is the ability to revoke a single psk without
| having to reconfigure all your client devices. That is very
| useful.
|
| The onboarding is a little bit wacky though. You need an
| easy way to get the client mac address, generate a unique
| psk for it, save that in your config, then attempt
| connection....
|
| One way I would like to explore is have a "next available
| psk" easily available, for example in an app available to
| the network administrator. When hostapd asks for the psk
| associated with unknown/never seen before mac, return that
| default PSK and save it as associated with that mac on
| succesful connection, then regenerate a new default PSK for
| the next device.
|
| This way, an admin can share the password or onboard new
| devices easily. You don't need to know the mac address of
| the client in advance.
|
| If you need to revoke access for a device, just revoke the
| psk that was associated with it.
| lxgr wrote:
| Ah, yes, PSK per MAC is an interesting option and seems
| to be used by some enterprise Wi-Fi solutions already as
| well. I didn't know that hostapd supports it as well,
| that's nice!
|
| Another option comes to mind, thinking about it some
| more: The standard could be extended (or a proprietary
| extension added) to make the PMK something like Hash(PSK,
| SSID, client MAC), or Hash(Hash(PSK, SSID), client MAC)
| for a bit more backwards compatibility.
|
| That wouldn't help against clients that just store the
| PSK (hash), of course, and clients would in fact need to
| do that to allow sharing the access, but it would offer
| some marginal security benefit (for other clients on the
| network) against attacks on clients that do implement it.
| thekingshorses wrote:
| Ruckus offers one time PSK and PSK per vlan. Very easy. I
| started seperating my home devices on a different vlan.
|
| Mikrotik, you can associte PSK with mac address. it's not
| easy to setup but basically, PSK & mac address need to
| match in order to access the network. I think it also puts
| user in the configured vlan.
| lxgr wrote:
| That only works in a model where you only have one AP per
| SSID, but many networks have multiple APs, and not all of
| them have a central controller.
|
| If you have a single AP and replace that for some reason,
| you'd also need to enter the PSK again on all clients.
|
| WPA-PSK seems like a pretty bare-bones protocol, but if you
| consider the constraints it has to operate in, it's
| actually not that easy to come up with something better
| (other than the omission of ephemeral key exchanges through
| something like Diffie-Hellman, which was only added in
| WPA3, but would not help in this threat scenario in any
| case).
| ranting-moth wrote:
| Although I can easily envisage a criminal org sending someone
| into a hotel, bank, etc. to steal a device if the payoff is
| high enough.
| xoa wrote:
| Eh. It's certainly not great practice though not stunning given
| how utter crap 99% of IOT WiFi seems to be. That said the author
| gets a bit overdone, and not just in brushing over the physical
| access requirement bit.
|
| > _Storing passwords in plain text is a major security risk in
| hotels or businesses using the devices on their internal or
| private wireless networks, giving any potential attackers access
| to any other equipment on this network or allowing them to create
| a rogue network and redirect traffic or conduct a MITM (man-in-
| the-middle) attack._
|
| Nah, unless it's a truly awful network even for a prosumer let
| alone any organization. Even with IOT, ever more widespread PPSK
| support (which I'd consider a must have for anything greenfield
| at this point) makes segmenting devices onto their own tightly
| firewalled VLANs trivial. Normal user interactive devices
| (computers, smartphones, tablets etc) should all be using VPNs
| for internal access and just not trust the WiFi at all, or at the
| least again have their own VLANs. These devices should all
| support WPA-EAP as well so that's another option, and can just
| use certs and do away with passwords entirely. If IOT wasn't such
| crap that'd be an option there too but such is life.
|
| It would be fair to say this is all still more complex then it
| should be, all the tech pieces are in place to make this vastly
| easier even for the non-technical, the UX is poor in a bunch of
| respects. And I'm sure there are plenty of small businesses who
| just run flat networks, maybe with a guest wifi. But that's an
| issue _anyway_ , and I don't think someone physically stealing an
| Echo and dumping its eMMC to get at their WiFi password is floor
| level on their threat model. More like "the desk machine has a
| password of abc123 and is left unlocked while the elderly B&B
| lady goes and makes breakfast for guests" and frankly who is
| breaking in looking for that anyway? It's egg on Amazon's face
| for sure, absolutely embarrassing for a company of that size and
| product line that big, and that it's exposed in plaintext on the
| fs might chain a remote exploit in interesting ways, but not if
| physical access is required. And again, organizations actually
| facing threats really just shouldn't be trusting WiFi much
| anyway. It's not that secure even in theory and implementations
| are a mess and probably always will be.
| Dragon863 wrote:
| Thanks for the feedback! It's the first time I've written
| anything like this, and I'm currently studying computer science
| so I appreciate the corrections as they help me improve my
| knowledge of the field :)
| xoa wrote:
| No problem, good for you both for digging into it at all and
| then actually writing it all out, good little exercise to go
| through and poke at for sure! Network security is its own
| entire other specialization and despite working in it there's
| always new stuff to learn and new challenges. And the mess
| and issues of the WiFi standards process is an entire book
| itself.
|
| I guess the one generalist suggestion I'd have for you just
| for security overall is to always try to consider the overall
| threat scenario and "economics" of given attacks when judging
| seriousness for clients. It's easy to theorycraft purely in
| terms of hardware or software and get lost in the weeds of
| attacks that don't actually make any sense. All "security"
| overall is about the economics between how much it costs to
| defend and attack and what the value gained/lost is. So
| things that scale very well, like pure software remote
| exploits, are huge risks since somebody can run attacks near
| or fully automatically dirt cheap/free at mass scale and do
| so in a way that can be hard to trace back. Thus even those
| with very few resources are at risk, if the attack is free to
| the attacker then anything at all is profit. In contrast an
| attack that requires in person access doesn't scale at all,
| it must be done each time by an actual human actually going
| out there. And that entails major physical risks as well. So
| while expensive to defend against, it's also expensive to
| execute and thus won't happen unless a lot of value is
| available, and naturally individuals/organizations in that
| position (lots of money or high value assets) tend to have
| the resources themselves to take action.
|
| Anyway, "engineering is the art of the possible", getting the
| best bang for the buck matched to what clients or employers
| need sometimes is part of the real challenge. Good luck with
| everything!
| xyzzy_plugh wrote:
| This isn't particularly interesting, though the steps to get
| access are nicely done.
|
| Most devices of that era including many Android phones lacked any
| sort of secure enclave for tamper proof secret storage or
| encryption. I believe the early Echo stored the wifi password
| using a weak block cipher and a fixed key, like Kindles. Given
| the password needs to be eventually decrypted in software, any
| sort of encryption like this is effectively obfuscation. Physical
| access is far, far worse!
|
| I think folks forget how much security innovation there has been,
| and become accessible to consumers, in the last decade. It wasn't
| too long ago that SSL was considered a luxury.
| vrglvrglvrgl wrote:
| [dead]
| mavili wrote:
| The bulk of the article kinda revolves around storing wifi
| passwords unhashed.. and then at the end "Edit: hashed passowrds
| are used to connect to wifi, so hashing is not a solution".. erm,
| so what is the point of the article then?
| Dragon863 wrote:
| As others have pointed out, even hashed passwords can be used
| to connect to a network. However, storing the password in plain
| text is an embarrassment for a company as big as Amazon, and
| they should at least be stored in a non readable format if not
| encrypted. The physical access necessary does make the exploit
| less dangerous, though. You asked what the point of the article
| was, I think this could also be a starting point for running
| our own software on these devices, especially as there is a
| kernel for the mt8163 available on github from the postmarketos
| project
| AshamedCaptain wrote:
| I really don't agree here. There are many arguments for
| storing plaintext passwords in, well, plaintext, rather than
| behind pointless obfuscations. Expressed quite concisely by
| Pidgin authors many years ago:
| https://developer.pidgin.im/wiki/PlainTextPasswords
| mavili wrote:
| After hearing you're 14 I don't want to turn this into an
| argument really, but please note just because something
| "sounds" embarassing it may not be actually. Like others have
| pointed out, physical access to the device means many other
| measures that can be taken to protect security is not valid
| anymore. If there is no real need or security benefit for
| that password to be stored in anything other than plaintext
| then Amazon doesn't need to go out of their way to save any
| "embarassment".
| Dragon863 wrote:
| I agree that physical access is a major limitation, yet it
| is something that could easily be resolved with an OTA
| firmware upgrade or by simply informing users how their
| password is stored. I personally think that physical access
| should still be considered when designing products like
| these, even if it is a more remote possibility.
| atomicnumber3 wrote:
| I thought this was really excellent technical writing given I'm
| not sure the author has had an English class that actually
| covers anything beyond grammar and basic literary analysis yet.
| UncleEntity wrote:
| I'm over 50 with a college degree and haven't had an English
| class that actually covers anything beyond grammar and basic
| literary analysis yet.
| someweirdperson wrote:
| Whoever has an Alexa on their network doesn't have anything to
| hide (doesn't care about privacy). Exposing the wifi password on
| top of that doesn't seem to be a big deal, when full access has
| already been granted to an evil device.
| gbear605 wrote:
| It depends on your threat model. If you're worried about Bezos,
| Amazon, or a government, Alexa is absolutely a privacy risk. If
| you're worried about wide attacks or a script kiddy coming
| after you, Alexa is probably not the main vector of attack
| here.
| hamilyon2 wrote:
| One of my favorite iot-wifi stories is about Bluetooth-enabled
| iqera lightbulbs and them connecting to private wifi. You have to
| send your wifi password cleartext to some Chinese server during
| setup phase. Yes, this is the only way to set up these
| lightbulbs.
| thekingshorses wrote:
| Any hotel that uses Alexa devices are vulnerable!
|
| I hope google chromecast don't show the password.
| exelib wrote:
| Cool blog post. One thing I am not sure about. If access to WiFi
| can lead to the mentioned or other risks, then something else is
| probably seriously wrong in the chain.
| an-allen wrote:
| So the idea of shorting that capacitor... how did you reason that
| doing that would keep that chip from starting?
| Dragon863 wrote:
| Two reasons: 1. Mediatek processors have a preloader,
| essentially a bootloader, which checks the emmc for a bootable
| partition, and if it cannot find one (or the emmc is not
| functioning correctly) it will load bootrom mode. This is what
| amonet exploits. 2. When using amonet on kindle devices, a
| similar method was used to force the device into bootrom mode
| as Amazon didn't provide a hardware key to do this
| [deleted]
| draugadrotten wrote:
| A very inspiring thing about this article was the bio: "Hi there!
| I am Daniel, a 14 year old developer whose interests include
| cybersecurity and hardware hacking, low level hardware, web
| design, and linux."
|
| I look forward to seeing what you do 10 years from now. Keep it
| up!
| swayvil wrote:
| He lives underground and tells time with a cesium clock, as
| science intended.
| toomuchtodo wrote:
| This too was my favorite part. Inspiring. Great things ahead
| for this young human.
| dcow wrote:
| If he can write a correct Makefile like this at 14 then a
| truly formidable foe is on the rise, indeed.
| lopkeny12ko wrote:
| Am I missing something here? The Makefiles seem very
| standard for a C/C++ project, and could have been easily
| replicated from a tutorial or example project without much
| modification.
|
| Not suggesting that the work is not impressive, but the
| kids of today grew up in the era of computers and the
| Internet, and a lot of problems that were hard for you and
| me are no longer hard today.
| fundad wrote:
| 24 years in the industry and 24 years of "it's knowable,
| didn't you know it already?" arrogance.
| grepfru_it wrote:
| >and a lot of problems that were hard for you and me are
| no longer hard today.
|
| I spent my teenage years learning and understanding
| sendmail milters. I got to a point where I could write
| them from scratch. Guess how useful this knowledge is
| today...
| uncanneyvalley wrote:
| > Guess how useful this knowledge is today...
|
| But today, the useful bit is the process you learned to
| obtain that level of mastery.
| BolexNOLA wrote:
| It used to be incredibly difficult for me to edit 4K
| footage on my computer. What's your point? How does that
| undermine what young editors are doing now with 4K and
| beyond?
|
| All my work arounds and tricks are completely useless
| today. There is some broader knowledge and problem-
| solving I learned I'm sure, but ultimately a lot of the
| tools I learned over the past 15 years are completely
| useless now and those youngsters are now overcoming their
| own obstacles!
| Dragon863 wrote:
| Hi there! I wish I could claim that I wrote the Makefiles,
| but my knowledge of C is very limited and all the credit
| for that goes to xyzz, who created the original exploit
| intended for Amazon kindles. I simply created a fork that
| would work with the echo using the same CPU, the original
| code is here: https://github.com/xyzz/amonet
| anileated wrote:
| This is why I love the old pre-LLM world. Can't help but
| imagine that already now many people just get the very
| same code suggested by Copilot and never even learn about
| the existence of the original author--whom they wouldn't
| be able to credit even if they wanted to.
| anileated wrote:
| (The corollary being, of course, if that recognition and
| pride in one's work are what drives people to do original
| research and share it openly in the first place, why
| would they do it now in this brave new world?)
| [deleted]
| squirtle24 wrote:
| I highly doubt this was truly written by a 14 year old. Perhaps
| someone fudged their age to try and make the content go viral?
| The GitHub profile is 3 weeks old but it's clear this ain't his
| first GH profile, and there are commits for SEO optimization!
| The English skill alone seems too advanced for that age level.
|
| Maybe he really is a genius but I've become far more cynical in
| recent years, don't believe everything on the internet! By the
| way, I'm 12 years old.
| pcthrowaway wrote:
| > The English skill alone seems too advanced for that age
| level.
|
| Anyone can write with this level of skill now. Just have
| ChatGPT give you suggestions for improvements
| Dragon863 wrote:
| Sorry, but I'm definitely 14! I created a separate profile
| because I didn't want anybody (i.e. Amazon) to be able to
| trace it back to my main account and find my full name. I
| usually do more web development in my spare time, so this was
| a completely different experience for me, hence the
| misunderstanding with hashing passwords. Also, I didn't write
| this from scratch, as you'll see on the GitHub page it's a
| fork of a project to jailbreak kindles, but thanks for the
| positive feedback!
| dang wrote:
| Congratulations, you've been initiated into the long and
| cranky tradition of "no way was that the work of an X-year-
| old" on the internet!
| LoganDark wrote:
| You're awesome. I did stuff like this when I was 14, but
| didn't have the skill to write about it (and still don't)
| due to autism. But on the other paw, your article seems
| really well-written!
| bosie wrote:
| do you mind explaining why your writing skills are
| limited by your autism? Sorry if I am misreading you.
| danShumway wrote:
| To the author, you should absolutely wear it as a badge of
| honor that people have looked at your technical writing and
| said, "no, I don't believe that you're 14."
| xgg3513 wrote:
| [dead]
| colordrops wrote:
| 14 isn't that young. I was running BBS built and modded using
| C when I was 14 back in the late 80s, and it's much easier to
| get deep into tech now. I'm no genius.
| 1970-01-01 wrote:
| The exact same things were said about geohot.
| dmd wrote:
| As the original 14 year old on the internet (see my entry in
| the NET.LEGENDS FAQ), I'm glad 14 year olds on the internet
| are still going strong - and making a better go of it than I
| did.
| whoibrar wrote:
| Learned this today, Great to see the progress you've made
| over you the years.
| selectodude wrote:
| I'm cynical too, but if somebody lied about their age to do
| it for the clout, that's weird and whatever, let it go. If
| they did it to try and get noticed, it's not like they're
| going to get a job out of it. They're either actually 14, or
| they're a total weirdo liar that you're absolutely not going
| to hire.
| FartyMcFarter wrote:
| > I've become far more cynical in recent years, don't believe
| everything on the internet! By the way, I'm 12 years old.
|
| Amazing level of cynicism for a 12 year old, I'm impressed.
| drzaiusx11 wrote:
| Back in my late teens I collaborated with a 13yo that had
| written an entire NES emulator himself. These people exist.
| [deleted]
| chirau wrote:
| Did he also write this blog post? It sounds a bit too advanced
| and informed for his age.
|
| This is not meant to doubt him or anything, but the legal stuff
| makes me wonder whether it was solely him who wrote it.
| seba_dos1 wrote:
| It sounds more or less like something I could write when I
| was 14 years old, perhaps even including the misunderstanding
| of what WPA-PSK hashing does.
| copperx wrote:
| I agree. There are still some posts on Usenet archives that
| I wrote when I was 14, and there are no telltale signs that
| they were written by a 14 year old, except for not
| understanding certain programming conventions.
|
| I wasn't particularly bright. I think we underestimate the
| capabilities of children.
|
| I see no reason a 14 year old shouldn't be able to program
| and say, do multivariate calculus. If anything, they are
| more intellectually capable than someone going through the
| pains of late adolescence.
|
| Crystallized intelligence at that age might be low, but
| fluid intelligence is at or near its peak.
| xupybd wrote:
| I suspect you are smarter than you give yourself credit
| for. Many 14 year olds could not have written that well.
| That's totally okay and they can still learn how to later
| in life.
| mistrial9 wrote:
| A smart 14 year old can often out-think adults in my
| experience, because adults are weighed down by 'adult'
| content like power relationship between the speakers,
| social appropriateness, real or imagined legal
| obligations, yesterday's news, thirst for alcohol and
| triple-X sex, you know "everyday stuff" whereas the 14
| year old is relatively unburdened by all that baggage.
| What a 14 year old lacks is 14 years of reading on a
| subject, of course, or previous training. YMMV
| aj7 wrote:
| Well said.
| wyager wrote:
| > I think we underestimate the capabilities of children.
|
| Probably to a large degree because we lock them up in a
| room all day where they spend their time listening to
| information targeted at the bottom decile of the room.
| Dragon863 wrote:
| I'd have to say free time is also a huge factor! I have
| exams coming up, but for now in free to hack stuff in my
| spare time. I was also looking into newer echo models,
| according to hackaday they have a hidden debug port but
| still use mediatek processors, maybe I'll buy one on ebay
| in the future and have a look...
| uncanneyvalley wrote:
| I was given a 3rd gen dot at a conference and haven't
| even set it up. It's yours if you want it.
| aj7 wrote:
| When I think about it, I could have done algebra by the
| 5th grade, calculus by the sixth, etc. But what is not
| being considered is what's going on with those neurons,
| at this time, instead. It is not obvious that maximizing
| purely academic results is optimal.
| aj7 wrote:
| If he were older, it would be more stilted and self-
| congratulatory.
| Dragon863 wrote:
| Just me, I'm currently studying computer science. Sorry for
| the misunderstanding of hashing, I've updated the page with a
| correction
| KennyBlanken wrote:
| [flagged]
| d23 wrote:
| He's 14. Cut him some slack.
| heywhatupboys wrote:
| oh sorry, I didn't realize HN was a children's TV show!
| Tell me, at what age of the authors are we allowed to
| discuss the articles posted here?
| phanimahesh wrote:
| The same age when one learns to comment without snark,
| probably.
| xupybd wrote:
| Your points are valid and you can discuss them here.
| However your tone is the problem.
| mustacheemperor wrote:
| You're actually expected to act civilly and respectfully
| to everyone regardless of age.[0]
|
| I assume something else must be upsetting you today to
| have this kind of reaction to this post, hope it
| improves.
|
| >Be kind. Don't be snarky. Converse curiously; don't
| cross-examine. Edit out swipes.
|
| >Please don't fulminate. Please don't sneer, including at
| the rest of the community.
|
| [0] https://news.ycombinator.com/newsguidelines.html
| heywhatupboys wrote:
| > regardless of age.
|
| that is the entire point. The parent I was replying to
| was specifically stunting our discussion because of "age"
| ricktdotorg wrote:
| There are "corporate versions" of Amazon Alexa devices
| specifically made for sale to & for use in hotel rooms[1].
| It's called Alexa Hospitality[2] and it does not need to pair
| to an Amazon account for you/anyone to use it.
|
| Many high end hotels/long-stay furnished apartments have
| Alexa devices in them.
|
| [1] https://www.theverge.com/2018/6/19/17476688/amazon-alexa-
| for...
|
| [2] https://developer.amazon.com/en-US/alexa/alexa-for-
| hospitali...
| endymi0n wrote:
| Sounds exactly like my own feeling of superiority after my
| first hacks as a teenager. Dragon, as a greybeard who used to
| do equally dumb and great stuff like you... don't let how
| people judge you ever stop you from hacking. Rock on!
| HaZeust wrote:
| You sound upset that a 14 year old already knows how to play
| the "text-fluff" game?
| unreal37 wrote:
| Having a bad day? I hope it gets better.
| TheHappyOddish wrote:
| Thanks for adding that. I thought it was odd he was discussing
| `wpa_supplicant` in the context of Android, it makes a lot more
| sense if he's not a greybeard!
| Dragon863 wrote:
| Hi! Thanks, when I write this I didn't realise that android
| used wpa_supplicant by default to manage wifi connections
| sfmike wrote:
| shows the powerful of self taught path versus schoo/being
| taught you find things intrinsic on your own that others
| take for granted but this also gives you a deeper
| understanding
| majormajor wrote:
| I'd wager most folks who know about wpa_supplicant didn't
| learn about it in school. Hacking around wifi on laptops
| wasn't a school thing, it was often the same sort of
| thing this is... self-exploration.
|
| Just depending on age you might refer to it as "a tool
| called wpa_supplicant to manage its wireless connections,
| which is not uncommon on older android versions" vs
| "wpa_supplicant, an old standby Linux wifi management
| program" or somesuch.
| fsckboy wrote:
| I don't agree that it's one or the other. He obviously
| clever and driven with stamina and a desire to make his
| mark. He can do great things with an education also.
| waboremo wrote:
| In an ideal world that's true, but a lot of really bright
| kids wind up becoming educationally restless, and fall
| into traps of not seeking higher education because of how
| slow it is. Also due to them being quite gifted, they
| develop some of the worst study habits due to the rest of
| the classes holding them back. When push comes to shove
| and they actually need good study habits they tend to opt
| for dropping out or drugs to push through. Lots of gifted
| kid papers about this phenomenon.
|
| Thankfully there are some programs now where kids like
| that can still thrive under a job+degree hybrid (and no I
| don't mean that one co-op semester). The work gives them
| real experience and a faster pace, the degree secures a
| stable foundation to provide that work context. So maybe
| when OP is of age the programs will be less limited and
| accept more students.
| fsckboy wrote:
| > _In an ideal world that 's true, but a lot of really
| bright kids wind up becoming educationally restless, and
| fall into traps of not seeking higher education because
| of how slow it is._
|
| in our real world, most of the people making cutting edge
| breakthroughs in math and science were gifted kids who
| got a great education through graduate school.
| brewdad wrote:
| True though some ended up underemployed as patent clerks
| along their journey to the cutting edge. In an ideal
| world, those years would have never been "lost".
| kube-system wrote:
| What the above commenter is referring to is that
| wpa_supplicant was also commonly used on Linux systems
| years before Android ever existed.
| SSLy wrote:
| it's still also used as the backend for NetworkManager's
| handling of WiFi
| Py815-dev wrote:
| I realised this was the case for linux, but I assumed
| Amazon had simply ported it to android rather than it
| being included in AOSP
| bhhaskin wrote:
| Android _is_ Linux. Just heavily modified. So it makes
| sense a lot of tools and utilities were ported over.
| justsomehnguy wrote:
| Android _is not_ Linux but uses Linux kernel and part of
| tooling.
| 1vuio0pswjnm7 wrote:
| Linux is a kernel. True or false.
|
| What is GNU.
| acapybara wrote:
| GNU is an ecosystem of free software.
|
| Linux is a kernel.
|
| People often refer to the whole system as Linux, but what
| they really mean is GNU/Linux.
| 1vuio0pswjnm7 wrote:
| What is an ecosystem. What is an organism.
| teaearlgraycold wrote:
| How the hell do you define Linux then?
| ge96 wrote:
| rpi uses it too headless
| an_ko wrote:
| Is this that big of a deal? Surely by the time someone has
| hardware access, the game is over. The keys need to be decrypted
| into memory to use them, and nothing stops someone with hardware
| access from dumping that memory. No amount of encryption beats a
| soldering iron.
| tinus_hn wrote:
| Even worse, that hashed key they are proposing is plaintext
| equivalent, it has the same access as the password (actually it
| is the real password, the PSK). And while for normal passwords
| there is the argument the password is more valuable because
| people reuse them, that doesn't really apply for WiFi unless
| people use the same password for different SSIDs
| voxadam wrote:
| It seems that it could be a pretty big deal to people who toss
| their old devices in their curbside trash to upgrade or
| otherwise discard their old Echo devices.
|
| Most people don't have the background to understand that
| attacks like this are possible. Hell, the other day I almost
| chucked a couple of old 11n era APs flashed with OpenWRT into
| the trash until I remembered that there's some incredibly
| sensitive data (SSID, key, logs, etc.) stored in a manner that
| likely wouldn't hold up to a physical attack.
|
| I _do_ have the understanding of attacks like this and in a
| moment of haste to decluter my home office I nearly opened
| myself up to an attack like the one described in this post.
| josephg wrote:
| Are wireless network passwords really that important? What is
| the threat model here? I'm trying to figure out the downside
| risk. Someone finds out your wireless password, figures out
| your address via an AGPS lookup and then ... drives to your
| house and what? Steals your internet? Projects something on
| your smart tv? Turns your insecure smart lights on and off?
|
| I can imagine that being effective as part of a complex spear
| phishing attack against a celebrity or something. But if
| someone dumpster dives and ends up finding my wifi password,
| why should I care?
| tspike wrote:
| Identity theft is the first thing that comes to mind
| squarefoot wrote:
| That's why old devices must be properly cleaned of personal
| data before being sold or discarded. I buy most of my devices
| (network stuff, APs, laptops, etc) either as refurbished or at
| flea markets. If I was a malicious actor I could have easily
| taken advantage of many people who didn't delete their data,
| including WiFi settings, from a device they gave away, so
| although devices are used in relatively safe places like home
| or workplace where it would be impractical if not impossible to
| gain physical access for the time necessary to exfiltrate
| sensitive data, that becomes trivial if the device is
| discarded/sold without taking proper measures to delete any
| sensitive data it could still contain.
___________________________________________________________________
(page generated 2023-04-01 23:00 UTC)