Joachim
Joachim boosted
KrissyKat
@KrissyKat@hoosier.social  ·  activity timestamp 18 hours ago

People are setting up Meshtastic nodes in Florida in anticipation of hurricanes.

I haven't noticed any coordinated nets around me, but it seems like it could be something good to have a weekly check in to get people used to using the system in a coordinated fashion.

A lot of people are amateur radio operators, so it wouldn't be hard to establish with some notice on the 0 channel.

https://youtu.be/s6Z6Z0Iizgg?feature=shared

#meshtastic #radio #weather
KrissyKat
@KrissyKat@hoosier.social  ·  activity timestamp 18 hours ago

People are setting up Meshtastic nodes in Florida in anticipation of hurricanes.

I haven't noticed any coordinated nets around me, but it seems like it could be something good to have a weekly check in to get people used to using the system in a coordinated fashion.

A lot of people are amateur radio operators, so it wouldn't be hard to establish with some notice on the 0 channel.

https://youtu.be/s6Z6Z0Iizgg?feature=shared

#meshtastic #radio #weather
Kody Kinzie
@skickar@infosec.exchange  ·  activity timestamp 7 days ago

Thank you to everyone who attended my #Meshtastic talk at #HOPE, focused on building your own nodes & emerging attacks demonstrated at #Defcon!

If you didn't catch it, it was recorded here: https://www.youtube.com/live/zxgoACKKH30?si=kbd3JDryZBfrAHd1&t=63
Stefan Wolfrum :mastodon:
@metawops@mastodon.social replied  ·  activity timestamp 2 weeks ago
@jonty @adamgreenfield Same observations here at my end. #Meshtastic is very indeterministic currently and I don't see a very active development community, either. 🤷‍♂️
bhaugen
Mre. Dartigen [maker mode]
Jess Mahler
bhaugen and 2 others boosted
Adam Greenfield
@adamgreenfield@social.coop  ·  activity timestamp 2 weeks ago

[Got what I needed, thanks – PLEASE DO NOT boost this further.] This is an open call for insight and help: I’m looking for guidance from folks who are familiar with to help me understand what would be involved in setting up and maintaining a national-scale and disaster-response (relief/recovery/“resilience”) network in the UK.
Adam Greenfield
@adamgreenfield@social.coop  ·  activity timestamp 2 weeks ago

How many devices would such a network need, to ensure adequate coverage everywhere it might be required? How rich a degree of communication is afforded by the current technical stack? What kind of budget would a local node need to have available, what sort of equipment and training would they have to arrange in order to access the network? These are the questions I’m looking to sketch out some answers for. Your help is *very* much appreciated. 👊
Ton Zijlstra
@ton@m.tzyl.eu replied  ·  activity timestamp 2 weeks ago
@adamgreenfield #meshtastic is LoRaWan based, isn't it? Then, can it piggyback on existing LoRa networks (e.g. for IoT https://www.thethingsnetwork.org/ )? I have a LoRaWan gateway running at the top floor servicing a bunch of other people's sensors around the neighbourhood. Perhaps existing docs from Thingsnetwork and other (commercial) LoRaWan service providers can give insight into coverage, range and throughput?
Adam Greenfield
@adamgreenfield@social.coop  ·  activity timestamp 2 weeks ago

[Got what I needed, thanks – PLEASE DO NOT boost this further.] This is an open call for insight and help: I’m looking for guidance from folks who are familiar with to help me understand what would be involved in setting up and maintaining a national-scale and disaster-response (relief/recovery/“resilience”) network in the UK.
Joy Denebeim
@denebeim@mastodon.deepthot.org replied  ·  activity timestamp 3 weeks ago
@geerlingguy is #meshtastic store and forward? If so it's as secure as bang path #uucp email
alcinnz
alcinnz boosted
nullagent
@nullagent@partyon.xyz  ·  activity timestamp 3 weeks ago

Which brings me to part two, MeshMarauder.

An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.

MeshMarauder will demostrate:

- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages

https://meshmarauder.net

#defcon #meshtastic #meshmarauder #cybersecurity
nullagent
@nullagent@partyon.xyz  ·  activity timestamp 3 weeks ago

The scale of meshtastics avoidance of building security into the design is pretty epic.

It allows for the formation of an entire mesh just for MITMing it.

This ONE liner here in the PKI attack means that once a node gets poisoned the key we created is based on the MAC so -anyone- who knows your MAC can read your MITM'd traffic.

When attackers run mesh marauder against the DEFCON 33 firmware they are all working together. Anyone in range can read the MITM'd DMs.

https://github.com/datapartyjs/meshmarauder/blob/channel-chat/src/lorapipe-raw-packet.mjs#L191-L193
nullagent
@nullagent@partyon.xyz replied  ·  activity timestamp 3 weeks ago

So when it's this easy to get a MITM going things like making posts in public chats as anyone you want feels kinda low key.

But I do hope that extended warranty works out, everyone seems pretty concerned about them.

#defcon #meshtastic #lora #cybersecurity
nullagent
@nullagent@partyon.xyz  ·  activity timestamp 3 weeks ago

Which brings me to part two, MeshMarauder.

An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.

MeshMarauder will demostrate:

- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages

https://meshmarauder.net

#defcon #meshtastic #meshmarauder #cybersecurity