Post · bonfire.cafe

The scale of meshtastics avoidance of building security into the design is pretty epic.

It allows for the formation of an entire mesh just for MITMing it.

This ONE liner here in the PKI attack means that once a node gets poisoned the key we created is based on the MAC so -anyone- who knows your MAC can read your MITM'd traffic.

When attackers run mesh marauder against the DEFCON 33 firmware they are all working together. Anyone in range can read the MITM'd DMs.

https://github.com/datapartyjs/meshmarauder/blob/channel-chat/src/lorapipe-raw-packet.mjs#L191-L193

nullagent

@nullagent@partyon.xyz replied · 3 months ago

One of the exploits demonstrated is PKI poisoning, this is where we listen for a complete user profile and only change the public key to one we control.

In the case of mesh marauder we also add a little 🥷to the user name so people can see something is wrong.

If they never have seen this user before they will appear as a green contact.

If this is a contact they already knew the meshtastic app provides a warning but appears to replace the original key without user input.

nullagent

@nullagent@partyon.xyz replied · 3 months ago

The core issue to the above PKI poisoning attack is that NO core parts of meshtastics protocol is signed.

The user profile transmits the public key and there is no way to verify any of the information in it was even sent by that included public key 🙄

Nothing is signed and simply setting someone else's MAC address in the unencrypted header makes you that user.

nullagent

@nullagent@partyon.xyz replied · 3 months ago

The scale of meshtastics avoidance of building security into the design is pretty epic.

It allows for the formation of an entire mesh just for MITMing it.

This ONE liner here in the PKI attack means that once a node gets poisoned the key we created is based on the MAC so -anyone- who knows your MAC can read your MITM'd traffic.

When attackers run mesh marauder against the DEFCON 33 firmware they are all working together. Anyone in range can read the MITM'd DMs.

https://github.com/datapartyjs/meshmarauder/blob/channel-chat/src/lorapipe-raw-packet.mjs#L191-L193

nullagent

@nullagent@partyon.xyz replied · 3 months ago

So when it's this easy to get a MITM going things like making posts in public chats as anyone you want feels kinda low key.

But I do hope that extended warranty works out, everyone seems pretty concerned about them.

#defcon #meshtastic #lora #cybersecurity

nullagent

@nullagent@partyon.xyz replied · 3 months ago

There's been a ton of bad advice for the privacy conscious and in particular for activist to use meshtastic.

I think that's very bad advice, because meshtastic is in no way architected to meet modern security expectations.

I hope this provides the proof of the dangerously lacking state of security on meshtastic today and some tools to verify if it ever improves.

Expect a more detailed blog post of all the exploits and findings soon.

https://meshmarauder.net

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled