Dr. M. Norman (UWC/CPUT Collaboration)

      Wi-Fi hacking with a Raspberry Pi and a Drone

                                                     Introduction

In today’s world it is easy to create a Wi-Fi access point using multiple devices such as cell phone hot spots found on Android, iOS, Blackberry, etc. Raspberry Pi s are becoming popular and cheap with features such as being Wi-Fi enabled, Bluetooth enabled, Ethernet enabled, etc. Power the Raspberry Pi using a Power Bank. The aim of this project is to building a tool on a Raspberry Pi that can automatically scan and attempt to connect to Wi-Fi networks with weak encryptions. This Raspberry Pi will be placed on top of a Drone and flown around campus. The aim of this project is to educate the candidate on the importance of strong password encryption especially for Wi-Fi networks. Step 1: The candidate should build a tool on a Raspberry Pi capable of connecting to Wi-Fi networks with basic Wi-Fi encryption key enabled on them. This connection attempt can be brute force or using rainbow tables or other technique of choice. The candidate should also build a Command and Control to store the list of Wi-Fi networks that were successfully connected to using the tool. Step 2: Using a phone, the candidate should setup dummy Wi-Fi hotspots using different encryption options and test that the hacking tool works as designed in step 1. Step 3: Mount the Raspberry Pi onto a drone and fly it around campus. When a new Wi-Fi network is encountered the Raspberry Pi should attempt to connect to the Wi-Fi network. Once the connection is successful the Raspberry Pi should send information back to Command & Control. The Raspberry Pi should attempt to connect to the network either using brute force or rainbow table or other technique of the choice. Step 4: Document findings and notify the owners of the Wi-Fi networks that were found to have weak encryption keys.

Output:

The output of this task is as follows:

  • Demonstration of working software (tracking tools and command & control).
  • Presentations as required by the department.
  • A Mini thesis sufficient for Honours credits.

     Free USBs with Malware

           Introduction

The idea of this project is to educate students and staff about Cyber Security awareness and the ease at which cyber-attacks can be launched. Step 1: The candidate will have to build a tracking tool using a platform of their choice and implemented a Command & Control machine with a database. The tool should automatically run on any operating system such as Mac OS X, Windows, Linux, etc. Step 2: Load the tool and dummy files & folders on USB drives. Example of the files or folders can be “exam scope”, or “personal information” or “CV”. Drop as many USB drives as possible around campus. Note down the location where the USBs were dropped. If possible take pictures from a distance of people picking up these USBs. Step 3: When the victims plug these USB drives into machines, the tracking tool should be able to gather basic information about the victim’s machine such as the operating system, version, last boot, numbers of hard disk drives, whether the machine is a public machine or personal machine. All this must be done as quickly as possible. Step 4: Track which files or folders on the USB drive the users clicked on. How long it took the user to format the USB. Research what other kind of attackers can be used this way. Step 5: Notify the victims that they were anonymously part of the project. Get them to fill in a survey.

Output:

The output of this task is as follows:

  • Demonstration of working software (tracking tools and command & control).
  • Presentations as required by the department.
  • A Mini thesis sufficient for Honours credits.

        Snooping IoT Devices with Raspberry Pi

                                               Introduction

Raspberry PIs are becoming popular and cheap with features such as being Wi-Fi enabled, Bluetooth enabled, Ethernet enabled, etc. The aim of this project is to have the candidate build an IoT snooping tool on a Raspberry Pi and track how many IoT devices the candidate comes into contact with as they walk around campus. Step1: Build an IoT snooping tool on a Raspberry Pi. Build a Command & Control machine which will communicate with the Raspberry Pi and keep track of information that is found. Step 2: Power the Raspberry Pi using a Power Bank. Step 3: Test and confirm that the snooping tool functions as designed. Step 4: The candidate should walk around campus especially in busy areas such as the Student Centre during lunch or lecture halls. The snooping tool should get the name of the device and send the information back to the Command & Control machine. The Command & Control machine should keep track of how many distinct devices of a certain type were found. If possible remove duplicates. Step 5: Document findings and educate students around campus.

Output:

The output of this task is as follows:

  • Demonstration of working software (tracking tools and command & control).
  • Presentations as required by the department.

A Mini thesis sufficient for Honours credits.