Mike was a sensation at DEF CON 25 this year, where he showcased his work called WiFiCactus, a tool that passively listens on 50 channels at the same time thanks to 25 Hak5 Pineapple Tetras. Needless to say that his creation garnered some serious enthusiasm.
This November, he’s coming to DefCamp to tell us all about his machine and what can be done with it! And this is not everything – we’ve team up with Mike in order to integrate WiFiCactus into our WiFi Pwned Board. All attendees will be able to see in real time what his tool discovers during DefCamp.
Wifi PWNED Board is one of the main activities from Hacking Village activities where we friendly want to remind you how important is to connect to untrusted networks in a responsible way.
WiFi Pwned Board is sponsored by Orange Romania who will also be in charge with providing secure WiFi connections for all attendees during DefCamp 2017.
In anticipation of his talk, we had a quick chat with Mike on his passion for wi-fi security and other hot topics in infosec.
First, we were curious to find out Mike’s take on people’s easy-going attitude towards Wi-fi delivered cyber attacks.
“I believe the reason why people are so oblivious to WiFi cyber attacks is due to the large scale adoption of wireless technology mixed with the demand for convenience for the end user. I think right now the most important threat is Broadpwn. I’ve been following its progression from the time of public disclosure and I believe this attack vector, once fully weaponized will be devastating to the huge pool of Android devices running non-patched versions.”
Patching will most likely never go out of fashion as a key infosec topic, by all accounts. As unglamorous as it may be, we still need to cultivate a patching habit. Vulnerabilities aside, we wanted to dig deeper and find out what excites Mike about Wi-fi security so much (and why).
“I’m most excited to tackle wireless cyber security issues because it consists of privacy and security. I think it is imperative to explore the devices we trust to understand what they are capable of, especially since device manufactures are restricting access to device details.”
But how do we make people care more about properly securing their devices? Mike is also against using the FUD principle (Fear, Uncertainty and Doubt). “I think that infosec tactics that drive fear without providing findings or steps to replicate are overrated. These tactics seems to be driven by the ego and not by the hacker mindset.”
Speaking of mindset, we also wanted to pick Mike’s brain on how he sees security habits evolving in younger generations.
“I think that they are more aware of cyber security risks because the results of poor security are making headlines all too frequently. I also believe that younger generations have much more access to technology than any other generation before them which lends itself to having increased awareness.”
So what resources are available for those who not only care about cyber security, but also want to make it into a career?
“The amount of resources available is truly amazing! There are awesome books, conferences, trainings and videos that are very affordable if not free. Students should begin by finding out which avenue of infosec they want to pursue and then find videos and books to support that. I think learning a programming is a key required skill and should be the top priority for students. Understanding *nix environments and being able to properly managing them is also extremely helpful.”
And when it comes to high-profile hackers, we wanted to touch on a hot issue in the community: @MalwareTechBlog’s arrest and its impact on the relationship between government institutions and whitehat hackers. “I think that we’ve already been seeing some of the fallout from @MalwareTechBlog’s situation. A number of people have publicly stated that they are concerned deeply about the situation and will think twice before disclosing information. It will be interesting to see how this situation plays out and I hope for the best for @MalwareTechBlog.”
We want to thank Mike for taking the time for this interview and wrap up with a taste of his mission at DefCamp: “My key message is that it is important to monitor the WiFi around you so that you can protect yourself and understand the potential threats. I hope the audience remembers me for my passion for wireless.”
See you soon with more nuggets of wisdom from top INFOSEC experts around the world, who will be joining us on November 9-10 in Bucharest! I hope you already got your tickets!
The interview & editing was made by Andra Zaharia.
DefCamp 2017 is powered by Orange România and it’s organized by the Cyber Security Research Center from Romania (CCSIR) with the support of Ixia, a Keysight Business as a Platinum Partner, and with the help of Bitdefender, SecureWorks, Amazon, Enevo Group and Bit Sentinel.