Wi-Fi for IoT – a boon or a bane?

Internet of things is hot now. But what technology should be used to interconnect those devices? Over the years there were multiple contenders, but Wi-Fi was always a bit aside, since it was always perceived as not too energy-efficient. Until recently…

Here’s a picture from a chip maker Rockchip, claiming (claiming!) that their Wi-Fi chip is the most efficient, overperforming even the specially designed ZigBee and BLE chips.

RockchipWiFi

While this seems as a reason to rejoice, promising greater speeds and technology convergence, I’d like to point one thing: 802.11b. Not n, not g, but b. Remember the protection modes, airtime fairness and other nightmares? They might come back in legions. And stay for what seems forever, as Rockchip claims “powering an IoT device for up to 35 years with a single AAA battery”.

What do you think? Is energy-efficient 802.11b chip a boon or a bane for modern WLANs?

P.S. News via SmallNetBuilder – excellent website, whose author is doing great job finding relevant news and testing devices. http://www.smallnetbuilder.com/wireless/wireless-news/32743-rockchip-unveils-iot-wi-fi-soc

How long will it take to h@ck y3r Pa$$w0rd?

Ever been annoyed by those password policies that say “One digit, one uppercase, one lowercase” and then cap your password at, say 12 characters? Are those passwords secure these days, when cheap processing power is freely available ? A while ago I’ve stumbled upon an article where, among other info, some really interesting data was shared about how long it takes to crack standard crypto hashes used for password encryption in WLANs, web sites and operating systems. This prompted for a refresher in password security and brute-forcing performance. The numbers are worth sharing.

(more…)

Bypassing Android security via backups (PSK recovery)

In my recent Android trainings and the Android security talk I gave at AppForum 2014 I was asked to provide a sort of a demo that can be easily replicated to explain the importance of maintaining a proper security posture. So I created a script that ‘recovers’ PSKs from the device and displays them.

Before moving on, a brief disclaimer: Android (or iOS, or Windows) are pretty secure, it is up to the user how much of this security is traded for convenience (or ignorance).

(more…)