Which brings me to part two, MeshMarauder.
An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.
MeshMarauder will demostrate:
- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages
https://meshmarauder.net
#defcon #meshtastic #meshmarauder #cybersecurity
My first thought would be to encrypt the profile broadcast with your private key and then broadcast it and then broadcast the public key second. That way, if the public key was not correct, they could not decrypt the profile broadcast at all.
Then again, I’m just a normie, so that’s just a thought from somebody who doesn’t fully understand the intricacies, so I could be way off base.
In asymmetric encryption, the private key is used for decrypting things which were encrypted using the corresponding public key. You don’t encrypt things using the private key.
The problem here is that Meshtastic doesn’t have any means whatsoever of ensuring that a public key is authentic, and they allow keys to be replaced at any time. Verifying keys out-of-band would be the most secure approach, but to enable encryption between nodes who don’t do that the thing Meshtastic should be doing is ssh-style TOFU (meaning that users must explicitly acknowledge when a key changes before using the new key).
I may be thinking of signing. The idea is that you would have a message that’s only proven to be authentic if you get the corresponding key. I probably just have the wrong terminology or something.
Yes, you can make a signature using the private key and anyone can verify it using the corresponding public key.
But, if the attacker can replace the public key they can also replace the signature with one made using their own key - so this doesn’t solve the problem of keys being unverified.
If public keys were actually verified, signatures could protect the other fields in the profile packet from being modified. You could also theoretically use signatures to authenticate key rotation, by signing a packet containing your new public key using your old private key. But this doesn’t really work in the unreliable radio setting where some messages are likely to be missed.
My first thought would be to encrypt the profile broadcast with your private key and then broadcast it and then broadcast the public key second. That way, if the public key was not correct, they could not decrypt the profile broadcast at all.
Then again, I’m just a normie, so that’s just a thought from somebody who doesn’t fully understand the intricacies, so I could be way off base.
In asymmetric encryption, the private key is used for decrypting things which were encrypted using the corresponding public key. You don’t encrypt things using the private key.
The problem here is that Meshtastic doesn’t have any means whatsoever of ensuring that a public key is authentic, and they allow keys to be replaced at any time. Verifying keys out-of-band would be the most secure approach, but to enable encryption between nodes who don’t do that the thing Meshtastic should be doing is ssh-style TOFU (meaning that users must explicitly acknowledge when a key changes before using the new key).
I may be thinking of signing. The idea is that you would have a message that’s only proven to be authentic if you get the corresponding key. I probably just have the wrong terminology or something.
Yes, you can make a signature using the private key and anyone can verify it using the corresponding public key.
But, if the attacker can replace the public key they can also replace the signature with one made using their own key - so this doesn’t solve the problem of keys being unverified.
If public keys were actually verified, signatures could protect the other fields in the profile packet from being modified. You could also theoretically use signatures to authenticate key rotation, by signing a packet containing your new public key using your old private key. But this doesn’t really work in the unreliable radio setting where some messages are likely to be missed.
Yeah, you absolutely need trust on first use and not allowing a new key to be used until the user has said that they trust it.
Oh, definitely, when keys change, you should be required to acknowledge the new key.