Which brings me to part two, MeshMarauder.
An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.
MeshMarauder will demostrate:
- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages
https://meshmarauder.net
#defcon #meshtastic #meshmarauder #cybersecurity
Yeah, I didn’t have any current expectations about the privacy, anything beyond security-by-obscurity which is absolutely not reliable for any important private conversation.
I’m pretty much chatting with complete strangers on the network anyway, and the usefulness I see is as a secondary communication band if traditional networks aren’t available in a crisis. The PSK sounded more like a channel filter than an encryption mechanism to me anyway (I hope my past comments describing meshtastic were clear about this).
I’m all for identifying these flaws and fixing them, improving the protocol in future version so that maybe eventually it can be suitable for sensitive information than hobbyist blather or emergency info.
Yeah, I just started messing around with Meshtastic, and it is apparent it’s more of a beta project. Has lots of little bugs, no real routing, etc. Seems like the user-base outpaced development. It is pretty cool though, and I hope they fix the glaring issues quickly.
Currently in Vancouver. I play with it on certain weekends only though so far with some Heltecs. I’ll be in Toronto next in the fall sometime (hopefully after the fabled Eglinton Crosstown opens 🤣).
Yeah, I didn’t have any current expectations about the privacy, anything beyond security-by-obscurity which is absolutely not reliable for any important private conversation.
I’m pretty much chatting with complete strangers on the network anyway, and the usefulness I see is as a secondary communication band if traditional networks aren’t available in a crisis. The PSK sounded more like a channel filter than an encryption mechanism to me anyway (I hope my past comments describing meshtastic were clear about this).
I’m all for identifying these flaws and fixing them, improving the protocol in future version so that maybe eventually it can be suitable for sensitive information than hobbyist blather or emergency info.
Yeah, I just started messing around with Meshtastic, and it is apparent it’s more of a beta project. Has lots of little bugs, no real routing, etc. Seems like the user-base outpaced development. It is pretty cool though, and I hope they fix the glaring issues quickly.
You’re in the GTA right? What’s your tag? I’m OO1, OO2, OO3.
Currently in Vancouver. I play with it on certain weekends only though so far with some Heltecs. I’ll be in Toronto next in the fall sometime (hopefully after the fabled Eglinton Crosstown opens 🤣).