Which brings me to part two, MeshMarauder.
An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.
MeshMarauder will demostrate:
- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages
https://meshmarauder.net
#defcon #meshtastic #meshmarauder #cybersecurity
As far as I remember, the end-to-end encrypted DMs are relatively recent thing in Meshtastic. Before, the messages were just encrypted with the symetric channel key.
The scale of meshtastics avoidance of building security into the design is pretty epic.
This is not an easy problem to solve. Each possible solution requires a trade-off.
As far as I remember, the end-to-end encrypted DMs are relatively recent thing in Meshtastic. Before, the messages were just encrypted with the symetric channel key.
This is not an easy problem to solve. Each possible solution requires a trade-off.