1. Forum
  2. spooknet
  3. SN SECURITY

  • Hacking Ethernet Over Powerline

    From warmfuzzy@700:100/33 to All on Sat Jan 6 16:26:36 2024
    The synchronize pairing of home to extension powerline boxes for the purpose of encryption can be sniffed. There is a very short window in which you can sniff the key exchange in some of the popular powerline ethernet adapters. Granted this would be a 10 second window, but if someone were to know when a person is going to pair, approximately then they could decrypt the crypto stream with relative ease, assuming you have some coding skills and a background in cryptography.

    Cheers!
    -warmfuzzy

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (700:100/33)
  • From debianz@700:100/71 to warmfuzzy on Sat Jan 13 19:11:54 2024
    I assume this would be easier to exploit with users who are connected to the grid. Would be interesting to see this exploited on a Solar power system with no grid connection.

    -Debian

    ... Peed skills! ...er, no... Pill skeeds! –F. Freddy

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)
  • From poindexter FORTRAN@700:100/20 to debianz on Sun Jan 14 10:40:00 2024
    debianz wrote to warmfuzzy <=-

    I assume this would be easier to exploit with users who are connected
    to the grid. Would be interesting to see this exploited on a Solar
    power system with no grid connection.

    Powerline hemorrages interference over HAM frequencies. It'd be
    interesting if you could somehow interpret that noise and do a MOTS (Man
    on the Side) attack - you wouldn't be in the middle, just eavesdropping.
    It wouldn't need a connection to the network, just a receiver.

    Although, they do some level of encryption, so you're back to needing to
    see the handshake between two adapters.



    ... The excited state decays by vibrational relaxation into the first excited
    t
    --- MultiMail/Win v0.52
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)
  • From debian@700:100/69 to poindexter FORTRAN on Mon Jan 15 19:26:09 2024
    On top of that, you would need to know the method of modulation. Is it AM, FM, PM, QAM, SSB? If memory serves, the Ethernet protocol uses PM - the phase of the signal changes when there is a state change. 0 is 0 degrees, 1 is 180.

    Comm speed will determine bandwidth and frequency. I believe that the bandwidth required for Ethernet exceeds that of what most amateur receivers can do, but SDRs should be able to receive that - though their price increases of course.

    Sounds like you are leaning towards TEMPEST in a way. But again, this would only work in low or no noise environments. If there are a bunch of devices drawing power, that will make it much more difficult to differentiate between the other devices and Ethernet activity.

    But - once you iknow what to look for, it is easier to see the signal through the noise.

    -Debian

    -.-. --.- -.-. --.- -.- --. --... ..- .--- ....

    My Alt: koolkoala

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)