[ale] Slightly OT - Verizon/McAfee scareware and testing Wireless Networks

Neal Rhodes neal at mnopltd.com
Mon Jan 21 09:58:43 EST 2019 

Thank you for the reply.   Since you posted on the bottom I will reply
there. 

On Sun, 2019-01-20 at 20:11 -0800, Alex Carver via Ale wrote:

> On 2019-01-20 17:33, Neal Rhodes via Ale wrote:
> > So, I don't know what possessed me to turn on the Verizon supplied
> > security app on my Samsung phone.   But, I did. 
> > 
> > And as soon as I walked into church, it lit up with a message about the
> > wireless in the main hall, to wit:   "the security of this network has
> > been compromised!"
> > 
> > and it double dares me to ignore it.  And it repeats.    Now, I'm not
> > personally iinvolved in this network; I recall it's maybe a business
> > Comcast router feeding some Cisco wireless routers.   Doesn't seem like
> > hardware that would get compromised. 
> > 
> > Then I walk into the Sanctuary, and it switches wireless and complains
> > again.   Now, the only wireless in the Sanctuary is a Linksys router
> > which is connected to the Behringer X32 digital sound board.   It has NO
> > connection to the internet at all, and only three devices know the
> > password.  Those devices manage the sound.  uhhhh, how is it even
> > possible this device/wireless has been compromised?
> > 
> > Naturally, the Verizon app, powered by McAfee, won't tell me any details
> > about these alleged compromises, but it does offer to sell me their
> > enhanced WiFi protection.    I have to suspect this is scareware.  
> > 
> > However, I'm wondering if there is some reasonably simple scan I can do
> > with normal Android or Windows software to discern if there is any
> > credence to this? 
> 
> I did a very rapid search for anyone complaining of the app coming up
> with warnings like this.  Some of the complaints are on Verizon's
> message boards where they say the app doesn't specifically figure out
> how it's been compromised.  First thing I can think of is that the app
> probes the network and determines whether you can connect to other
> wireless devices on the same AP.  One of the possible AP configurations
> for decent APs would be to isolate clients from each other so the app
> may be sensitive to that as that could technically be a coffee-shop
> attack vector.  The other thought is an AP using WEP or WPA instead of
> WPA2 (ignoring KRACK).  Either way a lot of people seem to get the
> message so it appears to be overly sensitive.


Given this software is on every new Verizon Samsung phone, I can see a
line of reasoning that it should NOT specifically describe possible
exploits it has found to every possible potential amateur would-be
hacker.   I can also see them attempting to up-sell me. 

Now, I understand in a hard wired context that a dumb hub would let you
see all packets, while a switch would only let you see your traffic.
I do not understand in a wireless context how your radio doesn't see all
packets being broadcast if you can kick it into what used to be called
"promiscuous mode".  

Thanks, 

Neal  

> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190121/e91f98b1/attachment.html>

More information about the Ale mailing list