Using deauths to evade smart doorbell cameras

Crowgrandfather
Crowgrandfather Member, Beta Tester Posts: 91
Second Anniversary 5 Answers 25 Likes 10 Comments
✭✭✭
edited November 18, 2019 in Devices & Security #1


There's some good discussion going on in the comments on this Reddit post. The long and short of it is though that: yes. It's completely possible for a thief or anyone else to deauth a wireless camera; before, during, and after a home invasion burglary. This deauth will essentially render the wireless camera worthless as most don't have internal storage.


@VioletChepil can you explain to us all how the FingBox's deauth warning works and what a user will see if there's a deauth attack?

Tagged:
VioletChepilBetaFinger

Comments

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 250 Awesomes
    ✭✭✭✭✭✭
    Hi @Crowgrandfather
    Very interesting. A deauth attack will be alerted by Fingbox, like the other WiFi intrusion protecting alerts! Here are some more details here:
    https://help.fing.com/knowledge-base/wifi-intrusion-protection/

    Here's how our deauth attacks work:
    We detect deauth attacks at high speed against the BSSID that is monitored by Fingbox.
    The attacks are detected and reported within 5 minutes with e-mail event in the Fingbox log.

    In order to avoid false alarms, there are minimum thresholds to raise an alarm:
    - the minimum duration of attack: 10 seconds
    - minimum deauth packets per second: 30/sec

    Let me know your feedback! 
    Cheers,
    Violet

    Community Manager at Fing

    HronoskltaylorCrowgrandfatherBetaFinger
  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments
    ✭✭✭

    @VioletChepil

    Thank you very much.

    VioletChepil
  • Nickoramus
    Nickoramus Member Posts: 1
    First Comment

    I’m trying to validate this functionality and having no luck.

    The wifi intrusion protection screen does say “protecting 2 networks “ (2.4 and 5ghz)

    I’m running a constant directed aireplay deauth attack against my Netatmo doorbell for minutes. It knocks the device offline, my router informs me of this and the device indeed is not reachable, however fingbox says nothing.

    The wifi protection screen does say over 4000 packets inspected in the last 5 minutes, which will mostly be all my deauths . Aireplay command is specifying both AP and target with -c and -b I think it is. I’d like if fing could validate because at the moment looks like the box isn’t detecting.

    thinking about this, a great feature would be active defence against such. I’m not sure is possible given the protocol but would be really interested to know the team’s thoughts on that. Could be a killer product feature :)

  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments
    ✭✭✭

    I've largely given up on "features" like this in Fing. I upgraded to TP-Link Omada EAPs and now Fing can't see any of them to "protect" them. It was always a bit of a gimmicky feature in the first place as DeAuths aren't very common in general.