2 posts tagged with "iot"

Pioneering WiFi Security​

Supernetwork's flagship project, SPR, is a pioneer in WiFi security and we've supported multi-pass WPA3 from the inception of the project in 2022.

To use newer protocols like WiFi 6-e and 7, users can not fall back to WPA2, which is excellent since WPA2 suffers from passive sniffing & password cracking attacks.

WPA3 provides a zero knowledge proof: there's no handshake to sniff and crack -- but the protocol is rigid and makes it hard to support multi-pass. So most products only do it for WPA2 sadly, meaning they can't operate on 6-e or 7. This leaves users making more bad security tradeoffs. SPR works to give people the best security choices by default but the user experience could still vastly improve.

A new project, DecoyAuth, by Mathy Vanhoef, seeks to do that just that and make WPA3 better support multipass.

The project was presented at PAKE25 and the slides are here.

How to Sleep Better When Your Bed is a Backdoor​

The folks at over at Truffle Security performed some excellent research on the Eight Sleep Internet connected bed "Removing Jeff Bezos From My Bed ◆ Truffle Security Co. . It will come as no surprise to anyone who follows IoT security that the bed has some serious security problems, most notably the ability for Eight Sleep's engineering team to be able to ssh in to the bed's on-board computer, via what appears to be a shared support account.