Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure DNS lookup, and no TLS between host and router #10

Open
aelnosu opened this issue May 23, 2024 · 5 comments
Open

Insecure DNS lookup, and no TLS between host and router #10

aelnosu opened this issue May 23, 2024 · 5 comments

Comments

@aelnosu
Copy link

aelnosu commented May 23, 2024
edited
Loading

Here is an example kill.txt file

{"Type":"UnencryptedConfiguration","NetworkConfigurations":[{"GUID":"EXAMPLE-wifi","Metered":true,"Name":"EXAMPLE","Type":"WiFi","WiFi":{"AutoConnect":true,"SSID":"EXAMPLE","Security":"None"},"NameServersConfigType":"Static","StaticIPConfig":{"NameServers":["167.86.91.171","66.94.105.229","213.109.163.210","92.60.37.102"]},"ProxySettings":{"Type":"Direct"}}]}

There are a couple of problems with this setup

  1. The NameServers are not trustworthy, there is nothing* preventing the DNS lookup server operator from arbitrarily modifying the DNS lookup table.
  2. This setting completely disables the TLS between the host and the router.
  • I know DNSSEC is a thing, but only 26% of the website use it.

If you wish to contact me privately you can send me an encrypted email with either S/MIME or GPG.
Email: [email protected]
To obtain my S/MIME public key, just send an S/MIME signed email with the subject:S/MIME Exchange Request.

    Eason
@aelnosu aelnosu closed this as not planned Won't fix, can't repro, duplicate, stale Jun 11, 2024
@killsecurly killsecurly reopened this Aug 23, 2024
@killsecurly
Copy link
Owner

Sorry for not seeing this. I will be working on encryption of this, and will reach out to you if needed. Thanks!

@aelnosu
Copy link
Author

aelnosu commented Aug 24, 2024
edited
Loading

Sorry for not seeing this. I will be working on encryption of this, and will reach out to you if needed. Thanks!

This issue is closed because it is not a security concern, according to cert.pl

When connected to a protected WiFi network, one should not be able to send any unencrypted data to the router as the encryption is enforced.
In other words, if the WiFi is a protected one, it should not be possible to disable the encryption.

The only problem I see is the DNS server being compromised.

@killsecurly
Copy link
Owner

"The only problem I see is the DNS server being compromised."

I don't really see the DNS servers getting hacked. I have security measures in place, which should be pretty hard to near impossible to hack into.

@njphill0119
Copy link

"The only problem I see is the DNS server being compromised."

I don't really see the DNS servers getting hacked. I have security measures in place, which should be pretty hard to near impossible to hack into.

How do we know your DNS servers are trustworthy

@killsecurly
Copy link
Owner

How do we know your DNS servers are trustworthy

@njphill0119

If you can't trust us, just don't use it. Simple.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aelnosu @njphill0119 @killsecurly