How to Hack with Arduino: Building MacOS Payloads for Inserting a Wi-Fi Backdoor

How to Hack with Arduino: Building MacOS Payloads for Inserting a Wi-Fi Backdoor

Arduino is a language that's easy to learn and supported on many incredibly low-cost devices, two of which are the $2 Digispark and a $3 ESP8266-based board. We can program these devices in Arduino to hijack the Wi-Fi data connection of any unlocked macOS computer in seconds, and we can even have it send data from the target device to our low-cost evil access point.


Arduino-compatible devices continue to lower the barrier to entry for creating cheap prototypes, and prototyping novel attacks with Wi-Fi and USB Rubber Ducky-style attacks are no different. By exploiting the trust a Mac gives its "preferred" Wi-Fi networks, we can quickly create a backdoor connection with a Digispark USB payload and send data from the target Mac to our ESP8266 webserver.


What Is a Preferred Network List?


Any time you connect to a Wi-Fi network, your device adds the network to a list of trusted Wi-Fi networks called the preferred network list (PNL). The list keeps your computer connected to Wi-Fi as you move between networks. For convenience, most operating systems default to connecting to these networks automatically to provide a seamless experience. However, it opens up a few avenues attackers can exploit.


By adding a rouge network to the PNL, we can force a device to connect to an evil AP whenever we want. So we can do things like steal data off the device without needing to create a server on the web. Instead, we can kick the user off their connected hotspot and know that they'll connect to ours and not the real one. In a later guide, we'll build on this to steal the Wi-Fi connection history of the target and ..

Support the originator by clicking the read the rest link below.