Looking for some WiFi AP Security Advice

Anthony Radzykewycz anthony.radzykewycz at gatewaycc.edu
Tue Dec 19 03:04:01 MST 2023 

It’d be my understanding that the AP would handle encryption over the air.
If you wanted the web traffic to also be encrypted, I think the self-signed
SSL certificates would suffice in this given application. To sniff that
traffic, the attacker would have to be on the same network, as well, so
guarding the AP with the aforementioned controls should prevent that.
Presuming they did get in, capturing https traffic would be encrypted vs
the plaintext counterpart of http.

On Mon, Dec 18, 2023 at 11:04 PM Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> Thanks, Anthony. I will see if the tp-link has a white list capability. If
> not, I will look into another AP device.
>
> There is another safety feature I forgot to mention. A physical disarm
> switch on the launcher, so the ignition circuit is disabled when it is
> engaged. However, one can forget to do that (maybe only once!), but I also
> don't want an attacker launching the rocket at any point.
>
> Is there anyway to encrypt the traffic between the cell phone and the web
> server on the Pi? To prevent someone from monitoring the various passwords?
>
> Mark
>
> On Mon, Dec 18, 2023, 10:35 PM Anthony Radzykewycz via PLUG-discuss <
> plug-discuss at lists.phxlinux.org> wrote:
>
>> That sounds pretty neat. Something you may want to add is a whitelist of
>> allowed devices to the AP. That way, they’d also have to spoof your MAC
>> (not impossible, but makes it harder). Other than that, it sounds like you
>> are definitely doing the right thing in your defense in depth approach.
>>
>> On Mon, Dec 18, 2023 at 10:25 PM Mark Phillips via PLUG-discuss <
>> plug-discuss at lists.phxlinux.org> wrote:
>>
>>> I am working on a project and need some security advice.
>>>
>>> The project is a wireless model rocket launcher. It consists of a
>>> Raspberry Pi 2 W (Debian Buster) connected to a daughter board
>>> with circuitry to control the current to ignite the igniter, a TP-Link Wifi
>>> AP, and a cell phone. There is a web site (apache and flask) running on the
>>> Pi that allows the user to control the circuits on the daughter board to
>>> launch the rocket.
>>>
>>> The typical location for launching the rockets is in a large field far
>>> from any buildings or trees. Typically, there is no Internet connectivity
>>> even on cell phones, but there are quite a few people attending the launch.
>>> There are also times when this launcher will be used in a more urban
>>> environment (like a high school), and I want to make the system
>>> "unattractive" to the high school students who think it would be cool to
>>> hack the launcher during a launch.
>>>
>>> I want to set up some sort of secure connection between the cell phone
>>> and the web site running on the Pi. My main concern is an attacker
>>> connecting to the web site and igniting the rocket while the user is
>>> connecting the wires to the igniter. Model rocket motors generate an
>>> exhaust gas with a temperature of ~3,000 F. Also, the igniter needs 2-4 A
>>> dc for 300 - 500 msec to ignite the rocket motor.
>>>
>>> I thought about SSL, but I would have to use a self signed certificate
>>> (assuming no Internet), and I have read that it is not that secure. I am
>>> using a long password to access the AP, a password protected login to the
>>> web site, and another password as a launch key to enable the igniter
>>> circuit and launch the rocket.
>>>
>>> I am not a network security guru, so I am not really sure what my
>>> options are. Do you have any other suggestions on how I can make this
>>> system more secure?
>>>
>>> Thanks!
>>>
>>> Mark
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20231219/3f85c133/attachment.htm>

More information about the PLUG-discuss mailing list