Jasager: On the Defensive
Guest Article By: Ryan Pfleghaar (post_break) of iamthekiller.net
DEFENDING AGAINST JASAGER
Jasager has been making people question wireless security since episode one of season four on Hak5. The number one question besides “How do I get this to work” is “How do I protect myself?”. This exploit in wireless security has been somewhat of a challenge to protect against and with this article I am going to detail how Mubix and I came up with a quick and easy fix.
A few recommendations to safe guard yourself were using a VPN or turning off wireless and using a 3G card while in the public. These two options do work however they can be expensive and not user friendly. After brainstorming a bit I came up with the idea of an application you could run while out in public airspace to check for multiple access points originating from a single point. This could be done by querying the access points and checking the signal strength against the BSSID. By knowing that a single MAC address is broadcasting multiple access points you can consider it a Jasager like device.
My theory is broken when you factor in a device such as a FON that legitimately broadcasts multiple access points during normal operation. My university does this with Cisco access points broadcasting a PEAP encrypted connection and an unencrypted network to which you must accept a TOS in order to connect from a single device.
Taking a step back we looked at how this exploit actually operates. When you turn on your laptop it will send out probes to see which networks are available and connect to the access point highest on the priority list. This default action is the key to the puzzle. By creating an access point in your preferred networks list titled “Jasager Detected” and pushing it to the highest priority you will now know when a Jasager device is being used. If you ever scan to see what networks are available and see the access point “Jasager Detected” then itʼs a good idea to check your email at home instead of the coffee shop or airport.
There are a few pitfalls to this method however. If you scan the area with anything other than what you use to connect your laptop to the network “Jasager Detected” will not show up in the access point list. Chances are you will see a hidden network with no security, that being the airbase-ng or jasager access point. You need to scan the area using either windowʼs built in wireless connection utility or that provided for your wireless card. This same theory goes for Macs as well.
Another pitfall to this quick fix is that you could in theory join the “Jasager Detected” access point without realizing it and quickly become a victim. You need to be alert when you go to public places with your laptop and make sure your dummy access point is not within range.
What I like about this fix is how theoretically low tech it is. This is not a software or hardware specific guide and you can tell just about anyone how to do it regardless of skill level. I was even able to reproduce the fix on an iPhone so you should be able to protect yourself on mobile devices.
Now Iʼd like to say something about this fix. This is not a complete patch in wireless security. I could modify my airbase script to not publish the access point “Jasager Detected” and if you were following this guide then you could easily become a victim [Thanks to Robin Wood who develops Jasager for out this caveat].
Another thing is that some operating systems have trouble with these preferred networks. If you really want to make sure you are in somewhat safe airwaves make up a completely random name for an access point and try to join it. If you connect then you know for a fact a Jasager device is in range.
I would like to reiterate Ryan’s last point. Think up so random name that you think you would never see, and put it in your prefered list at the top. If it pops up, you know that their is something fishy going on.
Another mesaure you can take, and thanks goes rAWjAW of rawjaw-security.blogspot.com for this idea. You can edit the preferences of each of your prefered networks and tell them not to connect automatically. This way, you will simply be alerted to their presence and have that half second of judgement kick in, instead of automatically connecting. Again, none of these are 100% solutions, but get close, and are all something you could help your grandmother implement.
Merry Surfing.