Supernetworks July/August Update

Aug 30, 2024 7:44 pm

Hello all,


We hope you've had a wonderful summer so far. See below for what's we've been working on


Table Of Contents

  Feature Spotlight

  Router (In)Security

  Product Updates

  Supernetworks Challenge: OpenBSD crontab

  Get In Touch



Feature Spotlight

  -  WireShark plugin 


One of the exciting capabilities we have on the SPR is our plugin architecture. It lets you do things like run WireShark inside your browser. Not tshark or tcpdump, but the full GUI. Which is exactly what Philip did this month via webassembly and using Wiregasm. Whether you’re security testing or doing network diagnostics, having a packet sniffer at the ready is essential to figure out gain a deeper understanding of whats actually happening on your network.  


image

Have an SPR? Install WireShark now!


New Guide : Network Based Ad Blocking


We’ve been taking a step back and looking at how SPR compares to other products that do network based ad blocking. It’s been helping us to figure out where we want to be good at. We've compared PiHole versus Adguard as well as Technetium. As a next step, we will look at bringing in a community plugin for running PiHole with SPR, as an alternative DNS Server.


Hardware Updates

Pods are shipping! You can now order them in White or Black prints.


image



HATs:

  • Our M.2 HAT prototypes arrive soon

Dual Ethernet:

  • We are in the design review phase of an upcoming board with dual ethernet ports, one of which is a higher-speed 2.5gpbs port along with mPCIE for a WiFi AP card.


POE:

  • We've evaluated using waveshare POE hats with our WiFi pods and they seem capable. We'll do some more testing and prepare a custom enclosure to see how it looks. If you're interested in a poe build please contact us


Breaking ground with Rust


The upcoming Ubuntu release will feature a kernel with Rust on by default. Since 6.9 Linux has supported arm64 and we intend to begin shipping experimental Rust based WiFi capabilities with SPR. Our intern Jeremy Goldberger posted about working with Out of Tree kernel modules in Rust

Check out the blog https://www.supernetworks.org/pages/blog/loading-your-own-rust-kernel-modules


Hardened Mesh


PLUS users have the ability to use SPR nodes for mesh networking wired backhaul. We have transitioned the Mesh Plugin to do TLS-based provisioning and communications. This hardens API keys, credentials, and WiFi passwords to sync over a secure connection on the wired mediums.



Upcoming Work

Our next features fosues are:

  • Parental Controls for PLUS
  • Bridging Wireless Downlinks

Our next wanted plugins are:

  • OpenVPN
  • PI Hole


We will also be updating the nzyme tap plugin to be effortless to set up on SPR to send your wifi indicators to nzyme for intrusion detection


We're also looking at deploying code signing for both git and the docker container registry in the near future. We will use these to verify SPR updates of official supernetwork containers and repositories. If you have experience with these we'd love your advice.


Want to see something? Let us know!


OpenBSD Cron Exploit Challenge

We released our first advisory, due to a heap underflow vulnerability in Vixie/OpenBSD crond and crontab: CVE-2024-43688 in cron's command parser. We were able to show theoretical exploitability using only several bitflips but did not make it practical. Can you write a reliable exploit? If so, check out our Exploit Challenge and win a WiFi 6 Pod



Router Bug Highlights from July & August

Endless Router Bugs (@router_bugs)

Image



  1. GL.INET RCE: CVE-2024-39225 🧨 With an administrator session signed into the GL.INET, it was possible to brute force session identifiers and gain root command execution.
  2. Rooting Mesh Networks. UC Riverisde Professors and researchers discovered various ways to root mesh nodes and in some cases even gain access to wireless networks without knowing the password. They presented their findings at blackhat which are summarized here

image

3. Juniper Networks Session Smart Router: CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.




Need Help? Have A Feature Idea?

  • We love your bug reports and feature requests, keep sending them in
  • We've had several requests to run SPR on some RISCV gear and other hardware. If you'd like to help out get in touch
Comments