The new technology for Wireless Forensics, Hotspot interceptor
The CONDOR C4
is the latest technology for Wireless Forensics developed by our Wireless and IT experts. The C4 is designed to offer a subset of the features included in the C15. Where the C15 captures data on ALL 14 possible channels to maintain forensic integrity, the C4 captures data on any 3 selected channels. A 4th radio receiver is used to scan and record the general Wi-Fi environment for all other Wi-Fi activity. With the possibility to connect either omni or directional antenna the C4 can identify the location of targets and the C4 comes with two FPGA encryption key recovery accelerators to speed up the rate at which key can be recovered. It is possible to 'stream' data from a specific channel out of an Ethernet port for outside processing and as in the C15 the data is date, time and position stamped.
The C4 makes the distinction between Forensic evidence gathering and intelligence gathering. In 802.11b, g there is 14 radio channels that can be used by the infrastructure access points (AP's), but typically only 3 of them are used, most frequently these are 1, 6 and 11. The C4 is designed with this in mind, it is equipped with 3 radio receivers and for intelligence gathering exercises where a target's MAC address is already known this is an ideal solution. The C4 has the same pre filtering capability as the C15 where by all three radio receivers can be set to monitor for data on the same MAC address such that the target data will always be captured. The unique MAC Tracking facility allows the C4 to compare all new Mac addresses to those already captured in previous sessions, in other locations and the user is alerted to any matches. Where total forensic integrity is not required the C4 is an ideal lower cost solution to Wi-Fi monitoring needs.
Challenges with Wi-Fi interception
Understanding the problems and challenges with Wi-Fi interception is fundamental to design a tool that can do the job well. The expertise of the Condor team allows Condor to offer product and technology training so you can benefit more from investing in our products. Following are some examples of problem's that would be covered in a Condor training class to enable users to become highly skilled Wi-Fi Interception experts:
encryption, WEP and WPA/2:
In the early days of Wi-Fi WEP encryption or nothing at all was used to safe guard user data from hackers, now strong encryption such as WPA and WPA2 are gaining popularity making it difficult and time consuming to decrypt. It takes dictionaries and clever software designed for this specific purpose and high performance hardware to crack WPA/2.
roaming between AP's , 14 different radio channels in 802.11b, g:
Client can change radio channel's in the middle of communication (roam) and half of data might be lost if you only data from one channel/radio is stored. This means laptops that can only capture data on one channel are not suitable for long term monitoring. Also the target AP can change channel at anytime. In the case of long term monitoring large amounts of data can be lost due to this.
Wi-Fi popularity means a lot of data in the air:
As Wi-Fi is growing extremely fast there is an increasing amount of data in the air. You need to be able to filter out the targets of interest and decrypt and analyze the traffic fast. There might also be local laws only permitting you to look at a specific MAC client or AP. In this case you must be able to filter only on that specific traffic but at the same time be able to use filter on as many radio channels as possible in case the client chooses to roam on to another, unknown channel.