Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43441
  • Total Topics: 16533
  • Online today: 3201
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 3200
Total: 3201









Author Topic: With "WiFiPhisher tool" hackers can steal data even from secure WiFi networks!  (Read 2982 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Crypto geek George Chatzisofroniou has published a WiFi social engineering tool used to steal credentials and credit cards from users of secure wireless networks.

The administrator at the University of Greece developed the WiFiPhisher tool which sought out and then replicated WPA-protected networks, sans password: https://github.com/sophron/wifiphisher

The tool, yours for the taking on GitHub, spits deauthorisation packets at a legitimate access point jamming it and prompting users to inspect available networks.

Users will see the malicious network masquerading as their trusted access point.

"WiFiPhisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase [and] does not include any brute forcing," Chatzisofroniou @_sophron said: https://twitter.com/_sophron

"WifiPhisher sniffs the area and copies the target access point's settings [and] creates a rogue wireless access point that is modeled on the target.

"As soon as the victim requests a page from the internet, WifiPhisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade."

Users would need to ignore warnings generated by various devices in response to joining the now-unprotected mimicked network.

Similarly, users would need to accept the WiFi password request on face-value. Bad guys and security testers could do their best to generate further phishing and man-in-the-middle attacks against connected users.

Phones and laptops would keep connecting to the dodgy network operated on Kali Linux with a wireless interface capable of injection.

The University of Greece administrator asked the community to contribute to the development of the tool.

Alternative attacks exist that target users connecting to legitimate open wireless networks: http://www.reddit.com/r/netsec/comments/2raztz/wifiphisher_fast_automated_phishing_attacks/cne7skk

Tools such as KARMA set: http://www.theta44.org/karma/ can be used in conjunction with cheap network jammers to create replica networks that victims would automatically connect to without receiving warnings: http://people.cs.kuleuven.be/~mathy.vanhoef/papers/acsac2014.pdf

(ElReg)

Samker's Computer Forum - SCforum.info


devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Nice information, will remember this one :)

Devvie
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023