Crypto geek George Chatzisofroniou has published a WiFi social engineering tool used to steal credentials and credit cards from users of secure wireless networks.
The administrator at the University of Greece developed the WiFiPhisher tool which sought out and then replicated WPA-protected networks, sans password: https://github.com/sophron/wifiphisherThe tool, yours for the taking on GitHub, spits deauthorisation packets at a legitimate access point jamming it and prompting users to inspect available networks.
Users will see the malicious network masquerading as their trusted access point.
"WiFiPhisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase [and] does not include any brute forcing," Chatzisofroniou @_sophron said:
https://twitter.com/_sophron"WifiPhisher sniffs the area and copies the target access point's settings [and] creates a rogue wireless access point that is modeled on the target.
"As soon as the victim requests a page from the internet, WifiPhisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade."
Users would need to ignore warnings generated by various devices in response to joining the now-unprotected mimicked network.
Similarly, users would need to accept the WiFi password request on face-value. Bad guys and security testers could do their best to generate further phishing and man-in-the-middle attacks against connected users.
Phones and laptops would keep connecting to the dodgy network operated on Kali Linux with a wireless interface capable of injection.
The University of Greece administrator asked the community to contribute to the development of the tool.
Alternative attacks exist that target users connecting to legitimate open wireless networks:
http://www.reddit.com/r/netsec/comments/2raztz/wifiphisher_fast_automated_phishing_attacks/cne7skkTools such as KARMA set:
http://www.theta44.org/karma/ can be used in conjunction with cheap network jammers to create replica networks that victims would automatically connect to without receiving warnings:
http://people.cs.kuleuven.be/~mathy.vanhoef/papers/acsac2014.pdf(ElReg)