
Efficient Wi-Fi Phishing Attacks - sophron
https://www.tripwire.com/state-of-security/security-awareness/efficient-wi-fi-phishing-attacks-would-you-fall-for-that/#.WG0DNcFl3Ck.twitter
======
lucb1e
Bad title, but it makes an interesting point. I knew I can just make a WiFi
network with the same settings as the original and have phones automatically
connect to it (I use this as pre-doorbell warning sometimes, waiting for my
parents or girlfriend to connect when nearby), and I also know that I can read
and modify their traffic at that point.

What I somehow forgot to consider is that when my phone autoconnects to a
network (or attempts to), the AP owner _or anyone nearby_ might also be able
to crack the WPA2 password. Good thing it uses PBKDF2 because I know some
terrible ones.

I don't have time to read the full spec now unfortunately (I might later).
Does anyone know what parameters are used for pbkdf2, specifically the number
of iterations?

~~~
yamaneko
> (I use this as pre-doorbell warning sometimes, waiting for my parents or
> girlfriend to connect when nearby)

That's such a great idea! Could you give more details of how are you doing
that? Which tools did you use?

~~~
bsilvereagle
Not OP, but I have a cron job on a Raspberry Pi running every minute checking
for known MACs with `arp-scan`. I then get an audible warning.

~~~
telot1
Would you mind posting a link to this utility? Sounds like an awesome tool!

~~~
rrggrr
+1 ... can we get a github repository on this.

------
croon
Good thing I always disable the newest Windows default themes in favor of the
old 98 grey style. Unlikely they'd default to emulate that. But there's a lot
of details from pixel gaps between the wifi popup to the wifi popup appearing
automatically, etc etc that makes this very unfeasible for me at least _knock
on wood_

There are plenty of other hacks I'd be susceptible to before this one. (Please
black hats don't target me)

Edit: Would it be feasible to instead just mimic the target AP with a WPA2
passphrase, listen to connection attempt by target user, and when the first
attempt at login fails, set your AP to that passphrase and let him/her
through? It's not completely transparent, but I feel typoing your password is
more acceptable as "normal" than a lot of layers of emulated graphics that has
to convince your target at every stage.

------
jp3141
How do you redirect to the phishing site, if you are currently browsing an SSL
encrypted website without making it to obvious? Since you get an error message
in the browser...

~~~
edeirme
That is correct. However it's trivial for a MiTM attacker to perform an SSL
stripping attacks when the victim is communicating with sites that support
plain HTTP.

~~~
jp3141
even with HSTS?

~~~
edeirme
If a website employs the use of HSTS all traffic will be redirected to HTTPS,
rendering the support for HTTP redundant.

~~~
marichards
Hmm, if you can control the plaintext network isn't there an NTP attack to
reverse time and use old compromisable certificates or move it forward past
hsts max age?

------
zeroer
Yea, it's very possible I'd fall for that.

