WiPhishing


Wireless systems advertising themselves posing as legitimate hotspots that then take your credit card details and sniff all of your traffic or poison replies to include malicious code.

WiPhishing involves a bad guy configuring a laptop to impersonate a trusted wireless access point. For example, an attacker may set up a machine with an SSID (a wireless LAN name) of “Linksys” or “T-Mobile,” in an effort to get users to access the Internet through the attacker’s own machine.


 

If someone falls for the trap, the attacker can monitor all clear-text traffic that passes through the attacker’s system, possibly including email, Web content and other data.

There are two factors that can make this type of threat worse. First, many wireless client packages are configured to automatically associate with an SSID that they’ve used in the past, based merely on the name of the access point. Future connections often happen automatically, regardless of the hardware address or any other characteristic. 

Thus, a user may not know that his or her software has associated with an access point, let alone an impersonated one. 

Secondly, there are tools that can automate WiPhishing attacks, namely Hotspotter and Karma. These tools respond to any SSID requests that a wireless client detects. They can then pretend to be that access point, offering services like Web, email and file sharing to the victim’s machine. This scheme dupes a user into revealing passwords and other sensitive information.

It is important that users are aware of the threat of these access points and that they limit themselves to reputable access points. Outside of phishing for credit card details it’s important to remember with any connection that you simply do not know who is listening.

Using an appropriately configured VPN to secure traffic back to your corporate headquarters (even for personal email browsing) is a good solution if permitted by your business, but if you must use exposed traffic then ensure that your connections are secure. HTTP, IMAP, POP3 and FTP are all sniffed off the wire by automated tools (I should note that it’s very easy to use tools that anyone could download and deploy – it’s not really a targeted or skilled attack).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s