A Greek researcher has developed a tool that is trying to steal the passwords of Wi-Fi networks. "It's a social engineering attack that does not use brute forcing in contrast to other methods. It's an easy way to get WPA passwords," said George Chatzisofroniou on his tool " Wifiphisher ".
The attack consisting Wifiphisher performs several steps. In the first step, the connection between the user and the Wi-Fi network. Wifiphisher remains hereby block all Wi-Fi devices in the vicinity of the access point. Wifiphisher then copy the settings of the access point attacked and put a fake access point that makes the victim connection.
During the final step, the victim gets to see a convincing according Chatzisofroniou configuration page of the router. This page is displayed once the victim opens a web site on the Internet. On the false configuration page for a so-called firmware upgrade WPA passphrase requested. To use Wifiphisher needed Kali Linux and two WiFi cards, which can do one injection.
On Hacker News and Reddit , there is also criticism of the tool because it would not be possible to set up a fake access point without a password. "The tool is actually a second unencrypted network. On Windows displays a warning that the network configuration has changed. On Android you must manually with the unencrypted network connection. This method thus does not perform automatic man-in-the- middle out, "said one of the critics.
No comments:
Post a Comment