This seems to be more self aggrandizement than something new. Like several have said, you can buy a off the shelf cell phone and do this with some code. This attack is only on wifi, and most companies don't place confidential or enterprise systems on wifi. Yes there are exceptions, but just pulling up to the side of a building would probably give you the same access to their wifi.
Yea, this ^. This attack approach is interesting but any company that's serious about security needs to realize that anything opened up on wifi is a big hole - this used to be more amusingly exploited by war-driving, just driving around a neighborhood looking for someone with an open network that spills out into the street so you could download the latest episode of friends.
I don't work in this sort of security and it seems terrifying, the social engineering side is especially crazy.
That seems like a lot of hassle and a pretty big federal crime for only being able to attack Wi-Fi networks. Why not just park your car outside and use a laptop?
Don't do any mitm or forwarding, but just sit with the CEO or CIO with one in his office for a few minutes, and show him how his iPhone is suddenly connected to his home network.
Then you can explain all the implications of this. Including that this is a readily available device for low cost. And that this particular attack has been known and documented since 2004.
It would seem unlikely that manufacturers of devices relying on WiFi are unaware of this. Run a bar across their cages to get this fixed.
I would not expect this to be a local attack via wifi. Internet is so cheap/free nowadays, why would you go through the trouble to crack someone’s wifi instead of using a public one + VPN or Tor?
I believe this was a remote attack. Either on their computers, phones or router. Consumer-grade network equipment is notoriously insecure and Vodafone has absolutely zero expertise let alone incentive to do anything about it - they just buy these routers wholesale from China for a couple bucks a piece and call it a day.
Isn't this a well known and old attack? There are even devices that can automate this, I think Pineapple WiFi. I'm surprised that a security researcher has not already heard of it.
Except the attack doesn't get you access to their wireless network. It allows you to redirect someone from their wireless network to your own (spoofed) wireless network and then you can snoop the traffic.
Did you read the link? It describes an attack where you only need to have access to the same network as the target. Perhaps through that smart lightbulb they just installed?
This is an automatic bluetooth pairing attack. With the right equipment (which can be as simple as a Pringles can and an antenna aimed through a window) you can execute this attack from a hundred meters away. That's not physical access.
I'm sorry is this really a spoofed AP for wifi lol jesus this isn't unlocking and stealing a tesla car with a wifi attack lol
This is like saying calling a person and telling them you're google and you need their password and getting their password and calling it "hacking google oauth"
Because the people working for the target of your attack might never connect to an xfinity wifi network, but they are pretty likely to connect to the wifi at their office.
I wonder how much sensitive data from governments and companies leaks this way. It doesn't sound unrealistic for an attacker (a spy, a competitor, an inside trader) to pick a coffee shop frequented by low-level government officials and set up a fake Wi-Fi access point. I doubt people doing mundane administrative tasks are security-conscious enough not to leak important data this way.
I agree. They could and IMHO should have given a disclosure window since there was no evidence of active exploitation.
However it wouldn’t be that difficult to actually execute this attack.
It’s not that difficult to spoof the DNS server or even DHCP responses on public wifi networks (or local LANs). Yes you can setup enterprise networks to detect or block that but plenty of people aren’t on enterprise networks:
https://charlesreid1.com/wiki/Ettercap
It’s also easy to stand up wireless SSIDs of common public networks (eg “Apple Store”) and have devices preferentially connect to you if it happens to be earlier in the wifi network order list.
The knowledge and equipment to hack WiFi-related systems is a lot easier to obtain on most of the world than the cellular equivalent.
In the US, at least, tampering with cell service risks getting the FCC involved, so very few people do it compared to WiFi hacking.
I'm very curious, for example, if the devices that connect to these APs are vulnerable to the WiFi client isolation bypass that was disclosed about a week ago.[1] That seems a lot scarier when there are potentially thousands of random people's personal phones connecting to the same WiFi infrastructure instead of a bunch of more or less trusted corporate devices in an office.
This is one of the most serious and instructive pieces of technical security work we're likely to see this year. In case it hasn't sunk it:
- This vulnerability affects tons of smart phones (iPhone, Nexus, Samsung S*).
- The attack proceeds silently over WiFi -- you wouldn't see any indication you've been nailed.
- Mitigations and protections on WiFi embedded chips are weak.
- The second blog post will show how to fully commandeer the main phone processor by _hopping from the WiFi chip to the host_.
Imagine the havoc you could wreak by walking around a large city downtown, spewing out exploits to anyone who comes into WiFi range :-)
reply