Page 21 - Cyber Warnings
P. 21
A Karma attack reads these beacon frames and imitates the SSID a smart device is looking for,
tricking it into connecting without requiring the user to press a button. Once that device is
connected, attackers can monitor the traffic to and from the device, looking for sensitive
information like passwords and credit card information, or direct the user to sites that load
malware or even ransomware on the device.
(Pro tip: if you ever find that your phone is connecting an SSID from some past connection, for
example you’re in San Francisco, but it’s connecting to one from a recent trip to Hong Kong,
shut off your Wi-Fi, you could be in the presence of a hacker.)
Wi-Fi hacking with MiTM and Karma attacks historically has required serious domain knowledge
and command line skills. But today, a YouTube search for “Wi-Fi hack” generates more than 2.8
million hits, with “how to” sitting atop the results. These tutorials can teach anyone with a spare
weekend how to hack over Wi-Fi.
If searching YouTube wasn’t easy enough, there are also tools like Hack5’s Wi-Fi Pineapple
that are freely available for purchase starting at $99 USD. They include an intuitive GUI, how-to
videos, and a third-party module marketplace for powerful hacking tools. The Wi-Fi Pineapple
does the job that hardcore Wi-Fi hackers used to do manually and it makes MiTM’ing very
simple. An attacker could have one in their backpack performing a Karma attack, listening for
SSID beacon requests, adding those SSIDs to a list to broadcast through the AP radios and
voila! Victims start to connect.
Recently at the RSA conference, I broadcasted fake SSIDs for public Wi-Fi (for research
purposes only) to see how many attendees would carelessly connect. We had more than 2,400
connections. Had we been hackers, we could have wreaked significant havoc on the users.
Instead, we directed them to a splash page with security best practices. (Read the entire blog
post about this research here.)
If a hacker really wants to get fancy, he/she could even break the connection between a
legitimate AP broadcasting “Coffee Shop” and a client by spoofing the BSSID (the MAC
address) of the AP. Then use the Pineapple to flood the client with IEEE deauthentication
frames. This will tell the client that the AP no longer wants to play. The victim’s device then
rescans for “Coffee Shop,” this time finding the Wi-Fi Pineapple ready and willing to accept the
connection for a fake “Coffee Shop.”
As you can see, Wi-Fi hacking doesn’t have to be all that complicated, and easy-to-use
graphical hacking tools are accessible to anyone willing to learn. Unfortunately, people are not
even safe when browsing encrypted HTTPS websites. After MiTM’ing a victim, it’s very possible
to intercept credentials for bank websites, email, shopping and more.
New, easy-to-use tools have resurrected an old tactic from 2014 called SSL Stripping. It tricks
web browsers into bypassing HSTS (HTTP Strict Transport Security) policy and sends
information to the MiTM over plain text.
21 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide