Cybersecurity threats are all over the place. Every time new software is written, it comes with vulnerabilities that the manufacturer doesn’t know about. Growing up, I’ve always tried to find ways to break things in ways that benefit me so naturally I found a way to be able to do that as a career.
The last few weeks, I’ve been looking at stealing data using WiFi networks. They’ve been around for a while, they’re ubiquitous in basically every home in America, and can be easily broken into. WEP password cracking is widely documented and takes less than 10 minutes to do on even basic computing hardware (seriously, it took my Raspberry Pi 8 minutes to crack a 12 character WEP key). I focused on stealing user data by sniffing WiFi packets, and then took it a step further by attempting to steal user data of clients that weren’t connected to any WiFi hotspot.
To get started, I used a piece of hardware called the WiFi Pineapple, by Hak5. It has 2 wireless radios and a USB slot to add a third radio so it can operate completely autonomously. I used one of the WiFi radios to sniff packets from devices around me. The second radio was used to create a spoofed wireless network for devices to connect to for me to collect data. The third radio was set up as an internet bridge. After setting the device up, I was immediately able to see how many devices were connected to my own home WiFi network and what their MAC addresses were, and even some WiFi names of my old hotspots.
When WiFi devices are trying to connect to their known hotspots, they send out a request that says “Hey, my name is Moez’s MacBook and I’m looking for any of these WiFi hotspots” with a list of networks it has previously connected to. All of this is sent over plain text, so anyone that can sniff those packets can read them.
This can be easily exploited. Since you know the list of networks that devices has previously connected to, you can create a fake hotspot with that name, the device will connect, and with the proper setup you have access to every bit of information its transmitting and receiving. You can save copies of encryption keys, authentication cookies, their device’s unique identifier, anything. All of this data can then be used to start targeted attacks at that user. You can use their Facebook authentication cookie to make Facebook think you’re logging in as them, and then you have access to their profile, messages, etc. This is obviously a problem.
So how do we solve it?
There are a few ways, first would be to encrypt all wireless traffic, but that would require the use of a pre shared key, which would have to first be sent over plain text so it can be stolen in the same way as the above information.
Second would be to use a VPN service to encrypt your traffic inside SSL traffic. Your data would still be sent in plain text to the router, but it requires a lot more skill and time to break that encryption and see your traffic. Unless you’re a high profile target, that would deter most attackers.
You could also skip using WiFi completely and use only hardwired connections to a router, but that removes all the benefits of using WiFi (mobility, wireless, easy to use).
There are inherent problems in all pieces of technology that could compromise your data, but being smart about how you use them will significantly decrease your chances of a data breach.