Tuesday, July 11, 2023

Interesting new WiFi security tool

This is pretty geeky, but is also pretty interesting:

Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.

Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into connecting to the rogue access points and relay sensitive data through the attackers' devices.

As the threat actors control the router, they can capture and analyze the transferred data by performing man-in-the-middle attacks.

Trustwave's security researcher and wireless/RF tech enthusiast Tom Neaves explains that spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers.

The devices of those who revisit the locations of open wireless networks they previously connected to will automatically attempt to reconnect to a saved access point, and their owners will be oblivious to the fact that they connecting to a malicious device.

Snappy is a free tool (available in about 100 lines of Python source code) that will tell you if the access point that you're connecting to is the same one that you connected to before.  There are all sorts of parameters that an access point advertises, including name (this is what rogue access points advertise) but also things like vendor, supported data rates, channel, and max power (among other things).

Snappy compares all of these to what your legitimate access point advertises and warns you if there is a mismatch.  Clever.

It's also clever to name your access point "Rouge".  Well, it was in 1998.

 

4 comments:

  1. Did you mean "Rogue" rather than "Rouge"? Or by "Rouge", if that was really the name, do you think they were trying to make it a first cousin to "Putting Lipstick on a Pig"?

    ;>)

    ReplyDelete
  2. I've named mine "FBI surveillance van #11"

    ReplyDelete
  3. strikeholddoc, back in the day "rogue" was often misspelled in powerpoint presentations on security.

    - Borepatch

    ReplyDelete
  4. Borepatch, thanks for that info. I had forgotten about autocorrect back in the day ...

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.