WLAN Book
April 3rd, 2007

WiFi Phishing

Below is the opening sentence from Wikipedia’s entry for “phishing”.

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

The most common example of phishing are emails crafted to look like official messages from Ebay, PayPal, or financial institutions. These messages usually instruct the user to confirm account information like by clicking a link in the email, completing a form by providing username, passwords, and/or pin numbers and clicking submit. The fake web page usually looks just like the actual page so that most users would not know that they have been “phished” and their private information harvested.

WiFi phishing occurs in public hotspots where users connect to open access points. Attackers take advantage of the fact that the SSID is visible to anyone within the wireless LAN coverage area (even if it is being “cloaked”/hidden). An attacker uses the this public information and configures an access point with the same SSID to lure wireless users to the fake access point. Since most clients will connect to the access point with the strongest signal, new hotspot users will get “phished” by the attacker’s access point. A more sophisticated method is to force the existing wireless LAN clients to disconnect from the real access point and then reconnect to the attacker’s access point.

Once the user is connected/redirected to the attacker’s access point the attacker would use exploits gain access to the users PC.

Phished Hotspot User

rogue_access_point1.gif

(image source)

Share and Enjoy:
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook
  • Sphinn
  • TwitThis
  • LinkedIn
  • FriendFeed
  • Google Bookmarks
  • HackerNews
Related Posts:
  • Free Mac OS X Wifi Scanner for Snow Leopard
    Download updated WiFi Scanner v1.1 Free Mac OS X Wifi Scanner for Snow Leopard WiFi Scanner is a free 802.11 wireless scanner and connection manager...
  • Mac OS X WiFi Wireless Scanner
    Update: Free graphical Mac OS X WiFi Scanner for Snow Leopard with the same information as the text based airport scan below. Mac OS X...
  • BridgeChecker v1.2 Available for Download
    BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous versions are available for download from the BridgeChecker Download page. BridgeChecker User Guide This version...
  • AirDefense Enterprise On Mac OS X
    AirDefense Enterprise On Mac OS X Note: As far as I know, the AirDefense Enterprise graphical UI is not officially supported on Mac OS X....

If you liked this post, subscribe using below

WLAN Book RSS Feed

RSS Email WLAN Book by Email

.

Filed under: WLAN Security

Leave a Reply