The Hacker News Logo
Subscribe to Newsletter

WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks

WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks
A Greek security researcher, named George Chatzisofroniou, has developed a WiFi social engineering tool that is designed to steal credentials from users of secure Wi-Fi networks.

The tool, dubbed WiFiPhisher, has been released on the software development website GitHub on Sunday and is freely available for users.
"It's a social engineering attack that does not use brute forcing in contrast to other methods. It's an easy way to get WPA passwords," said George Chatzisofroniou.
However, there are several hacking tools available on the Internet that can hack a secure Wi-Fi network, but this tool automates multiple Wi-Fi hacking techniques which make it slightly different from others.

WiFiPhisher tool uses "Evil Twin" attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate Wi-Fi AP. It then directs a denial of service (DoS) attack against the legitimate Wi-Fi access point, or creates RF interference around it that disconnects wireless users of the connection and and prompts users to inspect available networks.

Once disconnected from the legitimate Wi-Fi access point, the tool then force offline computers and devices to automatically re-connects to the evil twin, allowing the hacker to intercept all the traffic to that device.

The technique is also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP. These kind of attacks make use of phony access points with faked login pages to capture users’ Wi-Fi credentials, credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.
"WiFiPhisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase [and] does not include any brute forcing," Chatzisofroniou said. "WifiPhisher sniffs the area and copies the target access point's settings [and] creates a rogue wireless access point that is modeled on the target."
As soon as the victim requests any web page from the internet, WifiPhisher tool will serve the victim a realistic fake router configuration-looking page that will ask for WPA password confirmation due to a router firmware upgrade.
WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks
The tool, thus, could be used by hackers and cybercriminals to generate further phishing and man-in-the-middle attacks against connected users.

There is also criticism of the tool on several online discussion forums, because it would not be possible to set up a fake access point without a password.
"The tool is actually creating a second, unencrypted network. On Windows it will give you a warning that the configuration of the network has changed. On Android you'd have to manually reconnect to the unencrypted network. So their method doesn't automatically perform a man-in-the-middle attack," said one of the critics on Reddit.
Wifiphisher works on Kali Linux and is licensed under the MIT license. Users can download and install the tool on their Kali Linux distribution for free.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.