Free tool automates phishing attacks for Wi-Fi passwords

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2863402/identity-access/free-tool-automates-phishing-attacks-for-wifi-passwords.html

By Lucian Constantin
IDG News Service
Jan 5, 2015

A new open-source tool can be used to launch phishing attacks against 
users of wireless networks in order to steal their Wi-Fi access keys.

Gaining access to a WPA-protected Wi-Fi network can be extremely valuable 
for attackers because it puts them behind the firewall, in what is 
generally a high-trust zone. This allows them to mount man-in-the-middle 
attacks against the network's users to steal sensitive data and 
authentication cookies from unencrypted traffic.

A common method of breaking into wireless networks that use the WPA2 
(Wi-Fi Protected Access II) security protocol is to set up a rogue access 
point that mimics the real one -- this is known as an evil twin -- and 
capture a client's handshake when they attempt to authenticate to it. The 
handshake can then be fed to a brute-force cracking program or service to 
recover the WPA2 pre-shared key, but this is not always successful, 
especially if the password is long and complex.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/