WiFi for free! Is it?

People love free WiFi, and that comes with a cost. If you look around many people using their laptops and tablets in the coffee shops, in dinings and restaurants. You will find a MacDonalds ie Starbucks in every city.

Would it be awesome to take advantage of that? Back in the days you build a custom BackTrack, Kali or other Linux distribution with your custom WiFi access point toolkit. You also had to find the right WiFi USB stick with the right functionality.

Now days, you buy a WiFi Pineapple and you are ready to go. I bought my first WiFi Pineapple years ago to give some demonstrations about how easy it is to set up a trap for the innocent free WiFi users.

A few weeks ago they ordered for me the WiFi Pineapple NANO tactical kit. I was surprised to see how Hak5 did some good work on the hard and software. They really made it easy to dig in WiFi networks on the go. I also like the redesigned webinterface. It is clean and simple.

Summarizing this story, the WiFi Pineapple is still a great tool for recon, attacks and also site surveys. Beside the Pineapple, I’ll keep using my Raspberry Pi’s and and “old” Intel NUC to get some more possibilities. I’ll write about that later.

KRACK Attacks: Breaking WPA2

WiFi is broken. The only thing we can do now is wait for updates from the vendors. If you thing about the amount of devices we put online using WiFi, do they all need an update? And how will a consumer know when he need to update something? Will there be a tool that consumers can use to scan there WiFi networks for vulnerable devices like security cameras, televisions or network attached storages?

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

Website: https://www.krackattacks.com/