Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Wifiphisher – Automated phishing attacks against Wifi networks

A Greek security researcher has developed WiFiPhisher, a Wi-Fi social engineering tool that is designed to steal credentials from users of WPA networks. The Greek security expert George Chatzisofroniou has developed WiFiPhisher, a WiFi social engineering tool that allows an attacker to steal credentials from users of secure WiFi networks. WiFiPhisher is available for download on the software […]

Wifiphisher – Automated phishing attacks against Wifi networks

A Greek security researcher has developed WiFiPhisher, a Wi-Fi social engineering tool that is designed to steal credentials from users of WPA networks.

The Greek security expert George Chatzisofroniou has developed WiFiPhishera WiFi social engineering tool that allows an attacker to steal credentials from users of secure WiFi networks.

WiFiPhisher is available for download on the software development website GitHub.

“Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.” states George Chatzisofroniou.

Wifiphisher run on Kali Linux and is licensed under the MIT license.

Wifiphisher is a tool that implements many of the known Wi-Fi hacking techniques by automating the attack scenario.  WiFiPhisher relies on the Evil Twin” attack, the attacker set up a bogus Wi-Fi access point, purporting to provide wireless Internet services, but eavesdropping the user’s traffic.

The bogus Access Point is used to serve to the users in the network faked login pages to steal their Wi-Fi credentials and other sensitive data. The attack scenario could be exploited to run man-in-the-middle attacks or to serve malware to the computers in the targeted network.

Wifiphisher tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate then to decouple users from the legitimate Wi-Fi Access Point run a denial of service (DoS) attack against the legitimate Wi-Fi access point, or exploit RF interference to force disconnection of the users from it, and prompts users to inspect available networks.

Once disconnected from users from the legitimate Wi-Fi access point, Wifiphisher forces offline the devices in the network and automatically re-connects them to the evil twin, which is used to spy on the traffic.

The WifiPhisher is very effective in the theft of user’s credentials, when the victim request a web page the tool will serve the victim a fake router configuration page, similar the original one, that will demand for WPA password confirmation due to a router firmware upgrade.

wifiphisher bogus form

The WifiPhisher tool would not be possible to set up a fake access point without a password, this aspect is raising some doubts about its effectiveness.

“The tool is actually creating a second, unencrypted network. On Windows it will give you a warning that the configuration of the network has changed. On Android you’d have to manually reconnect to the unencrypted network. So their method doesn’t automatically perform a man-in-the-middle attack,” said a Reddit user.

Pierluigi Paganini

(Security Affairs –  WifiPhisher, hacking)