Did you know that 100MB can cost you a thousand dollar or more by connecting to an unknown public WiFi intentionally or unintentionally. Millions of us love to use the public WiFi systems but we don’t think of what it’ll lead to.
In Sept, 2018. Cyber hitmen created a new scheme that targets public Wi-Fi users called ‘Wi-Jacking’.
Wi-Jacking is the acronyms of “WiFi Jacking” this attack allows the cyber hitmen to attack millions of Wifi and having access to neighbours Wifi without cracking a single handshake, and most-used method of gaining access to a WPA/WPA2 network but requires a weak passphrase.
“It’s a crime that allows the crooks to actually break into your smartphone and take whatever they want, according to United States Secret Service Agent Michael Alvarez, a specialist in forensic network intrusion.”
The victim’s are still the cause of havoc to this attack just because of the greediness, Ask yourself why did you need to perform war-driving before have access to internet connection after finding the unsecure wifi then you get exploited at the end of it you’ll be finding a cybersecurity professional to consult.
How much does your crown jewels worth?, If it’s huge and you don’t want it to be compromised or vulnerable then why are you seeking out for free public Wi-Fi.
How it works:
This Wi-Jacking attack could be possible within certain limitation in browsers saved credentials, Auto-Fill browser features which are reuse again for the same URL whenever its reuse by the users and logging into your broadband router via Wi-Fi and unprotected HTTP. A nearby cyber hitmen can attempt to sniff into the user credential details.
Demos:
- An active client device on the target network
- Client device must be previously connected to other open networks.
- A web browser (Mozilla, Opera, Chrome…)
- Router Admin.
Tools:
•Wi-Jacking (PoC):- https://gitlab.com/SureCloud/public/Wi-Jacking-PoC
•Wifi Pineapple :- https://shop.hak5.org/products/wifi-pineapple
•Karma:- https://wiki.wifipineapple.com/legacy/#!karma.md
Video :-
CounterMeasures:
•Goto settings turn off your wifi
•Before you leave the public WiFi location forget it instantly. Else the cyber hitmen are coming for you.
• Always setup a Virtual Private Network (VPN) to ensure your data are protected with encryption.
• All your Devices should be updated and set up a strong passkey.
•Avoid bogus website.
The security patches for this attack has been revealed by the web application industries. This is just a piece of advice which is worth mentioning and knowledge based sharing for the lover of cybersecurity in the cyberspace.
#JackingInCyberspace25 #Cybersecurity #Cybersecurityawareness #Cyberattack
#WiJacking
