xrad Posted February 26, 2014 Posted February 26, 2014 This is an interesting read........ "The team designed and simulated an attack by a virus, called "Chameleon," and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords." http://www.sciencedaily.com/releases/2014/02/140225112900.htm Quote
digininja Posted February 26, 2014 Posted February 26, 2014 Cool research but it has been done before. Can't remember the details but it was research and only against a single vendor I think. I also don't like the way they've described it The propagation of the virus effectively constitutes an advanced rogue AP attack which is unique in that it occupies the exact location of the victim device. this doesn't quite describe what they've done, to me this implies that they have placed a new AP in the same location rather than just infecting the existing one. I think just bad wording rather than anything else. Most of the time the defence for this is just using strong keys on the AP and disabling WPS but you could have an instance where the low level drivers are vulnerable in which case just sending traffic to the AP could exploit it. This happened with madwifi-ng drivers years ago when Karma was becoming popular. Lots of people showed up at a conference with vulnerable machines and got popped. Quote
GuardMoony Posted February 26, 2014 Posted February 26, 2014 Most of the time the defence for this is just using strong keys on the AP and disabling WPS but you could have an instance where the low level drivers are vulnerable in which case just sending traffic to the AP could exploit it. This happened with madwifi-ng drivers years ago when Karma was becoming popular. Lots of people showed up at a conference with vulnerable machines and got popped. That's OK for a business environment. But over here the 2 biggest ISP set there routers to have a standard open wifi network. Like Fon. In such a case a city wide infection would just take hours? Quote
digininja Posted February 26, 2014 Posted February 26, 2014 True, if there were a vuln in one of the firmwares that provided hotspots then that would be a good attack vector. Quote
digip Posted February 27, 2014 Posted February 27, 2014 That's OK for a business environment. But over here the 2 biggest ISP set there routers to have a standard open wifi network. Like Fon. In such a case a city wide infection would just take hours?Yeah, Comcast offers free XFinity Wifi access all around my area to people who already have an account with them and not sure if they do it via peoples rented modems that have build in wifi, their cable boxes(which some now have wifi built in without them knowing, as well as cameras and microphones!) or have something setup in my town or with local businesses, like the McDonald's down the street I think uses XFinity to let you sign in for free wifi. You login to their portals using your main Comcast account though I think and need to already be a Comcast internet subscriber so I can see that being abused. Wouldn't touch one with if you paid me though. I always wonder if any of them are rogue captive portal run on someones home network to capture logins and sniff Comcast accounts, but would be an easy target to spoof against unsuspecting users and attack their systems. VPN wouldn't even help in this case, since you can't get to or use your VPN service if you aren't logged onto the portal first for interet access, so VPN's wouldn't help save an end user in cases where they make you login with your account info for your ISP first, which you'd just be handing over your creds to the rogue AP if they're impersonating the captive portals well enough. Quote
GuardMoony Posted February 28, 2014 Posted February 28, 2014 Yup same kinda stuff over here. At least with the change to docsis 3 there modems now starting to use nat. Before that you got a direct internet ip adres. And could even find like printers of the neighbors and such on that network ;) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.