Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Many Wi-Fi Connections in Brazil Vulnerable to MitM Attacks: Researcher

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

André Luis Pereira dos Santos conducted experiments to determine how difficult it would be for an attacker to hijack Wi-Fi connections and capture users’ data. The problem, according to the expert, is that the routers provided by many Brazilian Internet service providers (ISPs) to customers use MAC address authentication, instead of wireless security protocols like WEP or WPA.

A report provided by the researcher to SecurityWeek shows that three main elements have been used in the experiments: a DD-WRT wireless access point (AP), a high-gain omnidirectional antenna, and a physical or virtual server with proxy/MitM software installed on it.

Brazil InternetBy configuring the AP with the same service set identification (SSID) and basic service set identification (BSSID) as the targeted AP, an attacker can intercept both SSL and non-SSL traffic within the antenna’s range by using open-source proxy software such as mitmproxy. As an evasion tactic, the attacker can drive around in a car while capturing data, Pereira dos Santos noted.

“The AP is connected to a server running the transparent proxy with a stack to make the MitM  (mitmproxy). The proxy will receive the connection form AP, log all traffic to port 80 (HTTP) and if the connection go to port 443 (SSL) the proxy will make the MITM attack (forging a certificate, open the stream, log all stream, make a connection to destination with true certificate and send the stream to destiny),” the researcher explained in his report.

In the case of SSL connections, potential victims are presented with a Web browser alert when the attacker attempts to intercept their traffic, but the expert believes at least half of users ignore these types of warnings.

Cybercriminals can leverage the lack of security to steal personal and financial data, and even to blackmail their victims. In addition to stealing intercepted data, an attacker can also modify HTTP requests and responses on the fly to inject malware, the researcher said.

In the first half of 2014, the expert conducted tests on the wireless connections of 420 companies in 552 locations all over Brazil. Pereira dos Santos found that 37% of Wi-Fi connections are vulnerable to such attacks. He believes the situation could be similar in other countries as well.

The researcher told SecurityWeek that he conducted tests both in a laboratory environment, and in the wild with the aid of numerous friends. A car has been used to test the mobility aspect of the attack.

Advertisement. Scroll to continue reading.

Around one third of the affected ISPs have been notified, but Pereira dos Santos says it’s impossible to reach out to all companies considering that many of them are small and highly distributed. While some of the affected services providers have promised to notify their tech departments of the problem, others have denied that an issue exists.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.