An open source piece of software made available on Sunday can be used to automate phishing attacks that target credentials for Wi-Fi networks.
Many attacks against networks protected with the WPA and WPA2 security protocols involve brute forcing. The tool developed by Greek IT security engineer George Chatzisofroniou, dubbed Wifiphisher, uses a different approach, namely social engineering.
Wifiphisher attacks work in three stages. In the first stage, victims are deauthenticated from their access point with the aid of deauthentication packets sent to the broadcast address, from the client to the access point, and from the access point to the client.
In the second phase, the victim access point’s settings are copied and a rogue access point is set up. Because the legitimate access point is jammed, clients will connect to the rogue access point. In this stage, the tool also sets up a NAT/DHCP server and forwards the right ports, the developer explained.
In the final phase, a man-in-the-middle (MitM) attack is launched by using a minimal Web server that responds to HTTP and HTTPS requests, and victims are presented with a fake router configuration page when they try to access a website. This configuration page informs users that a firmware update is available for the device and instructs them to enter their WPA password.
Wifiphisher is designed to work on Kali Linux, the popular penetration testing distribution, and it requires two wireless network interfaces. One of these interfaces must be capable of injections, Chatzisofroniou said.
Experts have pointed out on Reddit that users are notified by the operating system when their network configuration has changed. Victims would have to ignore the warnings before connecting to the rogue access point and being presented with the phishing page. There are also alternatives that could be more efficient, but Chatzisofroniou has admitted that Wifiphisher can be improved.
The developer is asking Python programmers and Web designers to contribute to making the tool better.