Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Many Wi-Fi Connections in Brazil Vulnerable to MitM Attacks: Researcher

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

André Luis Pereira dos Santos conducted experiments to determine how difficult it would be for an attacker to hijack Wi-Fi connections and capture users’ data. The problem, according to the expert, is that the routers provided by many Brazilian Internet service providers (ISPs) to customers use MAC address authentication, instead of wireless security protocols like WEP or WPA.

A report provided by the researcher to SecurityWeek shows that three main elements have been used in the experiments: a DD-WRT wireless access point (AP), a high-gain omnidirectional antenna, and a physical or virtual server with proxy/MitM software installed on it.

Brazil InternetBy configuring the AP with the same service set identification (SSID) and basic service set identification (BSSID) as the targeted AP, an attacker can intercept both SSL and non-SSL traffic within the antenna’s range by using open-source proxy software such as mitmproxy. As an evasion tactic, the attacker can drive around in a car while capturing data, Pereira dos Santos noted.

“The AP is connected to a server running the transparent proxy with a stack to make the MitM  (mitmproxy). The proxy will receive the connection form AP, log all traffic to port 80 (HTTP) and if the connection go to port 443 (SSL) the proxy will make the MITM attack (forging a certificate, open the stream, log all stream, make a connection to destination with true certificate and send the stream to destiny),” the researcher explained in his report.

In the case of SSL connections, potential victims are presented with a Web browser alert when the attacker attempts to intercept their traffic, but the expert believes at least half of users ignore these types of warnings.

Cybercriminals can leverage the lack of security to steal personal and financial data, and even to blackmail their victims. In addition to stealing intercepted data, an attacker can also modify HTTP requests and responses on the fly to inject malware, the researcher said.

In the first half of 2014, the expert conducted tests on the wireless connections of 420 companies in 552 locations all over Brazil. Pereira dos Santos found that 37% of Wi-Fi connections are vulnerable to such attacks. He believes the situation could be similar in other countries as well.

The researcher told SecurityWeek that he conducted tests both in a laboratory environment, and in the wild with the aid of numerous friends. A car has been used to test the mobility aspect of the attack.

Advertisement. Scroll to continue reading.

Around one third of the affected ISPs have been notified, but Pereira dos Santos says it’s impossible to reach out to all companies considering that many of them are small and highly distributed. While some of the affected services providers have promised to notify their tech departments of the problem, others have denied that an issue exists.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.