Connect with us

Hi, what are you looking for?


Network Security

Many Wi-Fi Connections in Brazil Vulnerable to MitM Attacks: Researcher

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

A large number of the wireless Internet connections in Brazil are exposed to man-in-the-middle (MitM) attacks because they’re not secured properly, a researcher has warned.

André Luis Pereira dos Santos conducted experiments to determine how difficult it would be for an attacker to hijack Wi-Fi connections and capture users’ data. The problem, according to the expert, is that the routers provided by many Brazilian Internet service providers (ISPs) to customers use MAC address authentication, instead of wireless security protocols like WEP or WPA.

A report provided by the researcher to SecurityWeek shows that three main elements have been used in the experiments: a DD-WRT wireless access point (AP), a high-gain omnidirectional antenna, and a physical or virtual server with proxy/MitM software installed on it.

Brazil InternetBy configuring the AP with the same service set identification (SSID) and basic service set identification (BSSID) as the targeted AP, an attacker can intercept both SSL and non-SSL traffic within the antenna’s range by using open-source proxy software such as mitmproxy. As an evasion tactic, the attacker can drive around in a car while capturing data, Pereira dos Santos noted.

“The AP is connected to a server running the transparent proxy with a stack to make the MitM  (mitmproxy). The proxy will receive the connection form AP, log all traffic to port 80 (HTTP) and if the connection go to port 443 (SSL) the proxy will make the MITM attack (forging a certificate, open the stream, log all stream, make a connection to destination with true certificate and send the stream to destiny),” the researcher explained in his report.

In the case of SSL connections, potential victims are presented with a Web browser alert when the attacker attempts to intercept their traffic, but the expert believes at least half of users ignore these types of warnings.

Cybercriminals can leverage the lack of security to steal personal and financial data, and even to blackmail their victims. In addition to stealing intercepted data, an attacker can also modify HTTP requests and responses on the fly to inject malware, the researcher said.

In the first half of 2014, the expert conducted tests on the wireless connections of 420 companies in 552 locations all over Brazil. Pereira dos Santos found that 37% of Wi-Fi connections are vulnerable to such attacks. He believes the situation could be similar in other countries as well.

Advertisement. Scroll to continue reading.

The researcher told SecurityWeek that he conducted tests both in a laboratory environment, and in the wild with the aid of numerous friends. A car has been used to test the mobility aspect of the attack.

Around one third of the affected ISPs have been notified, but Pereira dos Santos says it’s impossible to reach out to all companies considering that many of them are small and highly distributed. While some of the affected services providers have promised to notify their tech departments of the problem, others have denied that an issue exists.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...