Phishing a WiFi Password

Most people believe that using Wi-Fi in public places is safe as long as there is a password needed to access the service, rather than the public ones with open access.

However, there are assorted methods used by hackers to get into Wi-Fi services and in particular a set of software and techniques we’ll call Wi-FiX (not the real name).

Sadly, Wi-FiX is available on the Internet to anyone with programming skills.

The basic method used involves the software creating a fake Wi-Fi access point that mimics the real ones on the selected network. Then it jams any messages to the real access points and posts up a message requesting login and password. The user cannot get around this so enters their login and password and then the software relays on the messages to the real wi-fi access point so the user believes everything is OK again, but the fake Wi-FI access point is recording all of the traffic.

In that data may well be logins and passwords, credit card details etc.

The details are complex but below is a simple technical explanation

  1. The victim is deauthenticated from their access point. WiFiXcontinuously jams all of the target access point’s wifi devices within range.
  2. WiFiXcopies the target access point’s settings. It then creates a rogue wireless access point that is modelled on the target. It also sets up a NAT/DHCP server and forwards the relevant
  3. The victim is requested to re-input login and password which WiFiX can use to access the genuine access point. The victim joins the hacker’s rogue access point.

The victim continues to use the Wi-Fi unaware that all of their messages are being copied and examined for confidential information etc.

Always be wary of using Wi-Fi outside of your home and office.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.