Wi-Fish Finder: Who Will Bite the Bait

Presented at DEF CON 17 (2009), Aug. 2, 2009, noon (20 minutes)

Threat of Evil Twin and Honeypots lurking at office parking lots and public hotspots are well known yet awareness level among WiFi users about exposure to such threats remains quite low. Security conscious WiFi users and IT administrators too don't have any simple tools to assess security posture of WiFi clients active in their airspace. Wi-Fish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to "phishing" attacks. Assessment is performed through a combination of passive traffic sniffing and active probing techniques. Most WiFi clients keep a memory of networks (SSIDs) they have connected to in the past. Wi-Fish Finder first builds a list of probed networks and then using a set of clever techniques also determines security setting of each probed network. A client is a fishing target if it is actively seeking to connect to an OPEN or a WEP network. Clients only willing to connect to WPA or WPA2 networks are not completely safe either! To find out why , come and attend this talk and witness some live action. There is >50% chance that your laptop will bite the bait!

Presenters:

• Prabhash Dhyani - Wireless Security Researcher
  Prabhash Dhyani is a wireless security researcher working with Airtight Networks. His interest includes wireless and network security research and tool building. His recent work "New Avatars of Honeypot Attacks on WiFi Networks" was presented in Hack.In 2009 conference held at IIT Kanpur, India. He holds BTech in Information Technology (IT) from IIIT Allahabad.
• Md Sohail Ahmad - Senior Wireless Security Researcher, AirTight Networks   as MD Sohail Ahmad
  MD Sohail Ahmad is a senior wireless security researcher at AirTight Networks. Mr Ahmad possesses strong background in secure driver development, protocol development, and open source tool development. His areas of interests include WiFi security, 802.11n, 802.11w protocol development, Network security assessment and vulnerability analysis etc. Prior to this, he has also demonstrated the more potent form of Evil Twin Attack called "Multipot" in Defcon-15. He discovered "Caffe Latte" attack which was presented in ToorCon9, which was about retrieving WEP key from an isolated client in the absence of its authorized access point. In Defcon-16, he had presented "Autoimmunity disorder in Wireless LANs".

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Ahmad
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - MD Sohail Ahmad and Prabhash Dhyani - WiFish Finder Who Will Bite the Bait - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=MJQleryxmBw

Similar Presentations:

• Black Hat Europe 2021 / Owfuzz: WiFi Nightmare
• DEF CON 18 (2010) / WPA Too!
• REcon 2005 / Attacking WiFi with traffic injection