Manna from Heaven: Improving the state of wireless rogue AP attacks

Presented at DEF CON 22 (2014), Aug. 9, 2014, 4 p.m. (60 minutes)

The current state of theoretical attacks against wireless networks should allow this wireless world to be fully subverted for all but some edge cases. Devices can be fooled into connecting to spoofed networks, authentication to wireless networks can either be cracked or intercepted, and our ability to capture credentials at a network level has long been established. Often, the most significant protection users have are hitting the right button on an error message they rarely understand. Worse for the user, these attacks can be repeated per wireless network allowing an attacker to target the weakest link. This combination of vulnerable and heavily used communications should mean that an attacker needs just arrive at a location and setup for credentials and access to start dropping from the sky. However, the reality is far from this; karma attacks work poorly against modern devices, network authentication of the weakest sort defeats rogue APs and interception tools struggle to find useful details. This talk is the result of our efforts to bring rogue AP attacks into the modern age. The talk will provides details of our research into increasing the effectiveness of spoofing wireless networks, and the benefits of doing so (i.e. gaining access). It includes the release of a new rogue access point toolkit implementing this research.

Presenters:

• Ian de Villiers - Senior Analyst, SensePost
  Ian de Villiers is a security analyst at SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided security training and spoken at security conferences internationally. Ian previously published numerous tools, such as reDuh http://research.sensepost.com/tools/web/reduh, but more recently, SapProxy http://research.sensepost.com/cms/resources/tools/servers/sapprox/44con_2011_release.pdf
• Dominic White / singe - CTO, SensePost   as Dominic White
  Dominic is the CTO of SensePost, an information security company based in South Africa and London. He has worked in the industry for 10 years. He is responsible for SensePost's wireless hacking course, Unplugged. He tweets as @singe

Links:

• https://defcon.org/html/defcon-22/dc-22-speakers.html#DWhite
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 slides/DEF CON 22 - Hacking Conference Presentation Dominic White & Ian de Villiers - Manna from Heaven - Improving the state of wireless rogue AP attacks - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 slides/DEF CON 22 - Hacking Conference Presentation Dominic White & Ian de Villiers - Manna from Heaven - Improving the state of wireless rogue AP attacks - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 video and slides/DEF CON 22 - Dominic White & Ian de Villiers - Manna from Heaven - Improving the state of wireless rogue AP attacks - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=i2-jReLBSVk

Similar Presentations:

• Hackfest 2017 / The Black Art of Wireless Post-Exploitation
• DEF CON 31 (2023) / Hide your kids, turn off your Wi-Fi, they Rogue APing up in here Workshop
• Black Hat Asia 2015 / Manna from Heaven: Improving the State of Wireless Rogue AP Attacks