Solve : DANGER: Wi-Fi honeypots?

1.	Solve : DANGER: Wi-Fi honeypots?
Answer» Not news. So it was put here in other. But is it realy as bad as this guy says? Quote Five ways to protect yourself from Wi-Fi honeypots by Declan McCullagh March 10, 2012 ... AUSTIN, Texas--Darren Kitchen SPENT this weekend walking around the SXSW festival with an unobtrusive but relatively evil red box attached to his backpack: it impersonated Wi-Fi networks in hopes of convincing laptops, phones, and other wireless devices to connect to it. Kitchen's hot-spot honeypot worked. During just a few minutes in the lobby of the Omni Hotel here, he disrupted dozens of Wi-Fi connections and rerouted them to his own "network" that replaced all Internet pages with a video of the Nyan Cat kitten flying through space. Someone with malicious intent could have done far worse. ... Read more: http://news.cnet.com/8301-31921_3-57394889-281/five-ways-to-protect-yourself-from-wi-fi-honeypots/#ixzz1oowlQnoT Do you believe this? Really? Quote from: Geek-9pm on March 11, 2012, 09:07:17 AM Do you believe this? Really? Do you ?No. Maybe it did happen once. But it is not a real threat. Lmao. Quote the Nyan Cat kitten flying through space. Quote from: Geek-9pm on March 11, 2012, 09:07:17 AM But is it realy as bad as this guy says?Do you believe this? Really? I don't. Or, rather, I think the circumstances where it is a danger are extreme, and the symptoms described not accurate. Most devices SEEM to be configured to connect to the highest signal network. However, none that I have used will indiscriminately connect to a unsecured network that has a higher signal strength unless you have already connected to that same access point. This setting, of course, can be overridden. So if a lot of devices' users' have overridden the defaults so that their devices will indiscrimately connect to any Access point that has a better signal strength than what they are connected to, it will have that effect. The SECOND point is that it cannot "disrupt wifi networks" by virtue of the disruption being the devices stupidly connecting to an unsecured access point and (also stupidly) trusting it blindly; I can't say I have extensive experience with mobile devices and wifi, but I certainly hope they have the basic precautions that any desktop OS has with regards to wireless security; windows and most Linux environments will warn you when you connect to an insecure access point, and at no point will they connect to a access point unless you have configured it to do so. My limited experience with smartphones and a few other mobile devices that support Wifi don't lead me to conclude otherwise. I guess if one access point is unsecured but has the same ssid as another secured access point that a device is configured to connect to automatically, the unsecured equivalent might end up being connected to if it has a higher signal strength, but I'm not certain. Of course if the person performing the "hack" had knowledge of the MAC addresses and ssid's of the access points (easy enough to obtain) he could easily configure his to "emulate" that device, making it a crapshoot for most devices, who connect to a given access point but are in fact associating with two. (And it would need to be properly configured (the fake access point) so that it doesn't cause duplicate responses which would typically cause a wifi driver to panic and disassociate). The article SORT of overplays the significance and the effect. If it was in fact configured to do what I note (which is implied by the "designed to impersonate wifi networks) than there are two things: for one, that requires special software; for another, I'm pretty sure that is illegal.

Answer»

Not news. So it was put here in other.
But is it realy as bad as this guy says?
Quote

Five ways to protect yourself from Wi-Fi honeypots
by Declan McCullagh March 10, 2012
...
AUSTIN, Texas--Darren Kitchen SPENT this weekend walking around the SXSW festival with an unobtrusive but relatively evil red box attached to his backpack: it impersonated Wi-Fi networks in hopes of convincing laptops, phones, and other wireless devices to connect to it.

Kitchen's hot-spot honeypot worked. During just a few minutes in the lobby of the Omni Hotel here, he disrupted dozens of Wi-Fi connections and rerouted them to his own "network" that replaced all Internet pages with a video of the Nyan Cat kitten flying through space. Someone with malicious intent could have done far worse.
...
Read more: http://news.cnet.com/8301-31921_3-57394889-281/five-ways-to-protect-yourself-from-wi-fi-honeypots/#ixzz1oowlQnoT

Do you believe this? Really?
Quote from: Geek-9pm on March 11, 2012, 09:07:17 AM

Do you believe this? Really?

Do you ?No. Maybe it did happen once. But it is not a real threat.

Lmao. Quote

the Nyan Cat kitten flying through space.

Quote from: Geek-9pm on March 11, 2012, 09:07:17 AM

But is it realy as bad as this guy says?Do you believe this? Really?

I don't. Or, rather, I think the circumstances where it is a danger are extreme, and the symptoms described not accurate.

Most devices SEEM to be configured to connect to the highest signal network. However, none that I have used will indiscriminately connect to a unsecured network that has a higher signal strength unless you have already connected to that same access point.

This setting, of course, can be overridden. So if a lot of devices' users' have overridden the defaults so that their devices will indiscrimately connect to any Access point that has a better signal strength than what they are connected to, it will have that effect.

The SECOND point is that it cannot "disrupt wifi networks" by virtue of the disruption being the devices stupidly connecting to an unsecured access point and (also stupidly) trusting it blindly; I can't say I have extensive experience with mobile devices and wifi, but I certainly hope they have the basic precautions that any desktop OS has with regards to wireless security; windows and most Linux environments will warn you when you connect to an insecure access point, and at no point will they connect to a access point unless you have configured it to do so. My limited experience with smartphones and a few other mobile devices that support Wifi don't lead me to conclude otherwise. I guess if one access point is unsecured but has the same ssid as another secured access point that a device is configured to connect to automatically, the unsecured equivalent might end up being connected to if it has a higher signal strength, but I'm not certain.

Of course if the person performing the "hack" had knowledge of the MAC addresses and ssid's of the access points (easy enough to obtain) he could easily configure his to "emulate" that device, making it a crapshoot for most devices, who connect to a given access point but are in fact associating with two. (And it would need to be properly configured (the fake access point) so that it doesn't cause duplicate responses which would typically cause a wifi driver to panic and disassociate). The article SORT of overplays the significance and the effect. If it was in fact configured to do what I note (which is implied by the "designed to impersonate wifi networks) than there are two things: for one, that requires special software; for another, I'm pretty sure that is illegal.

Solve : DANGER: Wi-Fi honeypots?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment