I’m sure everybody has heard about the security vulnerabilities that are open when using open WiFi networks. I was reading a story on medium about someone that hired an ethical hacker to show them how easy it was to get personal information from public networks (you can read that post here if you want) and it reminded me of why I do not use free and open WiFi networks.
When I was studying we decided to test out some tools and a Linux distro known as backtrack (which is now called Kali Linux) to see what we could do and get a better understanding of networks and ways to strengthen networks. I must stress that this was DONE IN A LAB ENVIRONMENT and doing this in the real world is ILLEGAL AND UNETHICAL, there are serious consequences if you want to try this stuff out in the open so please don’t be a peanut and go out hacking things, just open your eyes to your own and your clients security practices.
Our Security Tests
Test 1 – ARP/Man in the middle attack
ARP stands for Address Resolution Protocol
So what we first wanted to test out what is called a Man in the Middle attack by using a ARP attack. We used some software called “ettercap” which is an opensource tool designed for both Windows and Linux.
How this works is the software poisons the ARP tables on the network to route and capture all network traffic through your computer.
With this test we were able to capture usernames and passwords from websites that were not using SSL encryption, there are methods out there to falsify the SSL certificates and get information passed through SSL as well.
This can cause some major issues as if you are on an open network you do not know who is on there getting your traffic and finding out your credentials. This could lead to people getting into your email and resetting any other passwords from other websites or just getting into the websites that your logging into at that point. People could also just find out personal information about you that you do not want made public.
Test 2 – Breaking Wireless Encryption
Next this we tested was breaking WEP wireless encryption. This was surprisingly easy using a tool called aircrack.
This means even networks that are encrypted can be broken into and then methods like in test 1 can be used to steal your personal information and account information. Even worse if you have your business or your clients business WiFi network has poor security people can potentially get on there and steal your business data or do some other sort of malicious attack.
Test 3 – Making a fake webpage
This test we made a fake Facebook login page that when people visited the page it would look exactly the same as the real Facebook login page but when people logged in it would steal your credentials and then redirect you to the real Facebook site and log you in.
This was done using metasploit.
I’m pretty sure this is how a lot of the fake websites used for phishing attacks are made. This could be used in conjunction with test 1 to serve a fake login page that steals your credentials.
After running these tests and realising how easy it actually can be for someone to steal my information I quickly made the decision not to use public and open WiFi any more. There are a lot of bad people that will use your information for evil and also the kids that do this thinking it is cool just to screw with people.
If you want do some research and test it out for yourself and see if you still want to use open WiFi networks. Also remember to keep your clients educated against the perils of open networks.