Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

A look behind the scenes of a Wi-Fi Hack: What are the secrets?

mm

Written by Barbara Hoffman

December 29th, 2020

You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The low hum of people chatting is welcome, after months of isolation. The logon page appears as you search for the Wi-Fi in your settings.

Despite the security risks of free Wi-Fi, 81% of people readily connect

What you don’t know is the backpack belonging to the person next to you contains a small black box with a few antennae sticking up. It’s called a “Pineapple,” and it’s about to hack your Wi-Fi connection.

Despite the security risks of free Wi-Fi, 81% of people readily connect to it, 99% without a VPN. The number of public Wi-Fi hotspots has quadrupled since 2016, to over 360 million, showing the rapid rise in these networks around the world. Research involving 500 CIO and IT decision-makers found that coffee shops are the most popular places to connect to a public Wi-Fi network, followed by airports and hotels.

When they take over your Wi-Fi connection, cyber criminals can execute a number of attacks. Man-in-the-middle attacks are the greatest mobile security concern—this is when an attacker captures the data flowing to and from the internet.

Depending on how careful you are with passwords and privileged accounts, cyber criminals can also leverage Wi-Fi hacks to access your email, log-in credentials for applications, and other sensitive data.

Read on to see exactly how criminal hackers execute Wi-Fi attacks and how you can avoid becoming a victim.

Step-by-Step Wi-Fi Hack by an Ethical Hacker

Joe Carson, Chief Security Scientist at Thycotic and ethical hacker, walked through the steps involved in a Wi-Fi hack in a recent webinar: Live Hack: How Cyber Criminals Target Remote Employee’s Cloud Credentials. Ethical hackers like Joe conduct these types of hacks as part of penetration tests to warn organizations of vulnerabilities in their security controls and employee behavior. It’s revealing to see how easily malicious attackers could take advantage of common user behaviors and unprotected accounts with a set of inexpensive, readily available hacking tools.

Hackers are looking for the weakest link

Hackers targeting Wi-Fi can decide whether to attack the network itself or to go after any connected devices. They’re looking for the weakest link, relying on a target to make mistakes.

In the webinar, Joe describes each of the steps involved in wireless penetration testing, detailing the methods behind his strategy and popular tools that support his activities.

  • Reconnaissance
  • Vulnerability research
  • Exploitation
  • Reporting
  • Remediation

Ninety percent of his work is focused on reconnaissance—identifying what types of hardware, networks, services, and vendors a target is using. This helps him identify what types of Wi-Fi networks are used, email address formats, operating systems, etc. With this information in hand, Joe prepares his plan for an active engagement: the Wi-Fi hack.

Joe uses the Pineapple device to automate much of the work involved in setting up an “Evil Twin” Wi-Fi network. This $100 device from Hak5 is designed to mimic legitimate Wi-Fi networks and trick you into logging in.

Tetra Pineapple
Joe's 2.4GHz and 5GHz Dual Band Tetra Pineapple

He also uses Evil Portals, a collection of portals that can be used against Wi-Fi clients, to gain credentials or infect victims with malware. Dark Reading has an excellent article on how Evil Twin works from a technical perspective. This strategy involves setting up a Wi-Fi network with a name that is nearly identical to the one you think you are logging onto. For example, instead of “Coffeehouse Wi-Fi” it might be “Coffeehouse FREE Wi-Fi.”

Sometimes hackers combine the “Evil Twin” approach with a “Denial of Service” attack, which disables the authentic network, making their fake one the only one available. Mobile devices may connect to Wi-Fi automatically so that you don’t even know you switched networks.

Fake networks may have tell-tale clues on public Wi-Fi, such as no sign-in process with terms of service, or no password required. However, as Joe shows, a hacker could also set up a “branded” log-in page that looks legitimate and requires you to create a username and password. Let’s say you create a password that you also commonly used for other accounts. You guessed it: once the hacker captures your so-called “Wi-Fi password,” they can use it to access other accounts as well.

In the webinar Joe demonstrates how he can leverage his target’s poor password behavior to steal credentials

Joe gets a foothold by gaining access to the target’s laptop. He accesses settings, cookies that capture user behavior, images, and additional local information. He then demonstrates how he can leverage his target’s poor password behavior to steal credentials and gain access to his work environment. Ultimately, Joe bypasses controls to gain access to the target’s cloud environment.

What’s in your email?

In the webinar hack scenario, Joe searches the target’s email for the word “password.” He finds that the user has emailed himself password information, essentially using email as a memory device instead of a secure digital password vault. “You wouldn’t believe how common this behavior is,” says Joe. “If we aren’t providing users the right solutions to remember passwords, they’re going to find a way to do it themselves.”

Through password information found in the email account, Joe gains access to the target’s expense reporting SaaS application. By leveraging these work-related credentials, he’s then able to reach further into the organization’s IT environment. From that point forward, Joe can use and abuse any number of sensitive and critical IT systems.

You don’t need to give up the coffee shop—or the Wi-Fi

Remote work is the new normal. You can continue to be productive no matter where you want to work with some basic Wi-Fi security precautions. We’ve grouped key recommendations for safe Wi-Fi use into two buckets:

Wi-Fi management strategies

  • Store as few trusted Wi-Fi networks in your devices as needed
  • Purge networks you don’t need from your preferred network list
  • Disable auto-connect when joining networks
  • Rely on a VPN when connecting to sensitive information

Password management strategies

  • Use strong, complex passwords
  • Never reuse or share passwords
  • Set up two-factor authentication and single sign-on
  • Use a password manager for personal passwords
  • Use privileged access management tools that eliminate the need to remember, interact with—or even see—passwords.

Remember, cyber criminals are looking for low-hanging fruit. They need to get in and get out quickly without being detected. By setting up some roadblocks, you can still use Wi-Fi safely, whether you’re in a café, airport, hotel, or another public place, and avoid being easy prey.

Interested in more ethical hacking examples?

You can learn more about how ethical hacking reveals vulnerabilities before malicious hackers exploit them. In addition to the webinar referenced in this blog, How Cyber Criminals Target Remote Employee’s Cloud Credentials, watch Ultimate Password Cracking Techniques Used by Hackers and Live Endpoint Hack: Protecting the Keys to the Kingdom to see more examples from Joe and others on the Thycotic team.

You’ll learn how easy it is for a cybercriminal to find low-hanging fruit. And, you’ll get the information you need to protect yourself and your employees from becoming a cyber victim.

FREE Cybersecurity for Dummies ebook

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS