PoisonTap Steals Cookies, Drops Backdoors on Password-Protected Computers http://bit.ly/2gntVDH
-
-
Rogue APs are great, but no guarantee the target machine will jump onto it (especially if already on an AP)
-
Just jam the channel the real one is on and provide a fake one by the same name on another channel.
-
Wifi stacks only jump on same SSID if both are open, it won't jump from a WPA net to open net despite same SSID
-
Why would you make it open? Make it WPA with same PSK as the real one.
-
Wifi passwords are generally public knowledge.
-
Huh, how would you know the PSK? This is for networks you don't have access to, like most corporate networks
-
Social engineering? Compromise of any other client device connected (which has the key saved)? Etc.
-
But more likely attack venue is conferences, meeting spaces, etc. where wifi password is known to everyone.
- 1 more reply
New conversation -
-
-
And approaching the victim's device and plugging something in is much higher-risk (for attacker) than deploying a rogue AP.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.