4n6strider

Your Data Zen starts here.

Penetration test of mobile devices 1 - WiFi

Once I had a small project with rogue wireless access point. Goal was only to get the scope of devices, affected by certain flaw.
This would enable the Black Hat hacker sniff the traffic.

Yes, all your Facebook session ID’ s, messages, emails, websites you watch and in certain cases even the cloud passwords.


Moreover, it would be even possible to alter DNS to forward user of mobile device to spoofed website, force user to get more malicious content or just spy on a user.

This might happen to you everywhere while using WiFi on mobile device.

We live in great time! Device which fits to the pocket enables us to get almost any information in matters of seconds. We have literally unlimited options what can be done in the world of information and internet.
Price we pay is not always obvious. Imagine you would provide full access to your mobile device to your significant other. Not comfortable idea, right? Now imagine that complete stranger would have the same information.
Well we are all sharing our private information and we believe, that all the legal binding will prevent the Third party from abusing this information.

Third party can be anyone from your local internet provider to global cloud service. Or like in case above – someone’s rogue AP.

Below are visuals from the scan. It is collection of devices, captured over the time. Shapes of pictures will change to highlight different secondary structures on the data.

  • Every node stands for one device, represented by its sole IP address
  • Links between the nodes shows how network traffic was flowing
  • Bigger the node, more traffic would be possible to intercept using the node as a pivot
  • All the names are replaced with fakes. The structure however, is real.

    Overall picture of the traffic flow:
  • Node labeled “DESKTOP..” was the one who carried out the attack. Rogue AP was connected to it.

Next picture shows same data as above, only visual is different to show all the names in the network:
Reminder: All the names were faked, the structure is real.


So far, we were only scanning. Now let’ s move to actual result of the test.
On images below, additional coloring was added to determine the difference.

{BLUE} area stands for devices not prone to MITM  (Man In The Middle )attack.
{RED} area stands for devices which were happy to share all the secrets they were sending over the internet.

First without the node labels:

Second, certain interesting node names were highlighted:



Footnote:
Purpose of this post is neither to discourage you from using your mobile device, nor to discourage you from using WiFi, even the publicly available one.

In person, I really believe in good and evil. And also for this being part of all things.
In IT Security world, the good guys are called White hats and bad guys are called the Black hats.
This comes from old western movies, where the ultimate bad guy always had the Black Hat.

Me I like more the Star Wars analogy. As hate and anger was sure path to the Dark side of the force, so it is valid for penetration testing.

Without consent of tested party, all testing leads to the “Dark side”.
Regardless the fact both sides use the same tools, there is always huge difference in the intention of the tester.
This should also answer the ethical question, possibly raised by this post.

 

Next Post

Previous Post

© 2017 4n6strider

Theme by Anders Norén