Wi-Fish Finder: Who Will Bite the Bait

DEF CON 17

Presented by: Da Beave, JFalcon
Date: Sunday August 02, 2009
Time: 12:00 - 12:20
Location: Turbo/Breakout Track
Track: Turbo/Breakout

Threat of Evil Twin and Honeypots lurking at office parking lots and public hotspots are well known yet awareness level among WiFi users about exposure to such threats remains quite low. Security conscious WiFi users and IT administrators too don't have any simple tools to assess security posture of WiFi clients active in their airspace.

Wi-Fish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to "phishing" attacks. Assessment is performed through a combination of passive traffic sniffing and active probing techniques. Most WiFi clients keep a memory of networks (SSIDs) they have connected to in the past. Wi-Fish Finder first builds a list of probed networks and then using a set of clever techniques also determines security setting of each probed network. A client is a fishing target if it is actively seeking to connect to an OPEN or a WEP network. Clients only willing to connect to WPA or WPA2 networks are not completely safe either! To find out why , come and attend this talk and witness some live action. There is >50% chance that your laptop will bite the bait!

MD Sohail Ahmad

<strong>MD Sohail Ahmad</strong> is a senior wireless security researcher at AirTight Networks. Mr Ahmad possesses strong background in secure driver development, protocol development, and open source tool development. His areas of interests include WiFi security, 802.11n, 802.11w protocol development, Network security assessment and vulnerability analysis etc. <br /><br /> Prior to this, he has also demonstrated the more potent form of Evil Twin Attack called "Multipot" in Defcon-15. He discovered "Caffe Latte" attack which was presented in ToorCon9, which was about retrieving WEP key from an isolated client in the absence of its authorized access point. In Defcon-16, he had presented "Autoimmunity disorder in Wireless LANs".

Prabhash Dhyani

<strong>Prabhash Dhyani</strong> is a wireless security researcher working with Airtight Networks. His interest includes wireless and network security research and tool building. His recent work "New Avatars of Honeypot Attacks on WiFi Networks" was presented in Hack.In 2009 conference held at IIT Kanpur, India. He holds BTech in Information Technology (IT) from IIIT Allahabad.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats