While password cracking and WPS setup PIN attacks get a lot of attention, social engineering attacks are by far the fastest way of obtaining a Wi-Fi password. One of the most potent Wi-Fi social engineering attacks is Wifiphisher, a tool that blocks the internet until desperate users enter the Wi-Fi password to enable a fake router firmware update.
Social engineering attacks are powerful because they often completely bypass security. If you can trick an employee into entering a password into a fake login page, it doesn't really matter how strong the password is. This is the opposite of cracking attacks, where you're using the computer's processing power to try a giant list of passwords incredibly quickly. By nature of the way this attack works, you cannot succeed if the password you are attacking is strong and isn't included in your password list.
Not knowing how strong the password you are attacking is can be frustrating, because investing the time and processing power involved in a brute-force attack can make coming up dry feel like a massive waste of resources. Instead, tools like Wifiphisher ask questions about the people behind those networks. Does the average user know what their Wi-Fi router's login page looks like? Would they notice if it was different? More importantly, would a busy user, cut off from the internet and stressed out but the disruption, still enter their password to enable a fake update even if they noticed the login page looked a little different?
Wifiphisher believes the answer is "yes." To test ..
Support the originator by clicking the read the rest link below.
