http://www.csoonline.com/article/2863402/identity-access/free-tool-automates-phishing-attacks-for-wifi-passwords.html
By Lucian Constantin
IDG News Service
Jan 5, 2015
A new open-source tool can be used to launch phishing attacks against
users of wireless networks in order to steal their Wi-Fi access keys.
Gaining access to a WPA-protected Wi-Fi network can be extremely valuable
for attackers because it puts them behind the firewall, in what is
generally a high-trust zone. This allows them to mount man-in-the-middle
attacks against the network's users to steal sensitive data and
authentication cookies from unencrypted traffic.
A common method of breaking into wireless networks that use the WPA2
(Wi-Fi Protected Access II) security protocol is to set up a rogue access
point that mimics the real one -- this is known as an evil twin -- and
capture a client's handshake when they attempt to authenticate to it. The
handshake can then be fed to a brute-force cracking program or service to
recover the WPA2 pre-shared key, but this is not always successful,
especially if the password is long and complex.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
