Wireless Hotspot Security
3 likes1,426 views
1. The document discusses security issues with public Wi-Fi hotspots and provides tips on how to hack hotspot networks. It outlines various methods for gaining unauthorized access such as social engineering, prepaid cards, or directly hacking the network configuration or authentication methods. 2. The document analyzes vulnerabilities in several popular hotspot gateway products, noting issues like bypassing login, lack of network segregation, and SQL injection vulnerabilities. 3. Defense strategies proposed include local AP awareness, one-time authentication, customer education, and regular security assessments to help secure hotspot networks.
![Misunderstanding Trust
• Unfiltered protocol or port tunneling
• DNS (e.g. nstx, ozyman-dns, tunnelx)
• UDP
• ICMP
• Demo account (e.g. free access for 30min]
• Rogue 802.11 APs](https://image.slidesharecdn.com/ttjimgeovedihotspotsecurity-12790450008389-phpapp02/85/Wireless-Hotspot-Security-14-320.jpg)
Wireless Hotspot Security
- 1. Wi-Fi Hotspot Security Jim Geovedi <jim@geovedi.com>
- 2. Information • The printable version of this presentation is less cooler than the original version and also it’s already modified.
- 6. How To Use Hotspot • Getting access • Visit hotspot with wireless device • Associate and get network configuration • Open web browser and get redirected to login page • Authenticate • ... welcome to the Internet!
- 7. Getting Access • Buy prepaid card • Registration with Credit card • Use now pay later (e.g. charge in your hotel room at INCREDIBLE price) • Send text message (SMS) and get login information • Social engineering • Hacking (sniffing, bruteforcing, etc.)
- 9. Motivations • If you are bored • If you want to do something bad (e.g. spamming, hacking, etc.) • If you don’t have money or lazy to pay but need Internet connection will hack for bandwidth
- 10. Critical Points • Network configuration • Authentication methods • 3rd party interfaces • Misunderstanding the trust
- 11. Network Configuration • IP address • Transparent SMTP • Network segregation
- 12. Authentication Methods • Web Hacking Kungfu • SQL injection • Cross site scripting • Piggyjacking
- 13. 3rd Party Interfaces • Integrated with other system: • Payment Management System • ISP’s billing system
- 14. Misunderstanding Trust • Unfiltered protocol or port tunneling • DNS (e.g. nstx, ozyman-dns, tunnelx) • UDP • ICMP • Demo account (e.g. free access for 30min] • Rogue 802.11 APs
- 15. Rogue 802.11 APs Real AP Rogue AP User
- 16. Once you’re in the middle... • Capture (sniff) and manipulate the traffic • Hack the client • Automated attack tools • FISHNet — where we can control client in a fishbowl environment
- 17. FISHNet • Taking advantage of suspected client behavior • zero configuration • automatic update system • network services • Fake services traps, exploiting clients, and create backdoor
- 18. Analysis On Some Hotspot Gateway Products
- 19. Product N • Widely deployed at big hotels • Vulnerabilities: • Can bill the Internet access to someone’s room • Disclose the list of hotel guests to the Internet • Heavily depend on MAC address for identification. Easy to do piggyjacking
- 20. Product I • Vulnerabilities: • Easy to bypass login by changing billing_method_id equal to 1 (one) — used by PMS • Only filter port 80... you can SSH to outside host and setup tunnel • Administration page is vulnerable to SQL Injection attacks
- 21. Product A • Vulnerabilities: • You can do SQL injection in login page • You can manipulate the cookies • No network segregation
- 22. Defense Strategies • Local AP awareness • Customer education • One-time authentication mechanism • Do regular security assessment • Write better code • Don’t charge for hotspot access!