14

Suppose I have a Wi-Fi with WPA and strong password. Some articles say, that if an attacker will create a Wi-Fi with my SSID and it's signal is stronger than my, then my computer will connect to his Wi-Fi. Do I understand it right, that after it my computer will send Wi-Fi password to attacker, and he also will be able to do MiTM attack?

Is it really that easy?

Why there isn't something like certificate check in WPA protocol?

How can I protect from it?

Arqwer
  • 243
  • 1
  • 2
  • 5
  • read the first sentence in "the 4 way handshake" https://en.wikipedia.org/wiki/IEEE_802.11i-2004 - summary: no, its not quite that easy – Owen Sep 18 '16 at 17:44
  • Related question here: http://superuser.com/a/386997/434404 – Alejandro Sep 19 '16 at 12:52

3 Answers3

14

No, it is not that easy. But it depends on the network.

First, most Wi-Fi devices will remember all Wi-Fi networks they connect to, and also whether that network is encrypted or not and using which method. When your device comes near a network it "knows" (by its name, i.e. its SSID), it will try to reconnect, if that network's security method matches the saved one. What happens next will depend on the kind of Wi-Fi network.

Open, unencrypted Wi-Fi networks

When a Wi-Fi network is unencrypted (like most "Free Wi-Fi" networks in cafés, bars or hotels) and you have already been connected to that network once before, your device will automatically reconnect to a network with the same name. Anyone can spoof a well-known "Some Coffeemaker Free WiFi" and your device will happily connect to it when encountered. The rogue access point (AP) will then see all traffic your device sends or receives over this network (but cannot look into HTTPS or VPN encrypted traffic, of course).

WPA2 networks with pre-shared keys (WPA-PSK)

When using WPA2 authentication with pre-shared keys (PSK), both the station and the AP have to prove that they know the PSK in the four-way handshake. Thus, a rogue WPA2-AP cannot give access to a client by just having the right SSID and accepting any password from the client. Your device will not associate with that AP unless it uses the same PSK.

AFAIR, this is also valid for authentication with WPA version 1 and even WEP, but those protocols have other weaknesses which make them non-recommendable or even useless.

On the other hand, everyone who knows the PSK could fake a WPA2-AP. A weak PSK could also be guessed in a brute-force attack, e.g. by repeated authentication attempts. Hence, a long, not-guessable PSK is necessary.

(There is also an attack called Hole 196 that can be used by already authenticated attackers to break the session key of other authenticated hosts with the AP, but this is not relevant here.)

WPA2 Enterprise networks

WPA2 Enterprise works similar to WPA2-PSK, but uses a dedicated authentication server. In addition to passphrases, it can use certificates on client and AP. Client certificates are like long, authority-signed passphrases which are different for every client device. This way, when a host is compromised (e.g. stolen), that particular client certificate can be blocked on the authentication server, instead of changing the PSK on all devices.

For your device it makes no difference if WPA2-PSK or WPA2 Enterprise is used, in both cases it will not connect to an AP that cannot prove to have the necessary secret.

Dubu
  • 331
  • 3
  • 8
1

That is not entirely correct, And attacker can spoof the ssid of your wifi network (ex: my wifi) but not the essid that is a hex number like a mac address, so your pc will Se two access points with the same ssid but with different essid and connect to the know essid.

Differently will be if someone is doing a deauth attack and you manually connect to the evil access point

For what I know you cannot get the password someone uses to connect to a protected Hotspot but you can create an open AP (access point) and prompt the user for a password when they access the Internet.

Alejandro
  • 133
  • 1
  • 6
  • 1
    What stops attacker from spoofing essid? – Arqwer Sep 19 '16 at 06:53
  • I don't know, but in any ways it won't get the password, see the comment in the question. – Alejandro Sep 19 '16 at 12:56
  • The ESSID is the UTF-8 formatted name for a WLAN, the BSSID is the MAC address of the individual antenna. Also, check out [802.11w](https://en.wikipedia.org/wiki/IEEE_802.11w-2009) to prevent deauth attacks (however it does [not protect spoofing the ESSID](https://en.wikipedia.org/wiki/IEEE_802.11w-2009#Which_frames_are_Not_protected)). – JZeolla Sep 20 '16 at 01:16
1

No, it's not not the way it works.

The point is that your computer will try to connect to the strongest AP for the SSID it sees. If an attacker forces you to disconnect from the current AP and have a stronger signal, your computer will connect to the attacker.

The second part is were you got wrong: the attacker will not get your WPA2 password. Attacker's AP will simply accept any key (not password) your computer sends and connect your computer.

Now the hack begins: the attacker is in position to perform any man in the middle attack against any site you access, capture any packet, modify anything. It will have some trouble against protocols employing encryption (such as TLS, VPN or SSH), but HTTP will be easily and transparently modified.

To get your password, the attacker usually capture any request, and redirect to a page saying something like "AP in recovery mode, enter password to start". You (or any client of your network) fall for the attack, he got your password.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • So, WPA2 will prevent attacker from using my AP, but not from doing MiTM attack, right? – Arqwer Sep 19 '16 at 07:08
  • 1
    Mitm attacks can only* be done while both are in the same network – Alejandro Sep 19 '16 at 12:51
  • 1
    @Arqwer This attack will work because you are connecting to a different network without knowing it. Your computer have no way to know it is talking to a stranger AP. – ThoriumBR Sep 19 '16 at 12:54
  • 5
    This answer is plain wrong. When using WPA2 authentication with pre-shared keys (WPA2-PSK), _both_ the station and the AP have to prove that they know the passphrase [in the four-way handshake](https://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_four-way_handshake). There is no way for an AP to just "accept" any password. – Dubu Aug 22 '17 at 08:57
  • @Dubu To be fair, it's just the 3rd paragraph that is incorrect. – schroeder Aug 22 '17 at 10:15
  • 2
    @schroeder The other paragraphs would only be correct under the assumption that the attacker _already knows_ the password or provides an unencrypted network. But a client will _not_ connect automatically to an unencrypted network with the same SSID as a known encrypted network. Otherwise there is no association and no man in the middle. – Dubu Aug 22 '17 at 10:22
  • @Dubu so there are a couple missing details in par 2 (which could be added), but it's not *incorrect*. Pars 1, 4 are fine, and 5 could work in certain circumstances – schroeder Aug 22 '17 at 10:28