1

Suppose we have an WLAN which is secured with WPA2. Its SSID is easybell123.

Could an attacker who wants to get the password of easybell123

  1. create a WLAN with the same SSID in the same area
  2. wait for people (automatically) logging in to the attackers WLAN
  3. record the password which was used and store it
  4. and later log in into easybell123?

I guess the answer is "No". Please explain why.

Martin Thoma
  • 3,902
  • 6
  • 30
  • 42

2 Answers2

0

No, unlike HTTP Basic authentication, the password isn't sent in cleartext (or obfuscated) form across the air.

The weakest form of WiFi security is WEP. Don't use it, it can be cracked, but not in the way you describe.

The password is used to create an encrypted tunnel as described here

http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
-1

No, because each time you try to connect to your router it will require your computer to authenticate, not only that but the router's SSID is unique even if it's shared with another router in the same location. The reason lies not in the name but in the combination of the router's specific frequency, ip address, dns settings, ips predetermined proxy settings, channel, and unique network interface mac address the router is operating on/with.

@Aatif you are in error. The hacker would have to be closer to the user than the router itself, in order to create a hotspot that would have a stronger signal than the original router. This is because the PC can only show one when SSID's are exactly the same it chooses the router with the stronger signal. Meaning your's only if you are that close. Then you can DHCP3 to route the traffic to Internet from your PC.

So technically it's possible but highly improbable. There are other methods.

King
  • 107
  • 5
  • Why should these setting matter? The person owning the router could change them and the people who connect to it are still able to connect. – Martin Thoma Mar 21 '15 at 15:38
  • Because with the introduction of WPA2 the CCMP (counter mode cipher block chaining message authentication protocol) encrypts the password. – King Mar 21 '15 at 16:21
  • I skipped thorugh some wikipedia articles. It seems as if the router sends a text to the client called "challenge". The client encrypts the challenge with the secret key and a public, symmetric algorithm (AES?). The router compares the encrypted challenge with what it should be. If this is correct, they are connected. My attack does not work as it is hard to get the key given the challenge and the encrypted challenge. Right? – Martin Thoma Mar 21 '15 at 16:33
  • 1
    The SSID can be spoofed and it has nothing to do with ip address, local ip addresses are a NAT policy, they are not exposed pre-authentication. Same goes for DNS settings and proxy. The channel can be easily spoofed as well as the MAC Address. – racec0ndition Mar 22 '15 at 07:51
  • 1
    Read about twin-evil attack which involves creating a malicious AP with the same ssid, mac address and operating on the channel as the victim wifi router. – racec0ndition Mar 22 '15 at 07:53