4

I just come across this article: Capturing WPA Passwords by Targeting Users with a Fluxion Attack.

Although WIFI Evil Twin attack and WIFI de-authentication attacks is known for a long time, a mature ease of use WIFI toolkit such as Luxion will escalate the frequency of such attack.

Besides luck(If I am not using a mainstream router inside the attack list ) or disconnect the WIFI, I still can't think a better way to mitigate the risk for such well-crafted/well-though attack

For a typical user(imagine our non-tech savvy parent), is there a way to mitigate such attack?

mootmoot
  • 2,387
  • 10
  • 16
  • Depends on what you can change, you could use Certificate or Enterprise based authentication with pre-configured settings or not use Wifi security at-all and mandate some form of VPN instead. – eckes Sep 20 '17 at 20:21

2 Answers2

1

As with any social engineering attack, one of the best ways to mitigate it is through training and communication. Explain the problems to users and nurture in them an attitude of cautious skepticism towards ANY unannounced changes in the way your systems operate.

The ideal default user behavior should be, "Hmmm, that login page looks different. I don't remember a notification that said this was changing. I am going to ask support/management about this before using it."

This is an idealistic description; reality will always be harder and require layers of security controls.

0xSheepdog
  • 765
  • 5
  • 13
0

Write a script to scan for evil twin wifi networks or use something like https://github.com/moha99sa/EvilAP_Defender. After detecting an Evil AP, use triangulation to locate the evil AP. Find the suspect, smash the device, and then smash the suspect. By "smash" I mean to break into pieces using force, not to have rough sexual intercourse with.

Of course, you can also put a valid certificate on your AP and then use user training to ensure they only connect to the AP with that certificate.

Daniel Grover
  • 872
  • 5
  • 10