deerseeker001
Super Member
- Joined
- Jul 20, 2011
- Messages
- 5,699
- Location
- Central wisconsin
- Tractor
- International 2500a with Loader
good reason not to have smart Phones
WI-FI, THIEF
- Thread starter J_J
- Start date
- Views: 4283
aczlan
Good Morning
- Joined
- Mar 7, 2008
- Messages
- 16,985
- Tractor
- Kubota L3830GST, B7500HST, BX2660. Formerly: Case 480F LL, David Brown 880UE
That story was a load of hooey... The devices (referenced here: ACLU wants to know how Michigan cops use 'data extraction devices' | Crave - CNET ) require that the officer have physical possession of your phone.
Ayep. Could just as easily the the guy at the next table with a laptop, or the guy walking around with a briefcase, backpack, etc.
HTTPS, HTTPS, and/or HTTPS.
A nice VPN back to a secure network for data you dont want to lose is a very good plan, but at very least, use a HTTPS connection...
Aaron Z
Tig
Veteran Member
Man in the middle attack by spoofing an access point can employed from extended distance as well. With line of sight you can target a device over a mile away.
Last time I played with extended range wifi, over 2km was easily to work with. 4km has also been done.
All paranoia aside, I prefer hard wired connections for financial matters.
Last time I played with extended range wifi, over 2km was easily to work with. 4km has also been done.
All paranoia aside, I prefer hard wired connections for financial matters.
haveissues
Silver Member
I just don't see how they are steeling passwords on amazon etc with a man in the middle attack unless the user decides to trust a untrustworthy certificate authority. Unless I'm missing something, they haven't broken ssl. Now if you get one of those popups on your banks website all of a sudden that asks you if you want to trust the site and you say yes, now you are vulnerable.
mikehaugen
Elite Member
I've heard of this before.
I'm no expert, but if they can do this with wi-fi, what keeps them from intercepting 4g networks? Or is it just a matter of time?
aczlan
Good Morning
- Joined
- Mar 7, 2008
- Messages
- 16,985
- Tractor
- Kubota L3830GST, B7500HST, BX2660. Formerly: Case 480F LL, David Brown 880UE
The only way I see this happening would be to have a fake non-SSL site that they got redirected to by the fake access point.
Also, if I remember correctly, the only way your phone or other device is broadcasting a network name if if the network's SSID is hidden, otherwise it just passively listens for the network to advertise itself (Windows XP and older versions of Windows excepted).
Aaron Z
Tig
Veteran Member
Some of the details of tbat article fly in the face of what I have observed with wifi, so I googled snoopy to learn more. First thing I learned is that snoopy drones do not fly, although I suppose that could be done.
The gist is that a snoopy station (called a drone) monitors the airwaves and notes what access points wifi devices connect to. All the stations report back device and acces point info to a central location. Access points are then referenced using existing databases. Like Wigl which is built by wardrivers. Once that is done they have a profile of a device and the access points that it uses in the monitored areas.
It's a plausible leap (a flying leap at that) to deploy snoopy as detailed in the original article, although to my knowledge, my devices do not scream out the names of every access point that I have profiled. Even if they did, the encryption would have to match for someone to get in the middle.
Here's a more technical article. SensePost Blog
This article addresses SSL encryption. Seems the redirect.
The claim that it steals your location data boils down to, it can look up the location of wifi router you connected to. All in all this is the same thing that Google does with their street view cars, which is why google maps can determine your location without accesing your GPS.
edit: I just noticed that the article I linked is two years old.
I would expect that this sw can easily be obtained and by now has been enhanced to address wifi encryption vulnerabilities.
The gist is that a snoopy station (called a drone) monitors the airwaves and notes what access points wifi devices connect to. All the stations report back device and acces point info to a central location. Access points are then referenced using existing databases. Like Wigl which is built by wardrivers. Once that is done they have a profile of a device and the access points that it uses in the monitored areas.
It's a plausible leap (a flying leap at that) to deploy snoopy as detailed in the original article, although to my knowledge, my devices do not scream out the names of every access point that I have profiled. Even if they did, the encryption would have to match for someone to get in the middle.
Here's a more technical article. SensePost Blog
This article addresses SSL encryption. Seems the redirect.
The claim that it steals your location data boils down to, it can look up the location of wifi router you connected to. All in all this is the same thing that Google does with their street view cars, which is why google maps can determine your location without accesing your GPS.
edit: I just noticed that the article I linked is two years old.
I would expect that this sw can easily be obtained and by now has been enhanced to address wifi encryption vulnerabilities.
Last edited:
J_J, how come you haven't come up with a hydraulic powered phone yet ? Seems like you always have the right answer to everyone's questions about the subject ! 
Just wondering... Whenever you post, I keep a copy of it in a folder so when I have a hydraulic situation pending, I can go into it and get some good poop. This one was unexpected.
Would that be Old Fashioned, Barbecue or Ridged chips ? Bagged or cylindrical container ?
Just wondering... Whenever you post, I keep a copy of it in a folder so when I have a hydraulic situation pending, I can go into it and get some good poop. This one was unexpected.
Would that be Old Fashioned, Barbecue or Ridged chips ? Bagged or cylindrical container ?