Decrypting fake phishing WiFi security information to teach you how to make WiFi more secure

Author: qxz_xp Published: March 16, 2015 17:19 Classification: Hacker technology , Hacker attack and defense   4 comments  

On March 15, CCTV again focused on the security of mobile phone applications, and exposed free of charge at the party WiFi And demonstrated the use of fake phishing WiFi technology to steal the online content of audience. Frankly, many mobile phone users are also used to "surfing the Internet". They like to log in at public places such as cafes, teahouses and hotels WiFi It is quite unsafe to carry out various operations!

f75669873d1f0cbb9

”West Lake Debate "-- Sheep Wall of China SIS Conference

In the "West Lake Debate" - the venue of the China SIS Conference, the security experts of Anheng Information once set up a free WiFi on the site to improve everyone's security awareness. When the on-site participants saw that there was free WiFi, they logged in and used it. As a result, the passwords of accounts such as mailboxes and social website portals were cracked, and dozens of people who had entered the venue together were also fooled.

Now, the security expert of Anheng Information will show you again how to complete fake fishing within one minute WiFi Create a hotspot and start to grab someone else's password. This demonstration is just to give you a psychological preparation: the public WiFi Very dangerous! If you commit a crime, the security expert can tell you responsibly that if the police uncle wants to catch you, there is still a way! Many better than this have been caught.

One day, Ogawa saw a girl at 51job looking for a job at Starbucks. The girl was very good-looking, wanted to chat up, but dared not. So when he passed her, Ogawa glanced at her: Very good, 51job, WiFi version iPad.

Everything is so harmonious

If you want to have her 51job account and password, don't you have her address, phone number and email address? With the phone, there will be WeChat, even QQ?

Turn on the 3G of your mobile phone, connect your laptop, and sit near the girl (ensuring signal strength is very important!)

Open the software media WiFi assistant. Theoretically, you can use all kinds of portable WiFi to create a hotspot. For example, the name is Starbucks. Why use this? Because many girls and guys who claim to be petty bourgeoisie drink coffee at Starbucks and surf the Internet

15031601clipimage002

To create a hotspot, the password should be the same as that of Starbucks, right, and true!

Be sure to sit beside the girl and ensure that your signal can surpass the real WiFi of Starbucks, that is, the signal strength of Li Gui Starbucks will surpass that of Li Kui.

Of course, for the sake of effect, it is recommended that DDoS should be the real WiFi hotspot of Starbucks, and it should be disabled by traffic or number of connections. In this way, your sister will naturally connect to your WiFi.

Then, open the packet capture software, see? In the bottom area of the figure, username=and password=here, the verification code behind is the verification code.

15031601clipimage003

Okay... Simple? There is an address, a phone number and an email in the resume!

   Just use Starbucks as an example ——A friend mentioned that Starbucks requires WEB login in some places.

Of course, a friend may ask: Will the password be captured when logging in to WeChat and QQ? No, Login is encrypted. Unable to obtain information such as password. Of course, the ranger was worried about WebQQ, so he opened the browser on his mobile phone and logged in to QQ.

15031601clipimage004

See? QQ number can be captured, but the password can not be obtained.

At the same time, if you test the mobile online banking public version of China Merchants Bank and the mobile client of China Merchants Bank, you will find that https (not http, the last "s" means encryption) is used, so the security can be guaranteed.

Of course, if the attacker really wants to do more things, it is also possible. For example, let you open Netease, but Sohu pops up; For example, when you open a bank, you are actually presented with a fake bank page made by the attacker. However, this is troublesome (actually not particularly troublesome), so I won't say much about it. You deserve the title! (One minute! You will find that the operation is a little familiar, and one minute is not a problem at all!)

An Heng information security expert took this example to illustrate the harmfulness of public WiFi (untrusted WiFi). If you have a friend who often connects to WiFi in public, please forward it to him (her) to let him know how harmful it is!

How can I use WiFi safely?

1. Security information security experts should not casually connect to WiFi. Please try to use 2G/3G/4G in public places!

2. It is better to turn off the "WiFi Auto Connect" function when using electronic devices daily. Because if this function is turned on, the mobile phone will automatically scan and connect to the WiFi network without password when entering the area with WiFi network, which will greatly increase the chance of users to link to phishing WiFi by mistake.

3. If you must use public WiFi If so, it is recommended that you must carefully identify the names of network hotspots. Attackers like to use users' habit of "surfing the Internet" for free to set a name that is very similar to the public environment and easy to confuse people. The safe way is to ask the service provider directly WiFi Information, ask for a secure login password, and try not to purchase online under public WiFi or log on to online banking and third-party payment platforms to prevent the disclosure of users' personal information, important accounts, passwords, etc.

4. The free login account and password sent by third-party software may have great security risks, so try to avoid using them.

How can enterprises use WiFi safely?

At present, a large number of enterprises have WiFi networks in their office buildings to provide Internet connections for customers and employees. Therefore, many enterprises do not fully consider the security of their own WiFi networks when they rush to establish WiFi hotspots. Wireless networks without good protection can cause customers' wireless communications to be intercepted by hackers, resulting in significant losses such as confidential business information and other sensitive data being stolen. Anheng information security experts recommend that your enterprise do the following to ensure WiFi security:

1. Create a new secure and powerful management password. This is a simple step that many enterprises ignore. If the password of a WiFi access point can be accessed with a simple password such as "admin" or "admin888", the enterprise intranet is vulnerable to attack.

2. Enable encryption measures. It is strongly recommended to use WPA (WiFi protected access) encryption measures in the form of WPA or WPA2.

3. A malicious phishing WiFi access point was found. Most enterprise networks are within the range of WiFi access points connected to other networks, and most of these WiFi access points will be connected to legitimate systems. However, some WiFi access points may be created by potential attackers, such as attackers or employees who use unauthorized networks inside the company. Unmanaged WiFi access points can be attacked by an enterprise network loophole Inserting a laptop into the network and running the wireless WiFi inspection tool "Air Security Wireless Network Intrusion Detection System" can enable network administrators or other authorized individuals to quickly find any malicious devices. Then, you can take steps to revoke the access point or protect the access point network security Measures.

15031601clipimage005

Identify the wireless WIFI inspection tool "Air Security wireless network intrusion detection system"

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/6003.html

QQ Zone WeChat Tencent Weibo Sina Weibo My Sohu Renren Tianya Community Baidu Post Bar more
Previous
Next

You may also be interested in these articles!

  1. WIFI master key (except advertising display password version) (12)
  2. Users should be alert. The NFC function of Android phones can intercept the non-contact I (7)
  3. WeChat exposes remote arbitrary code execution vulnerability, which can be controlled remotely (1)
  4. Burpsuite 1.7.03 The latest cracked version of the penetration artifact (5)
  5. Teach you how to view the WIFI password of 4.3 and above systems (3)
  6. Killall master key 3.2.16 Wifi master key display password to advertise (5)
  7. Polar bear scanner 3.5 adds super search, and cloud platform supports online installation (7)
  8. Teach you how to crack the Wi Fi password of the girl next door (11)
  9. AirDrop vulnerability millions of Apple devices can be silently installed with malicious applications (2)
  10. Use the search engine to grab PHP scripts in batch (1)
  11. Penetrating artifact Burpsuite Pro v1.6.24 cracked version download (1)
  12. Technical Disclosure "QQ Space" Automatically Forwards Bad Information (2)
  13. Hacking Team RCSAndroid Trojans (1)
  14. Attack test on WiFi of three British politicians (1)
  15. Acunetix Web Vulnerability Sca
  16. Approaching Science: Go to the Black Market on Weekends

Decrypting fake phishing WiFi security information to teach you how to make WiFi safer: currently there are 4 messages

  1. 0F
    American Express Micro Transfer :

    It seems that this is also a problem: www.wzhuanyun.com

    2015-12-17 15:42 [Reply]
  2. 0F
    New starting point :

    That's a good question. Which one is better? 315 Returning domestic service to Guoqiang www.315fanyong.com http://www.4008082780.com Reply to share

    2015-05-08 17:26 [Reply]
  3. 0F
    Unbounded one :

    It seems that connecting free wifi is really dangerous..

    2015-04-14 23:51 [Reply]
  4. 0F
    come on. :

    Well said http://www.caiyoulianmeng.com

    2015-04-02 11:37 [Reply]

Comment

8 + 7 =

Shortcut key: Ctrl+Enter