[ISN] WiPhishing hack risk warning

InfoSec News isn at c4i.org
Thu Apr 21 01:36:21 EDT 2005


[Since changing the default SSID from Linksys to (202) 323-3205, it
seems the number of malicious wardrivers and hotspot hackers prowling
around has gone down significantly in my part of town.  =)   - WK]

By John Leyden
20th April 2005

You've heard of war driving and phishing but now there's yet another
reason to wear a tin-foil hat every time you surf the net.  
"WiPhishing" (pronounced why phishing) involves covertly setting up a
wireless enabled laptop or access point in order to get
wireless-enabled laptops to associate with it as a prelude to hacking

An estimated one in five access points use default SSIDs (such as
linksys). By guessing the name of a network that target machines are
normally configured to connect to a hacker could (at least in theory)  
gain access to data on a laptop or introduce malicious code.

The scenario is plausible. But like the 'evil twins' risk of earlier
this year this is probably a well understood risk given a catchy
moniker, backed by an energetic marketing campaign.

Nicholas Miller, chief exec of Cirond Corporation, and the man who
coined the term WiPhishing, was unable to cite incidents of any actual
WiPhishing attacks. Nonetheless he maintained WiPhishing posed a
greater threat then war driving. Instead of hackers with laptops
trying to break into wireless networks with WiPhishing you have
hackers with networks trying to break into wireless networks.

He said that even companies with wired networks were at risk from the
attack if the wireless access functions of corporate laptops happened
to be left on. By hijacking the legitimate connection to a traditional
wired computer network, hackers might be able to exploit the soft
underbelly of corporate networks and launch even more invasive

Cirond held a press conference at the wireless LAN event in London
today in order to discuss WiPhishing and discuss its enterprise tools
to control how and when wireless technology is used by employees
(AirSafe Enterprise) and its wireless intrusion detection appliance
(AirPatrol Enterprise).

More information about the ISN mailing list