Wifi Insecurity 2013
Risks and Usage

Kurt Baumgartner @k_sec
Principal Security Researcher
Global Research and Analysis T...
Wifi Insecurity 2013
Usage and Risks

Credit: wigle.net , 2013.08.29

• WiFi
• Absolutely ubiquitous
• Demonstrably insecu...
Wifi Availability
Who cares?

15%-20% WiFi is “unprotected”

Credit: wigle.net , 2013.08.29
Wifi Availability
Does WPA2 really matter?

Session hijacking, complete compromise
•
• Banking / Retail cc

Credit: www.im...
Wifi Attacker’s Toolset 2013
Getting in – is anything new?

• Evil Twin == ARPSpoof, DHCP spoofing

• Aircrack-ng handshak...
Connecting to Public Wifi
Confident connections

• VPN (and/or SSH)

• Pay attention to your browser!
Connecting to Public Wifi
Confident connections
Connecting to Public Wifi
Confident connections
Thank You
Kurt Baumgartner, @k_sec
Principal Security Researcher
Global Research and Analysis Team
WiFi Insecurity2013
Upcoming SlideShare
Loading in...5
×

WiFi Insecurity2013

157

Published on

Brief presentation on wifi security risk in 2013.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
157
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WiFi Insecurity2013

  1. 1. Wifi Insecurity 2013 Risks and Usage Kurt Baumgartner @k_sec Principal Security Researcher Global Research and Analysis Team
  2. 2. Wifi Insecurity 2013 Usage and Risks Credit: wigle.net , 2013.08.29 • WiFi • Absolutely ubiquitous • Demonstrably insecure
  3. 3. Wifi Availability Who cares? 15%-20% WiFi is “unprotected” Credit: wigle.net , 2013.08.29
  4. 4. Wifi Availability Does WPA2 really matter? Session hijacking, complete compromise • • Banking / Retail cc Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
  5. 5. Wifi Attacker’s Toolset 2013 Getting in – is anything new? • Evil Twin == ARPSpoof, DHCP spoofing • Aircrack-ng handshake collector, WPS PIN defaults and Reaver brute forcing • Cloud based cracking, ocl-Hashcat-plus • 55 is the new 15! • Performance improvements by orders of magnitude • Certificate forging, SSLStrip, HTML Injection and Sidejacking • Cookie theft and replay • System Compromise and DNS Hijacking
  6. 6. Connecting to Public Wifi Confident connections • VPN (and/or SSH) • Pay attention to your browser!
  7. 7. Connecting to Public Wifi Confident connections
  8. 8. Connecting to Public Wifi Confident connections
  9. 9. Thank You Kurt Baumgartner, @k_sec Principal Security Researcher Global Research and Analysis Team

×