A presentation about social engineering over WiFi networks during the AfricaHackon 2016 conference.

1. WiFi
Social
Engineering

2. BIO
Gabriel Mathenge
 Security enthusiast
 Security consultant at Ernst and Young (EY)
 Penetration testing and red teaming
T: https://twitter.com/_V1VI
E: gabriel@thevivi.net

3. QUESTIONS
Stop me whenever you’re curious

4. WHY WIFI?
Why WiFi?
 Rapid growth of WiFi networks for commercial
and private use
 2015: Kenya’s internet penetration stood at 26
million people – KNBS Economic Survey

5. SOCIAL ENGINEERING
Social Engineering
 Manipulating people into giving you what you want.

6. IEEE 802.11
IEEE 802.11
 IEEE - Institute of Electrical and Electronics
Engineers
 IEEE 802.11 - A set of specifications for
implementing wireless networks
 Define the rules of communication between
clients and wireless access points (AP)

7. IEEE 802.11
IEEE 802.11
THIS
PART
HERE
INTERNET

8. TOOLS
Tools of the trade

9. 802.11 ISSUES
Issues

10. PROTOCOL-SIDE
WiFi Deauthentication
 Anyone with the right hardware can send a
deauthentication frame to the AP and clients
connected to it

11. DEAUTHENTICATION
Deauthentication
Targets
Deauthentication
packets

12. CLIENT-SIDE
Identifying APs
 Clients can’t differentiate between access points
with the same name (ESSID) and will usually
just connect to the strongest one.

13. CLIENT-SIDE
No difference
London
ESSID: Java WiFi
Nairobi
ESSID: Java WiFi

14. CLIENT-SIDE
Probing for and auto-connecting to APs
 Ever wondered how your phone/laptop
automatically connects to your office/home
network whenever you’re in the area?

15. CLIENT-SIDE
WiFi Selection

16. CLIENT-SIDE
Anytime your device’s WiFi is on and not connected to an AP
Home WiFi!
Office WiFi!
Airport WiFi!
Girlfriend’s WiFi!
Other girlfriend’s WiFi!
Neighbor’s WiFi!
Coffee shop WiFi!

17. WiFi Probes

18. CONVENIENCE VS SECURITY
Why is it built this way?

19. TRADITIONAL WIFI ATTACKS

20. EVIL TWIN
Evil Twin
 A rogue wireless AP that masquerades as a
legitimate Wi-Fi access point

21. EVIL TWIN
How it works
I’m Safaricom,
the real AP.
No! I’m Safaricom,
the real AP. Connect
to me!
Deauthentication
packets
Targets

22. MiTM
Man-in-The-Middle
 Grabbing all of the traffic that passes you over a
wired or wireless network.

23. MiTM
How it works
Username Solomon
Password Password123
Username Solomon
Password Password123
Username Solomon
Password Password123
BANK

24. WIFIPHISHER
 A WiFi tool that automates social engineering
attacks on WiFi networks
 Written in Python and developed by Greek
security researcher, @_sophron (George)

25. DEMO
Scenario
Swara WiFi
Swara WiFi
Target

26. WIFIPHISHER
Phishing scenarios

27. WIFIPHISHER
Sample phishing page

28. WIFIPHISHER
Sample phishing page

29. HARVEST CREDENTIALS
Harvest credentials

30. WIFIPHISHER
Taking it further…

31. DEMO
Scenario
VIVI WiFi
VIVI WiFi
Target

32. MALWARE INFECTION
Taking it further – malware infection

33. MALWARE INFECTION
Updating is good for you

34. MALWARE INFECTION
Updating is good for you

35. MALWARE INFECTION
Shell

36. WHY WIFI?
Why did I pick WiFi?
 To make it relatable
 Some vulnerabilities can’t be fixed by technology

37. PPT
The Security Trinity
SECURITY

38. THE WEAKEST LINK
Who is the weakest link?

39. FOCUS ON SECURITY AWARENESS
How vulnerable is your tech are your people?
 Security training and awareness programs
 Fewer tech focused security tests and more
holistic security assessments.
 Does your organization have a red team?

40. SECURITY FAILURE

41. STAYING SAFE
Staying safe
 Be wary with public Wi-Fi.
 2 factor authentication.
 Use strong passwords. Avoid password reuse.
 Turn off your Wi-Fi when you’re not using it.
 Update your software, use an antivirus.
 Awareness, a little paranoia never killed anyone.

42. Thanks for your time!