Saturday, July 13, 2024

Snappy – A New Tool to Detect Fake WiFi Access Points

A new tool named “Snappy” developed by cybersecurity experts, can assist in identifying rogue WiFi access points that aim to steal data from users who are unaware.

Tom Neaves, a security researcher with Trustwave and an enthusiast of wireless and RF technology, claims it is simple for determined attackers to fake the MAC addresses and SSIDs of reliable access points on open networks.

It is too simple for an attacker to set up their own Access Point with the same SSID and have the users connect to it, which is an issue for users, especially for those utilizing open wireless networks (coffee shops, supermarkets, etc.).

Particularly if the attacker is also spoofing the legitimate Access Point’s MAC address, the user truly has no way of knowing they are not on the genuine one.

In this case, Man-in-the-middle attacks allow threat actors to intercept and examine transmitted data since they are in control of the router.

Notably, a Media Access Control address (MAC address) is a unique identification issued to a network interface controller (NIC) for use as a network address in communications within a network segment.

This is widespread use in most IEEE 802 networking technologies, such as Ethernet, Wi-Fi, and Bluetooth.

MAC addresses are sometimes referred to as the built-in address, Ethernet hardware address, hardware address, or physical address since device makers typically assign them.

Each address may be saved either by a software mechanism or in hardware, such as the read-only memory on the card.

Snappy Tool To Identify Rogue Access Points

Snappy, created by Neaves, is an indispensable tool that effectively distinguishes authentic access points from suspicious ones.

With Snappy’s recognition capabilities, this common issue can now be easily resolved by identifying if it is the same access point that was used previously.

To create a signature, he needed to identify several components (elements, parameters, tags, etc.) in the beacon frame that were sufficiently distinct between access points both individually and collectively to serve as a fingerprint.

He says the idea of a signature, however, would not function if these values changed throughout time and remained constant to themselves.

Elements that characterize an access point

He discovered several static elements by examining Beacon Management Frames, including the vendor, BSSID, supported rates, channel, country, maximum transmit power, and others, that alter between various 802.11 wireless access points but remain constant for a particular access point over time.

The researcher calls the tool (Snappy), using the word “snap” (as in “snapshot”) to use this item and also not at all/only once substantially inspired by the Python file extension “.py,” which properly rounds off the situation.

Additionally, he reasoned that he could combine these components and hash them with SHA256 to produce a distinctive signature for each access point that a scanner tool could use to identify matches and mismatches.

Snappy in action, a SHA256 hash created for the wireless access point

In addition to the process for producing SHA256 hashes of wireless access points, Snappy can also identify access points made by Airbase-ng, a tool that attackers employ to make fake access points to intercept packets sent by connected users or even to snoop on their network traffic.

As long as Python is available, running Python scripts on laptops should be simple, but users of mobile devices will need to go above and beyond to find specialized interpreters and emulators.

“AI-based email security measures Protect your business From Email Threats!” – .


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles