Snappy Detect Fake WiFi

A new tool named “Snappy” developed by cybersecurity experts, can assist in identifying rogue WiFi access points that aim to steal data from users who are unaware.

Tom Neaves, a security researcher with Trustwave and an enthusiast of wireless and RF technology, claims it is simple for determined attackers to fake the MAC addresses and SSIDs of reliable access points on open networks.

It is too simple for an attacker to set up their own Access Point with the same SSID and have the users connect to it, which is an issue for users, especially for those utilizing open wireless networks (coffee shops, supermarkets, etc.).

Particularly if the attacker is also spoofing the legitimate Access Point’s MAC address, the user truly has no way of knowing they are not on the genuine one.

In this case, Man-in-the-middle attacks allow threat actors to intercept and examine transmitted data since they are in control of the router.

Notably, a Media Access Control address (MAC address) is a unique identification issued to a network interface controller (NIC) for use as a network address in communications within a network segment.

This is widespread use in most IEEE 802 networking technologies, such as Ethernet, Wi-Fi, and Bluetooth.

MAC addresses are sometimes referred to as the built-in address, Ethernet hardware address, hardware address, or physical address since device makers typically assign them.

Each address may be saved either by a software mechanism or in hardware, such as the read-only memory on the card.

Snappy Tool To Identify Rogue Access Points

Snappy, created by Neaves, is an indispensable tool that effectively distinguishes authentic access points from suspicious ones.

With Snappy’s recognition capabilities, this common issue can now be easily resolved by identifying if it is the same access point that was used previously.

To create a signature, he needed to identify several components (elements, parameters, tags, etc.) in the beacon frame that were sufficiently distinct between access points both individually and collectively to serve as a fingerprint.

He says the idea of a signature, however, would not function if these values changed throughout time and remained constant to themselves.

Elements that characterize an access point

He discovered several static elements by examining Beacon Management Frames, including the vendor, BSSID, supported rates, channel, country, maximum transmit power, and others, that alter between various 802.11 wireless access points but remain constant for a particular access point over time.

The researcher calls the tool (Snappy), using the word “snap” (as in “snapshot”) to use this item and also not at all/only once substantially inspired by the Python file extension “.py,” which properly rounds off the situation.

Additionally, he reasoned that he could combine these components and hash them with SHA256 to produce a distinctive signature for each access point that a scanner tool could use to identify matches and mismatches.

Snappy in action, a SHA256 hash created for the wireless access point

In addition to the process for producing SHA256 hashes of wireless access points, Snappy can also identify access points made by Airbase-ng, a tool that attackers employ to make fake access points to intercept packets sent by connected users or even to snoop on their network traffic.

As long as Python is available, running Python scripts on laptops should be simple, but users of mobile devices will need to go above and beyond to find specialized interpreters and emulators.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.

Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here