Thursday, October 3, 2024
HomeCyber Security NewsSnappy - A New Tool to Detect Fake WiFi Access Points

Snappy – A New Tool to Detect Fake WiFi Access Points

Published on

A new tool named “Snappy” developed by cybersecurity experts, can assist in identifying rogue WiFi access points that aim to steal data from users who are unaware.

Tom Neaves, a security researcher with Trustwave and an enthusiast of wireless and RF technology, claims it is simple for determined attackers to fake the MAC addresses and SSIDs of reliable access points on open networks.

It is too simple for an attacker to set up their own Access Point with the same SSID and have the users connect to it, which is an issue for users, especially for those utilizing open wireless networks (coffee shops, supermarkets, etc.).

- Advertisement - EHA

Particularly if the attacker is also spoofing the legitimate Access Point’s MAC address, the user truly has no way of knowing they are not on the genuine one.

In this case, Man-in-the-middle attacks allow threat actors to intercept and examine transmitted data since they are in control of the router.

Notably, a Media Access Control address (MAC address) is a unique identification issued to a network interface controller (NIC) for use as a network address in communications within a network segment.

This is widespread use in most IEEE 802 networking technologies, such as Ethernet, Wi-Fi, and Bluetooth.

MAC addresses are sometimes referred to as the built-in address, Ethernet hardware address, hardware address, or physical address since device makers typically assign them.

Each address may be saved either by a software mechanism or in hardware, such as the read-only memory on the card.

Snappy Tool To Identify Rogue Access Points

Snappy, created by Neaves, is an indispensable tool that effectively distinguishes authentic access points from suspicious ones.

With Snappy’s recognition capabilities, this common issue can now be easily resolved by identifying if it is the same access point that was used previously.

To create a signature, he needed to identify several components (elements, parameters, tags, etc.) in the beacon frame that were sufficiently distinct between access points both individually and collectively to serve as a fingerprint.

He says the idea of a signature, however, would not function if these values changed throughout time and remained constant to themselves.

Elements that characterize an access point

He discovered several static elements by examining Beacon Management Frames, including the vendor, BSSID, supported rates, channel, country, maximum transmit power, and others, that alter between various 802.11 wireless access points but remain constant for a particular access point over time.

The researcher calls the tool snap.py (Snappy), using the word “snap” (as in “snapshot”) to use this item and also not at all/only once substantially inspired by the Python file extension “.py,” which properly rounds off the situation.

Additionally, he reasoned that he could combine these components and hash them with SHA256 to produce a distinctive signature for each access point that a scanner tool could use to identify matches and mismatches.

Snappy in action, a SHA256 hash created for the wireless access point

In addition to the process for producing SHA256 hashes of wireless access points, Snappy can also identify access points made by Airbase-ng, a tool that attackers employ to make fake access points to intercept packets sent by connected users or even to snoop on their network traffic.

As long as Python is available, running Python scripts on laptops should be simple, but users of mobile devices will need to go above and beyond to find specialized interpreters and emulators.

“AI-based email security measures Protect your business From Email Threats!” – .

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...