What is a wireless MITM attack?
MITM stand for Man-In-The Middle. An MITM attack is said to occur when an attacker inserts himself in between the user and the legitimate network services. When this attack occurs over a wireless network, it is known as a wireless MITM attack.
How does a wireless MITM attack happen?
One of the easiest way for an attacker to find some victims to exploit is to set up an access point that serves as a bridge to a real network. Most people are fairly indiscriminate about the wireless network they use. They’ll try to get Internet access by any means possible, regardless of the risk.
In fact, it doesn’t matter what the name of the access point is, because whether it’s called “Free Open Wi-Fi” or “Do Not Use”, there will be someone that comes along that will try to use it. [1]
In fact, it doesn’t matter what the name of the access point is, because whether it’s called “Free Open Wi-Fi” or “Do Not Use”, there will be someone that comes along that will try to use it. [1]
A slight variation on this approach is to use a more specific name that mimics a real access point normally found at a particular location. For example, if your local airport provides a service called “Airport Wifi”, the attacker might want to create an access point with the very same name using an access point that has two radios. This is called the Evil Twin, because it is mimicking a real access point for nefarious purposes.
Both these modes of attack requires a user to stumble upon it and connect, so the attacker can’t choose who the victim will be.
Can there be more “proactive” attacks?
Think about what happens when you bring your wireless device back to a location that you’ve previous visited. For instance, when you bring your laptop home, you don’t have to choose which access point to use, because your device already memorized the details. The same goes for visiting the office or your favorite coffee shop. The way that the mobile device detects when it’s within the proximity of one of these access points is to send a beacon out to see if one of their preferred networks is within earshot.
Under a normal set of conditions, when the laptop sends a beacon asking “I normally connect to MyHomeWifi, are you out there?”, the non-matching access points would ignore it. The beacon goes unanswered, except for when it comes within the proximity of the legitimate one.
The Jasager attack takes a more proactive approach towards all of these requests. Jasager (German for “the Yes man”), will respond to the beacons by saying “Yes I’m here”, thus taking a very promiscuous approach towards who can connect. The user doesn’t have to manually choose the attacker’s access point, but rather the attacker pretends to be whatever access point the user normally uses. Instead of trying to get victims to connect at random, now the attacker simply needs to be within proximity of their target.
Now that the attacker has the victim connected to the malicious access point, the man in the middle is now in place. This opens a whole new world of attacks, for the attacker not only can observe traffic, but modify it as well. [1]
Reference:
1. Tokuyoshi, B. (2013, November 25). Wireless Man in the Middle. Retrieved from http://researchcenter.paloaltonetworks.com/2013/11/wireless-man-middle/