you can tracerout from Windows

I understand where you're coming from and I think most people will decide that it's too much work to have it in the back of their mind that something like this goes on.
Some people will take it seriously on the other hand.

I myself believe that I won't be targeted because I'm not worth the trouble in my mind but who knows.

People that play for so much money or have millions of dollars should be aware.

edit: Worst case scenario is that someone that has money is hiring people to write code around this issue and are actually traveling to places where they can exploit it. That is the possibility of reality.

someone caught it

But whoever's controlling the fake access point could spoof the traceroute results

I'm not a security guy so I don't know LOL.
Someone should contact the author of the code I linked and ask rofl.

?

But wouldn't they need to get my device's password first and if so, how do they get that.

A non-technical response is okay.

In other words, you can take a good look at a T-bone by sticking your head up a bull's ass, but wouldn't you rather take the butcher's word for it?

Thanks for the info iosys. It is good to know that we don't need to remember our passwords in order to get access through these other wifi connections. Is that what you're trying to say?

Also, given the added convenience, is there any reason to continue using our old internet access with the passwords and all that hassle?

Thanks for clarifying!

i'm quoting but I think I'm answering the common question here.

Passwords are useful for limiting devices from using your own access point but the process that the password uses to verify the access point is not preventing the exploit.

I think a simple visual drawing of the devices and access points helps show what is really happening.


When the hacker can find access points in the area and wants to make an identical fake one on his machine. He can make one using his wifi adapter in his machine because it's simply the same hardware but more advance than what you find in a router/modem.

I thought the original explanations were pretty good, but it seems that there is still some confusion, so I'm going to try explaining it a different way - hopefully I'm understanding this correctly.

You're somewhere that you would normally connect your computer to the Internet via Wi-Fi. Once you're connected, everything you do on the Internet is going through whatever access point you're connected to. That access point doesn't need your computer's password for this - you've willingly connected your computer to the access point.

If a hacker manages to set up an access point of their own and fools you into thinking it's the other access point, you'll connect your computer to it instead. Now everything you do on the Internet is going through the hacker's access point, meaning he has access to all the data you're transmitting to the Internet, and that is being transmitted back to you.

So if I'm using a "user device" and it's "connected" to four "access points" (via the blue dots in the picture), you're saying one of them could be a "hacker machine"? How would you know which one?

It's probably better to only connect to one "access point" that you already know about.

No the picture is demonstrating what is happening on a low technology level (low system code level).

Bobo Fett's description of the problem is very good.

Agreed. I think as a rule of thumb you should only "connect" to "access points" with names that you know. The risk isn't worth it.

No. They would let you connect to a device with an identical SSID as your own device (or the device you're looking for) no matter what password you use, thats why you should use the test 'if accepting wrong password = yes, its not the right device aka a hackers device'.

Okay, the problem is I don't know what an ssid is.

The network name, like "Docs Internet" and whatever else you see when looking for access points to join.

why isn't this is Internet Poker?

Isn't the SSID the character string and not the name we see?

Or CTH?

http://en.wikipedia.org/wiki/Service...802.11_network)

FWIW I'm fairly certain that iosys is wrong for (WPA2-) secured networks. In the WPA2 four-way handshake both client and AP have to prove they know the same pre-shared secret, the wifi password. A client will not connect if the AP does not prove it also knows the wifi password. So you cannot impersonate a WPA2 secured access point and automatically get clients to connect to it if you do not also have the network key on the AP.

I think the only potential issue would be if you set your computer to automatically connect to some unsecured network. But I think all major operating systems advise you not to do that, precisely because it's insecure.

WPA2 appears to have a supported mode in the script that I linked from the looks of it.

Maybe you can outline more details for us

Quick google searching reveals that it would be possible to do something of the nature of the exploit in this thread but would require the group key. Anyone that uses your network could compromise that key by an assortment of ways.

I would love for security experts to comment.