Sunday, April 26, 2015

Android WiFi Hacking - How an MITM attack works?

zANTI, Dsploit, Csploit, Faceniff and many, many more similar hacking apps are using a specific kind of attack called MITM - the Man In The Middle attack. What exactly does this attack do and is there any way to protect yourself from it? Read on!

Man In The Middle aims to control a victim by becoming the "man in the middle". Let's make an example.

We got person A and person B. Let's name them Rami and Jovie. They're friends and just chatting through an unencrypted connection (http). Alice wants to hang out, says:

 - Sup Jov, gimme your public key, I want to chat!

Rami is requesting a Public key (known as asymmetric cryptography - used to encrypt data and verify them as a digital signature)

Rami and Jovie don't know one thing. There's an evil person Miro intercepting everything they say.
What happens here is that the sent message goes first to Miro and then gets sent to Jovie. He doesn't spot anything, the message is the same, nothing's really suspicious at the moment.
Jovie responds:

- Yo Ramy, let's chat. Here's my key: materialFTW123

Miro now knows the Jovie's public key but instead of sending this key directly to Rami, he sends his own public key. Miro slightly edits the message:

- Yo Ramy, let's chat. Here's my key: motiondesignFTW123

Now they can encrypt the whole conversation with their private encrypt alghoritm. However, they don't know there's someone who's edited it so he can view and control the whole conversation between these two guys.

- [encrypted with Miro's key] Let's hang out, bring some booze lol

Miro then encrypts it to Jovie's original key (materialFTW123) so he doesn't spot a thing. Then he resends it to Jovie and the conversation goes on.


This way the attacker can take control over a conversation and not only he can intercept it but also change it. Boom, we have redirect, script injection, replace images and many more features.

Here's a screen from MITM section in cSploit app. There are several MITM features starting from innocent "simple sniff" that sniffs through the traffic and monitors up/down, and password sniffer, that inputs passwords from the victims.

Now, is there any way to protect from these attacks? Yup, and it's not difficult at all.

Firstly, be sure to be on HTTPS. You can always check it in he URL bar. There's a feature SSLStrip that prevents from connecting to HTTPS but it cannot redirect you to HTTP while on HTTPS. So if you're on HTTPS, you're good to go.

Use WiFi Protector. WiFi protector is a handy app for your Android device that monitors the net and alarms you if there's an intruder (also shows his MAC/IP adress and can even protect you from the atttack if you're rooted). Download

Try not to connect to public networks - they're the biggest threat. But fortunately these attacks are not that often and you shouldn't really catch a hacker if you're mostly on private WiFis.

No comments:

Post a Comment