Pwnie Express founder and CTO Dave Porcello was recently featured on Good Morning America to help raise awareness on the cyber attacks currently targeting hotel guests across the globe. In this segment, Dave demonstrates two of today’s most common attacks: malicious WiFi hotspots (aka “Dark Hotel” attacks or “Evil Access Point hotspots”) and keystroke logging devices (aka “keyloggers”).
As shown by our “Project Eavesdrop” experiment with NPR, these attacks can expose a tremendous amount of personal information to a cyber criminal, including:
- All visited websites, URLs, & search keywords
- Passwords to banking/financial accounts, email accounts, & social media sites
- Emails, photos, documents, & software downloads
- Internet phone calls & video chat sessions
- Physical location / GPS coordinates
In the past, these attacks required specialized equipment and a high level of technical expertise. Over the years, the proliferation of plug-and-play “cyber espionage devices” has made these attacks easier than setting up a home router.
“Evil Access Point” (Evil AP) hotspot devices and keyloggers come in a variety of portable, stealthy form factors and can be purchased online for as little as $20:
In the first demonstration, Dave simulates a “Dark Hotel” attack showing how an attacker can use an Evil AP to obtain personal information from hotel guests. Using a setup similar to the NPR Project Eavesdrop drop box, Dave was able to see all visited websites, URLs, images, and search keywords in real-time.
Next, Dave uses a combination of SSL-bypass and Fake Login Pages to simulate a password capture attack against several email and social media accounts, as well as a credit card number capture attack through a fake hotel guest portal page:
Unfortunately, these “Dark Hotel” attacks are nearly impossible to detect by the average hotel-goer. Once a hotel guest unknowingly connects to one of these Evil AP hotspots, all their Internet traffic can be monitored, recorded, intercepted, and tampered with by the attacker.
Dave then illustrates how wireless keylogger devices, (Now sold at Amazon and Sears), can capture everything typed into a hotel business center or kiosk computer, including passwords and credit card numbers. Your captured keystrokes can then be transmitted wirelessly over the Internet to an attacker residing anywhere in the world.
Lastly, Dave shows how the Pwnie Express Pwn Pad can be used by a security professional to detect and track down Evil AP hotspots:
Just like we expect hotels to keep us physically safe with modern door locks and secured windows, we need to begin expecting hotels to protect us online as well. Pwnie Express and other cyber security vendors offer technologies such as Pwn Pulse that are increasingly being deployed by hotels, banks, hospitals, and other organizations to detect and disable these types of attacks.
Evil APs defined:
Rogue/Evil Access Points — or unauthorized and unmanaged WiFi devices — can spell the end for even the most mature of Information Security programs. Rogue APs can take many forms: non-malicious employees plugging in their own Access Points for convenience, mis-or-unconfigured Wirelessly-enabled printers, or a $5 USB WiFi adapter that can be leveraged by criminals to stand up Fake Access Points from the parking lot. Unintentional, with malicious intent, or as a genuine mistake, a Rogue Access Point not under your control can give criminals direct access into your internal networks.
Evil Access Points can defeat even the most stringent WIPS/WIDS deployments, as they play on the weakest portion of any Security Program - the “Human Element.” Gone are the days of criminals having to have specialized Wireless gear and intimate knowledge of *nix to do this. With minimal cost and effort, any criminal can set up an EvilAP to lure - or even force - unsuspecting employees into joining fake wireless networks masquerading as legitimate networks.
Wireless Keyloggers defined:
Wireless keyloggers are rapidly becoming a physical security attack tool of choice. Keyloggers - traditionally found in software - allow for the storing of all keystrokes entered by the victim on the compromised machine. Criminals are now leveraging micro-USB sticks (some of which are so small, you wouldn’t notice them plugged in) to capture all keystrokes on the target computer. This inevitably leads to the disclosing of passwords and other sensitive information. Today’s keyloggers use remote connectivity methods (such as WiFi or Bluetooth) to offload or exfiltrate their capture information. Since they aren’t directly tied your organization’s wireless infrastructure, wireless keyloggers can operate virtually undetected.
Dow Jones: “Five top cyber espionage devices”
Pwnie Express & NPR: “Project Eavesdrop”
Project Eavesdrop Part 1: “The Drop Box”
Project Eavesdrop Part 2: “A Week in the Life”
The Evolution of Rogue Devices
Evil AP: An Introduction
Bypassing HSTS SSL with the Mana Toolkit
Stealing Credentials with Fake Login Pages
Mapping WiFi Networks on the Pwn Pad 2014
If you are a security professional or commercial organization interested in detecting rogue devices that may be present within your enterprise, please contact us at 1-855-793-1337 or at firstname.lastname@example.org, and our team of security experts will be in touch with you.