One More Reason to Avoid the WiFi at Your Local Starbucks

Intohand's Kali Linux NetHunter Setup

I’ve said it before and I’ll say it again: if you use public WiFi networks you’re putting your data at risk.

Last week Intohand’s Matthew Rollings posted a guide for transforming a humble Nexus 7 tablet into a “compact penetration testing toolkit“. The same tools can be installed on a Nexus 5 and OnePlus One.

So while you’re sipping a latte at your favourite coffee spot you may be entirely unaware that someone else in the joint has successfully cracked the wireless network, capturing passwords and all sorts of other data from everyone on it.

Amazingly, even WPA-protected networks are vulnerable to these tools.

Two custom Android distributions make this possible: Kali Linux NetHunter and the unfortunately-named Pwnie Express tools. Hardware requirements include the following:

  • USB OTG Y-cable
  • USB Ethernet adapter
  • USB WiFi adapter

Once set up the network cracker will have the following software tools at their disposal:

If you’re wondering how WPA networks can be compromised, it’s a matter of capturing the “handshake” between device and network. The handshake is encrypted, to be sure, but it’s entirely possible for a password to be brute-forced after the fact using a distributed dictionary attack. There are both free and paid services available for this type of thing.

I should note that both the hardware and software described here are, to my knowledge, perfectly legal network auditing tools. But obviously, in the wrong hands they have the potential for harm. All this is to urge you to please think twice before you connect to any WiFi network that isn’t yours!

Leave a Reply