Penetration test of Mobile devices WiFi
#4n6strider

Penetration test of Mobile devices WiFi

Jindrich Karasek Jindrich Karasek

Jindrich Karasek

Cyber Threat & Defence Research, AI & Cognitive Security, DFIR, speaker, mentor, TI Associate, Views are my own.

发布日期: 2017年2月6日
+ 关注

Do you have a cellphone always connected to the internet? Do you connect to every public WiFi available?

In article published on my website I have added couple of visualizations of a simple penetration test.

Goal was to test, if it will be possible to intercept wireless network traffic between mobile device and the Internet.That was it, no further action like password recovery or DNS spoofing, forwarding to malicious website or pushing false updates.

Below picture shows summary of the result.

All in RED was prone to interception. All in BLUE was either safe, or part of testing infrastructure.

Note: All names of devices were modified before the visualization process. So names are not real, but the relations and number of devices remains intact.

Technique used in this test is very common {Not disclosed on purpose}. What is a big surprise, that the method is actually still working.

Conclusion:

Be careful where you connect to WiFi and what kind of information do you send over. Have antivirus solution installed on your cellphone. Even if it is the iPhone! Most of modern antivirus do warn you, when you connect to dangerous networks. It is good idea to switch of the WiFi, once you are done with browsing.

--------------------------------------------------------------------------------------------------------

Do you like the picture? More details and the rest of pictures are placed on my web.





要查看或添加评论,请登录

Jindrich Karasek的更多文章

  • Enhancing Defenses Against Cognitive Warfare through Cyber Threat Hunting, OSINT, and Ethical Hacking
    2024年4月9日

    Enhancing Defenses Against Cognitive Warfare through Cyber Threat Hunting, OSINT, and Ethical Hacking

    {Consider this text as my public research notes, that I am building on while doing presentations, case studies, spot…

    2 条评论
  • A phishing story
    2017年12月13日

    A phishing story

    Phishing threat is still valid and it remains the most prevalent way how the attacker get into the enterprise…

  • Election manipulation
    2017年7月25日

    Election manipulation

    Introductory picture {Picture 0} below shows grouped website scan of Government of the Country. Various websites…

    1 条评论
  • RansomWare data mining
    2017年6月23日

    RansomWare data mining

    Recently, I did small research regarding how many different ransomware is found in the wild. Point was to check, if…

  • Let′s spy on malicious hackers!
    2017年1月19日

    Let′s spy on malicious hackers!

    Lets spy on malicious hackers! On my website: https://4n6strider.it I reveal the hypothetical structure of a SIEM…

    3 条评论
  • Knowledge Management
    2016年12月7日

    Knowledge Management

    The training is crucial part of every company' s security policy. There is an analysis below of a "Knowledge…

    1 条评论
  • Nmap on Twitter
    2016年9月12日

    Nmap on Twitter

    This is only small post, an appetizer generated during processing, I will add more details in future on my website…

    2 条评论
  • A Botnet was using DNS tunneling for its C&C operations
    2016年4月30日

    A Botnet was using DNS tunneling for its C&C operations

    Another great example of contribution of big data analysis to IT Security operations. Data were collected by using a…

    2 条评论
  • My own social network - hackers would love to do this.
    2016年4月24日

    My own social network - hackers would love to do this.

    One of the good use cases for so called "big data" approach is modeling of private social network. Same of course…

  • IT Security meets Data Science
    2016年4月9日

    IT Security meets Data Science

    Quote: The purpose of abstraction: “Is not to be vague but to create a new semantic level on which one can be…

社区洞察

其他会员也浏览了