Snappy: Advanced Wi-Fi Rogue Detector
How not to fall for the bait of hackers in public places?
Cybersecurity specialists from the company trustwave recently introduced a tool called “Snappy” capable of detecting fake and just suspicious WiFi access points that can potentially steal sensitive data from unsuspecting users.
Attackers can create fake hotspots in supermarkets, coffee shops and malls, mimicking real official hotspots installed in these places. And not just duplicating their name, but completely replacing legitimate access points with them. And since attackers have complete control over such fake points, they can intercept and analyze data transmitted between devices, performing man-in-the-middle attacks.
Trustwave researcher and wireless specialist Tom Neaves explained in detail in his report that spoofing the MAC address and SSID of legitimate open access points is not difficult for experienced hackers. Thus, the devices of potential victims who visit places with open wireless networks for the first time will automatically reconnect to already fraudulent access points.
Tom Neaves has developed and presented a tool called Snappy that solves this problem by helping people determine whether the hotspot they are currently using is the same hotspot they used last time, or if it’s a completely different hotspot.
By analyzing Wi-Fi control frames, Nives found certain static elements such as manufacturer, BSSID, supported speeds, channel, country, maximum transmit power, and others that differ between different wireless access points. 802.11but remain constant for a particular access point at all times.
The researcher decided to combine these elements and hash them using SHA-256to create a unique signature for each access point. This signature can then be used as a detector to determine matches or mismatches.
Matches mean that the access point is the same, and therefore reliable. But signature mismatches mean that something has changed, and the access point may be fake.
In addition to the mechanism for generating SHA256 hashes of wireless access points, Snappy can also discover access points created with airbase-nga tool that attackers often use to create fake access points to intercept packets from connected users or even inject extraneous data into their network traffic.
Running the Snappy Python script on laptops is quite easy if Python is installed on the system, but mobile device owners will have to make extra efforts to install special interpreters / emulators.
Android device owners can use Pydroid, QPython, or Termux to run Snappy, while iOS users can choose between Pythonista, Carnets, and Juno.
The idea turned out great, so let’s hope that Trustwave will soon consider publishing this tool in a more convenient form, for example, as a native application for Android, iOS, Windows, MacOS and Linux with a simple and intuitive interface for every user.