A new way of hacking computers using a wireless connection has been demonstrated at Toorcon this weekend. The creator of the method, Vivek Ramachandran, calls it the Cafe Latte method, since it can be performed in roughly the amount of time that is needed to drink a cup of coffee. This hacking method works on laptops that use WEP (Wired Equivalent Privacy), instead of WPA (Wi-Fi Protected Access). Even though this form of security is outdated, a great number of people, especially home users, still have it.
Up until now researchers would search for ways to exploit WEP and hack into wireless networks, but Ramachandran has taken a look at the client side of things and developed a way of tricking a WEP-enabled client into thinking that it is logging on to a network that it already knows.
The hacking is done in a few stages, all of which exploit the WEP architecture. First of all, the attacker programs a laptop to act as a wireless network in an airport or internet cafe. This laptop then starts communicating with other Wi-Fi laptops and figures out the names of WEP-enabled routers that these laptops look for. It then cracks the keystream encryption code that allows to send messages to a victim's laptop.
To read the victims messages, the attacker neads to truly crack the WEP encryption key, this can be done by having the victim's laptop send a large amount of information to the attacker so it can be analyzed and cracked using a WEP-cracking tool. The amount is somewhere around 70,000 messages. This can be done using ARP (Adress Resolution Protocol), which is only used when a new computer joins a LAN to check whether the IP address it uses is in existence on some other computer in the network. What the attacker needs to do is to guess an IP adress that is the same as the victim's and if it is, then the victim's laptop will send a message back that the particular IP adress is already in use. The attacker then proceeds to flood the victim's PC with the same message until a big enough number of responses is accumulated to crack the WEP encryption key.
Once all of this is done, the attacker can read whatever the victim does on the internet.
Up until now researchers would search for ways to exploit WEP and hack into wireless networks, but Ramachandran has taken a look at the client side of things and developed a way of tricking a WEP-enabled client into thinking that it is logging on to a network that it already knows.
The hacking is done in a few stages, all of which exploit the WEP architecture. First of all, the attacker programs a laptop to act as a wireless network in an airport or internet cafe. This laptop then starts communicating with other Wi-Fi laptops and figures out the names of WEP-enabled routers that these laptops look for. It then cracks the keystream encryption code that allows to send messages to a victim's laptop.
To read the victims messages, the attacker neads to truly crack the WEP encryption key, this can be done by having the victim's laptop send a large amount of information to the attacker so it can be analyzed and cracked using a WEP-cracking tool. The amount is somewhere around 70,000 messages. This can be done using ARP (Adress Resolution Protocol), which is only used when a new computer joins a LAN to check whether the IP address it uses is in existence on some other computer in the network. What the attacker needs to do is to guess an IP adress that is the same as the victim's and if it is, then the victim's laptop will send a message back that the particular IP adress is already in use. The attacker then proceeds to flood the victim's PC with the same message until a big enough number of responses is accumulated to crack the WEP encryption key.
Once all of this is done, the attacker can read whatever the victim does on the internet.
Comment on New way of stealing data from Wireless network cli