Using public Wi-Fi networks can be risky if you don’t properly encrypt your Internet traffic.
In a series of demonstrations, SensePost CTO Dominic White showed how easy it is for a hacker to access unencrypted data you send over an open Wi-Fi network.
He also showed how an attacker might set up a fake Wi-Fi hotspot that pretends to be a network you’ve previously connected to, using the MANA Toolkit.
MANA is a set of tools White developed with Ian de Villiers at SensePost which demonstrates the security problems in Wi-Fi with working exploits.
How your unencrypted traffic can be intercepted on Wi-Fi
In the video below, White uses a tool called Driftnet to show how an attacker can intercept and display images being transmitted unencrypted over a Wi-Fi network.
Instagram was used as a source for unencrypted images.
Encryption? What encryption?
As soon as a victim starts using encrypted web services such as Facebook, Twitter, or Gmail, it’s not so easy for an attacker to access their web traffic.
However, thanks to the fact that smartphones and PCs actively scan for Wi-Fi networks they previously connected to, it is simple for a hacker to execute a type of man-in-the-middle attack.
In the video below, White shows how MANA pretends to be a network a user previously connected to, and uses techniques such as protocol downgrade attacks to circumvent the encryption secure services and websites use.