PWNED ONBOARD

We are known by the technology we keep... 

I am surrounded by technology enthusiasts at F5 Networks – if I chanced on any workplace discussion, more often than not I would hear Apps…Smarter…Faster…Safer. 

In such company, I sometimes get skeptical looks when mentioning how trained and seasoned eyes can still fall prey to malware. Challenge accepted – devise a plan to prove that our desire to remain connected at all times with a dumb smart device makes us easy prey.

Plan of action

Use the oldest trick in the book, attack when the opponent is most vulnerable. In today’s context that job is easily done by taking away one’s internet access. When travelling is an integral part of your job, you realize you hit this vulnerable position much more often than desired.

So I picked up a target and a colleague to help, a little bit of recce revealed that we were going to be in an airport where there was no internet (free or otherwise).

Taking a cue from Sun Tzu’s art of war, we reached the battlefield ahead of time and had it ready – unhindered FREE WiFi.

Fortunately, the target walks right into the trap along with few strangers. Connected to the FREE WiFi, accepting terms and conditions, installing a program for priceless internet.

So I made a point for the day to analyze some of the other options. Free WiFi is everywhere, at the mall, at the restaurant etc. But a really fertile ground to harness confidential credentials would be the airplane itself. Here is what I came up with as an attack vector:

WiFi On Board

Many airlines provide WiFi onboard for media (movies/songs etc.) and internet. This usually requires two simple and steps (the experience may differ on different airlines)

Step 1: Connect for Free WiFi

Step 2: Install an application to stream movies, etc.

Step 3: (Optional) Pay and purchase premium content

All this hack needs is a person with malicious intent and a laptop and few software to cause some damage. So putting myself in a hoodie, I designed the attack path.

1. Setup a WiFi Access point, with name that will attract people (AIRLINENAME_MEMBERSHIP_BETA_FREE_INTERNET). The name would blend in with other WiFi access points provided by airlines.
2. The access point will require the user to authenticate with their Frequent flyer membership details.
3. To make the attack more effective, the access point can ask the user to install a software. With this attack vector, users can be easily phished to side load a malware on Android devices.
4. Show error message the BETA High Speed WiFi Access Point has reached its limit of number of users, kindly try the other Access Point.

Catch of the day: Frequent flyer credentials, credit card numbers, and potentially compromised endpoints to fuel the bot economy

Moral of the story

That tweet that you want to make or the incredible selfie you need to instagram or the important work email you want to send, all of it can wait. Evaluate the free WiFi access point you are planning to connect to.

Think before you provide any kind of credentials, cyber criminals are not only after your financial credentials. Remember your frequent flyer miles can be converted to Amazon credits.

Remember to keep your guard up; do not install a software bypassing standard practice. Side loading an app puts you at a lot of risk.