For a long time there has been problems with security flaws in consumer grade routers for middle man attacks.
consumer grade routers are not equipped with defensive policies to protect their customers this attack becomes very easy to do.
Recently a group of researchers put together a tool that automates the whole attack for you so that you do not even need to know how to start the specialized tools like sslstrip and others. This allows anyone who can install the software to go to a coffee shop and exploit the users on the network be it customers or business computers.
This tool is called Subterfuge. Subterfuge is a framework that allows for others to add to it and help others automate attacks. The software comes with automating credential harvesting. This allows the sslstrip to strip any https session and grab the username and password without the victim being the wiser.
Customers need to protect them selves and demand protection against these type of attacks from router makers. These attacks are not new and have been around for years.
I have been able to give this software a try and it does work and is very simple to use.
"Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…"
-Local Tech Repair Admin
No comments:
Post a Comment