POSTED BY: census / 26.04.2017

Hack In The Box 2017 Amsterdam

CENSUS researcher George Chatzisofroniou presented a novel WiFi attack technique named 'Lure10' at the CommSec track of the Hack In the Box 2017 conference in Amsterdam. The technique allows the automatic association of a Windows device to an attacker-controlled WiFi access point. The attacker may then mount a series of Man-in-the-Middle attacks to the victim device.

Photo courtesy of HELP NET SECURITY

The slides from George's talk are available here while a video recording of the presentation can be found here.

Following the talk, a new version of the Wifiphisher tool (version 1.3) was released that automates this attack.

More information about the attack can be found in George's detailed blog post.

The attack received some media attention, mainly from technical news sites: