Spain
Portugal
🌐 Fake Wi-Fi access points.
It is necessary to note one more risk factor (and for some, an opportunity) when using Wi-Fi technologies: fake access points. Attacks of this type have been carried out for about 15 years (the first known case was the use of a tool called "Jasager" in 2008), and are very simple: firstly, it is not difficult to develop a tool for such an attack on your own, and secondly, a number of relevant devices are available for sale (for example, Wi-Fi Pineapple).
You can find out more about the technical side of the case below:
A discussion of such attacks using microcontrollers is available in the materials of the HOPE 2020 video conference.
The principle of operation of the Wi-Fi Pineapple Mark VII is also clearly presented on YouTube.
Such devices fit into a small bag and, when turned on, "capture" the Wi-Fi environment in any public place or room (bar, restaurant, cafe, train station, etc.). The coverage of the space is limited only by the signal strength of the device itself, which replaces the Wi-Fi networks around it, while blocking Wi-Fi clients in the reach zone from accessing the "genuine" network. To do this, in particular, a DoS attack of the type "deauthentication" (Wi-Fi deauthentication) or "disassociation" (Wi-Fi dissociation) is carried out, which continues until the target devices attempt to connect to the substituted access point.
The attacker's device can either simulate an adaptive portal (captive portal) with the same external configuration as the Wi-Fi network to which the victim's device is trying to access (for example, the airport check-in portal), or simply provide the victim with unlimited access to the local network, at the same time intercepting all traffic. As soon as the victim connects to the network through a fake access point, an attacker can use such a point to carry out any MITM attacks: redirect the victim to infected or fake sites, intercept traffic, and so on. Also, an attacker is able to easily identify any client trying, for example, to connect to a VPN server or a Tor network.
As for deanonymization, such techniques can be used as follows: the attacker knows that the target is in some public place, but it is not known who it is specifically. Using the device described above at the same time allows an attacker to fix any site visited by each visitor of such a place through a compromised Wi-Fi network, despite protection such as HTTPS, DoT, DoH, ODoH, VPN or Tor. In essence, traffic analysis in this case is conducted according to the same principles as when intercepting DNS requests.
The technologies described above can also be used to develop (including through careful imitation) advanced phishing web pages that will collect user credentials or require them to install a malicious file under the guise of a certificate that allows an attacker to analyze encrypted traffic from their devices.
Is there a way to somehow reduce the risks if you suddenly need to use a public Wi-Fi hotspot? With a high probability, traffic obfuscation using Tor — as an option, in combination with a VPN (Tor over VPN or VPN over Tor) — will allow you to complicate the actions of possible attackers.
