• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Wi-Jacking – New Wifi Attack Allow Accessing Millions of Neighbour’s WiFi Without Cracking

September 14, 2018 by Raaghav Sharma 2 Comments

ewly identified WiFi attack called Wi-Jacking allow hackers to attack millions of WiFi network and accessing the neighbor’s WiFi without any form of Cracking.

few pre-requisites for this:

  • There MUST be an active client device on the target network
  • Client device MUST have previously connected to any other open network and allowed automatic reconnection
  • Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera
  • Client device SHOULD** have the router admin interface credentials remembered by the browser
  • Target network’s router admin interface MUST be configured over unencrypted HTTP

Mitigations

  • Only login to your router using a separate browser or incognito session
  • Clear your browser’s saved passwords and don’t save credentials for unsecure HTTP pages
  • Delete saved open networks and don’t allow automatic reconnection
  • As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key.

https://gbhackers.com/wi-jacking-wifi-attack/

Filed Under: Week 03: Reconnaisance Tagged With:

Reader Interactions

Comments

  1. Brock Donnelly says

    September 15, 2018 at 2:45 pm

    The prerequisites for this do not seem unreasonable but it is just not as likely as the headline will lead you to believe. Not only does this seem to only be a Chrome issue (although Opera is included) but the user also has to allow passwords on their browser to be cached. Let alone the target machine needs to have obtained a previous open network connection. I think I would be less harsh if they singularized Millions in their headline. 🙂

    The mitigations are well represented.

    Log in to Reply
  2. Jayapreethi Selvaraju says

    September 19, 2018 at 2:24 pm

    I wonder if this solution will really work…

    “As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key”

    Since they have highjacked the network, if we change the password for shared keys, wouldn’t they know and wouldn’t they capture the changed password. more over the admin credentials of the router are generally not encrypted (or may be in the higher end modules, they are). I mean, the prerequisites are only for the initial connection. What if they set the network in such a way that the credentials when changed will be send to them automatically!!!???

    It would be nice to have a way to detect if our network/router is directly connected to the service provider router. What if somebody spoof the service provider router??!!! For crypto mining, people are stealing the bandwidth. They just don’t use the bandwidth. They also steal the data.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in