I've thought about adding something like this to my guest wifi to mine some cryptocurrency - but quickly dismissed it as most guests would need to use a charger soon(ish) and thus using my electricity :P
It's also a scummy thing to do and sets a terrible precedent. Do you want friendly customers on your WiFi or do you want angry customers who feel cheated when they learn the truth?
I think it was basically a joke, and I think his "guests" are friends, not customers, and would therefore be likely to appreciate the joke even if he actually did it.
In the past, in Bulgaria, gypsies used to illegally connect to the electricity network to avoid paying bills. Nowadays there's a shift in that trend - there are numerous cases of people running mining farms the same way.
But... this doesn't use client to client communication. As far as the AP is concerned there is one client (the attacked). The victim is connected to the attacked believing the attacker is the AP.
To the AP, they are both clients. The attacker (MITM) computer can be accessed by the victim. This would mitigate the attack. It's possible that the arp spoofing would prevent the victim from accessing the internet, but that depends on how the AP institutes it's blocks.
don't take my word for it, but I'd bet you could disallow LAN comms on port 80 and prevent this. Typically a toxic client would flood the arp table until the router believed the toxic client should receive all communications and then the toxic client would mitm and forward traffic on the expected port to other normal clients...if the toxic client can't send stuff on port 80 to a normal client they can't easily mitm them
Yeah, but it would still redirect, since that's a different layer of the IP stack.
You could prevent wifi clients from communicating arp packets, I think that would allow most things to work.
If you have a corporate wifi system, you should be watching for arp poisoning anyway. If it's a public system, most people aren't using it to communicate between wifi devices. Most android devices that communicate via wifi will generate their own wifi network for the duration of the communication.
> is WPA2 on a public Wifi with a publicly known key a workaround?
You're thinking of packet injection (or data intercept) by any nearby individual, which WPA2 with known PSK would mitigate. However, as an attacker would know the PSK, they could simply join the network to side-step this.
I've heard of, although never implemented, using WPA2 Enterprise authentication for public access points, and then just have your RADIUS server reply with a success regardless of username and password combination.
At first I thought this was a terrific idea, but never tried it since I figured having a non-standard workflow for users to connect may cause too much confusion in the end.
And no, that's not a solution. Well at least not everywhere. If the clients aren't completely isolated I can for example poison your DNS and redirect example.com to my computer's web server.
Honestly any decent public wifi setup even if it isn't going to limit client to client communication, if that's needed for some reason, should be restricting based on protocol/port/etc. It should be a whitelist, not a blacklist. There's no reason a client should be able to touch HTTP traffic towards anything but the gateway.
This is trivial to set up with for example, even a cheap sonicwall.
This is why it's important to always use a VPN when connecting to an untrusted wifi, such as a coffee shop or airport wifi. Either pay $3 /month to a provider or setup your own with something like pivpn.
One problem I have with that is: by the time I’m conected to WiFi, I don’t know how much traffic has already passed through before I could active the VPN. How many background tabs suddenly realized that they had internet again and started sending information (and how many of those used insecure, third party scripts?). Many apps/programs also seem to happily start phoning home as soon as they got WiFi.
I used to have little snitch[1] set up custom rules depending on where I’m connected (allow only local network on unknown WiFi’s until connected to a VPN) but that never really worked well because some WiFi’s allowed third party IP addresses (to tracking scripts or their home page) which meant I got to tracking down this IP and adding a temporary rule for that. Suddenly quickly connecting to hotspots often became a tedious 10 minute process. This also had the positive side effect that I could prevent A LOT of apps from phoning home but at the end it was not worth all the hassle (because almost nothing just worked) and I decided not to install little snitch for my current installation. The only thing I really miss it is when I connect to my phone hotspots because I’m always afraid application XYZ decides to download an update and eat my (very limited) mobile bandwidth.
Furthermore there is no way to do that on my mobile phone where I have even less control over. My current solution is to never connect to free WiFi networks in the first play and in the few cases I need to, just hope that the provider is not evil. This sucks when I’m on vacation, though, because I’m at their mercy.
Given the recently disclosed vulnerabilities, instead of a cryptocurrency miner, it could be a Spectre exploit trying to scan and exfiltrate data from the computer's memory. We might be now at the point where disabling all Javascript for non-HTTPS pages is a good default.
Why do HTTPS pages get a pass? Between CDNs and ad networks, there's a ton of code out there. At some point, we decided that a magical protective box could make it okay for random people on the internet to run code on our machines. We keep finding this premise to be flawed, with Applets, and with Flash, and now with Javascript, and we always say "oh, if only we had a better protective box, it would have prevented this specific form of attack". Maybe the premise is flawed. Maybe no box is strong enough. Maybe we should stop running code from websites.
> Maybe we should stop running code from websites.
Which would mean that even something as simple as an up-vote on a comment would require a full page refresh from the server. The lag would probably kill most social media.
Well, one persistently active tab with a non-https site open.
I suppose you could configure the rogue AP to have one of those registration pages but the registration page tells them the WiFi will only work so long as they keep that tab open.
Interesting method, but yes; wouldn't HTTPS mitigate this script from being injected? Trying to get awareness for my own original miner written from scratch https://www.sparechange.io/ Interesting learning WASM.
Some buildings (hostels and shared accomodations) have shared internet (secured with WPA2). This type of attack might be particularly profitable in such situations.
That's probably a cultural thing. In some cultures, red is superior to green.
Really, it's not about them being better or worse than a user with more Karna. It's just a signal to everyone that this person might be advertising or AstroTurfing.
What?! I didn't know it indicates that the user is "untrusted", I'm from Sweden and my impression has been that the green users are super users of some kind.
