The WiFi Coconut is a router's evil twin
Published: October 18, 2022

The WiFi Coconut is a router's evil twin
The WiFi Coconut is a router's evil twin

Wi-Fi is how most people connect to the internet most of the time, but from a security standpoint, it's a remarkably wobbly foundation. 

We treat Wi-Fi connections like hardened tunnels to wherever we're connecting on the internet, but there's nothing inherently private about the signal. Wi-Fi is just radio, and like any radio, the signals go out in all directions all the time. Anyone with the right antenna can listen to what's being broadcast, and it's nearly impossible to tell that they're doing it. Even more dangerous, anyone can offer Wi-Fi, so it's hard to be absolutely sure who you're connecting to. This is why hardened systems like SecureDrop often pull out a computer's Wi-Fi card completely. Without wireless capability, the attack surface of a device shrinks dramatically.

Actually exploiting those weaknesses is difficult, but it's far from impossible, which is where devices like the WiFi Coconut come in.

What is it?
In simple terms, the WiFi Coconut is like a very powerful router, but one that sucks up data without transmitting anything out. You couldn't use it to connect to the internet, but it can create a near perfect record of everything happening on the WiFi spectrum.

Where most routers make do with two to six antennas, the Coconut has 14, one for each channel in the 2.4GHz Wi-Fi spectrum. That lets the coconut listen and log every channel simultaneously, creating a scannable record of everything that happened on the Wi-Fi spectrum within listening range. One of the Coconut's most basic functions is creating these recordings along with some basic packet analysis, the Wi-Fi equivalent of recording every station on the radio at once.

That recording alone doesn't tell you very much. The vast majority of Wi-Fi traffic is encrypted, so without the keys, you won't even be able to tell much about what people are doing. (This kind of nesting encryption system is one of the fundamental building blocks of the internet: similar key exchanges protect you from eavesdroppers at the ISP level and within the physical network itself.) But just because you can't pull passwords out of the air in plain text doesn't mean there isn't serious mischief to be made.

What can it do?
The biggest threat is something called a KARMA attack in which attackers disguise themselves as a trusted Wi-Fi network. If you've ever been told to avoid open Wi-Fi networks in public places, this attack is the reason why, although surprisingly, it works even if you're nowhere near an unsecured network.

The attack exploits the peculiar way computers connect with preferred Wi-Fi networks. When you set your computer to automatically connect, it starts proactively looking for that network, sending requests that also identify what network it's looking for. As this post memorably put it, it's as if your device is constantly shouting, “Is Starbucks WiFi here?” And unlike most Wi-Fi traffic, those signals are unencrypted.

In the KARMA attack, the attacker uses a device like the WiFi Coconut to pick up on those signals and another gadget (probably a more conventional router) to give whatever answer your device is looking for. The attacker sends back a message identifying this new network as whatever you're looking for, say, “Starbucks Wi-Fi”, and invite your device to automatically join the network. Because of the seamless way devices switch between Wi-Fi networks, there's a good chance you won't even notice the switch. Suddenly, you're connecting to the internet through someone else's router, exposing you to all manner of malware injection attacks.

How much of a threat is it?
Many of the attacks we cover here are exotic or limited to espionage agencies, but this one has a clear enough payoff that it's more common than you might think. It's easy for a run-of-the-mill criminal to try this out in an airport lobby or a fancy hotel, hoping for a lead on some kind of ransomware scheme. They wouldn't even need a WiFi Coconut; any suitably hackable router will do.

Having said that, there's a simple way to protect yourself against a KARMA attack: tell your devices not to auto-join any public Wi-Fi networks. The specific path varies between operating systems, but if you poke around your Wi-Fi setting and preferences, it shouldn't be too hard to find. (Don't forget your phone; mobile devices are vulnerable to the same attack.)

If your device isn't looking for any specific public networks, it won't be sending out those KARMA-vulnerable signals. Failing that, you can set devices to ask you before they join a new network. It's not absolutely foolproof, but it will go a long way toward keeping you safe.

Source: Re-posted and Summarized from RUSSELL BRANDOM at the verge.
Customer Reviews:

We all have been VERY pleased with Adrian's vigila
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and successful repairs. Evan was also very helpful in solving all of my hacking problems. So in all aspects of the Computer Geeks we are very glad we are working with you.
Kenneth Bruscia PhD
Published:
Kenneth Bruscia PhD
[email protected]
FIVE STARS + It's true, this is the place to go fo
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my problem immediately. It's such a comfort to know that I can reply on these people for any and all my web needs. You will not find a better team anywhere.
Paul Adler
Published:
Paul Adler
[email protected]
We reached out to Rich and his team at Computer Ge
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help because our former website design agency left us hanging with major website issues that needed immediate attention. Rich and his team were extremely helpful and quick to come to our rescue! They have helped us with numerous projects that have helped our SEO. Our sales have increased 30% since coming to Computer Geek. We've been working with them for about nine months now and are very pleased with their response time and helpful manner. Rich has proven himself to be trustworthy and dependable. We feel valued as a customer and look forward to continuing a relationship with Computer Geek.
Leigh Hutchens
Published:
Leigh Hutchens
[email protected]
Just to say thank you for all the hard work. I can
Just to say thank you for all the hard work. I can't express enough how great it's been to send projects and they get done. Beyond that, your ability to work with three different folks in a personable way really has been a game changer for us. The improvements to our business because of your hard work have been significant.
Curtis Williams
Published:
Curtis Williams
[email protected]
I would certainly like to recommend that anyone pu
I would certainly like to recommend that anyone pursing maintenance for a website to contact The Computer Geek. I have been using another company to do some maintenance on my site with moderate success. There were issues that were evidently beyond what could be handled by them. However, the professionals at The Computer Geek had them addressed and rectified in no time at all. The Computer Geek approached all of my requests focusing on my goals and the needed performance. Then, once versed, presented me with a very reasonable price. Once the projects were in motion, I found that the tasks were achieved before I expected, with professional results. Also, in one instance where The Computer Geeks brought an issue to my attention that I would have likely overlooked. This was accompanied by a recommendation on how to solve the issue. Overall The Computer Geeks exceeded my expectations!
David Pappas
Published:
David Pappas
[email protected]
I have a important website dedicated to the local
I have a important website dedicated to the local high school going back nearly 100 years. It was suddenly infected with a virus. Rich at Computer Geek fixed it within an hour. I cannot recommend him enough. I hope it's not for a long time, but the next time I need help, Rich is who I'm gonna call.
Eric Williams
Published:
Eric Williams
[email protected]
WOW! I have been wracking my brain for the past 30
WOW! I have been wracking my brain for the past 30 days trying to figure out who was hosting my company's website the domain owner, etc. Yesterday, when I googled for help and I clicked on the link to computer-geek.net and picked up the phone and called them. Rich answered and from there it was smooth sailing!
Rhonda Harding
Published:
Rhonda Harding
[email protected]
A note to let you know how much I appreciate your
A note to let you know how much I appreciate your team's work. Justin is on top of quickly solving any issues, making changes, reliable. Finding you was one of the luckiest days of my 74 years. I'd be honored if you'd add me to your list of references. And please stay healthy and in business. I got enough headaches from other folks.
Dan Cutrer
Published:
Dan Cutrer
[email protected]
We discovered an issue with our Oscommerce cart pr
We discovered an issue with our Oscommerce cart processing images. It is about 14 years old and heavily modified. Looking on google for some expert help I found Rich and reached out to him. We received a response the same day. The next day his team was working on our issue and was able to solve it within a few hours. Price was reasonable and we are very appreciative to find a competent and professional oscommerce expert to help successfully troubleshoot our issue.
Phillip Sirota
Published:
Phillip Sirota
[email protected]
I'm very new to the whole idea of having a website
I'm very new to the whole idea of having a website / blog. I used Bluehost.com and WordPress.org to create Thepredatorhunter.com and then managed to wreck it. On a Sunday morning I opened chat box with Rich and within a few hours everything was fantastic! This isn't just a company for big biz, if your new and small, The Computer Geek can help you out. In trouble? Stop fretting and start typing in the chat box. You will be glad you did!
Dennis Gilmore
Published:
Dennis Gilmore
[email protected]
[Read More Testimonials Here]

Latest Website Related Articles

The Boring Company Vegas Loop to double in size

Published: March 22, 2023
The Boring Company (TBC) submitted applications to double the size of the Vegas Loop to 65 miles of tunnels with 69 stations. The proposed 65-mile network of tunnels would run through the Las Vegas strip and central Las Vegas. A map of the propose...[Read More]

 

Google Chrome could soon banish one of our biggest browser frustrations

Published: March 22, 2023
Google Chrome could soon banish one of our biggest browser frustrations. Google’s Chrome browser might soon offer a really smart feature for those who make use of web extensions, namely the ability to turn off all of those add-ons for any gi...[Read More]

 


Here are some links to related topics:
 php programmers,   ddos attack troubleshooter,   website malware,   ipage hacked,   modx hacked,   dreamhost hacked,  


Auto Helpers: Auto Helpers
Site Secured By The Website Guardian