On 5 May 2014 17:28, Christopher Head wrote: > On Sat, 3 May 2014 21:17:06 -0700 > Tamas Rudnai wrote: > > > On 3 May 2014 17:46, Christopher Head wrote: > > > > > In theory, this should be a non-event. You don't want to give the > > > fake access point your gmail password, but honestly, you shouldn't > > > want to give the Hong Kong airport authority or the neighbourhood > > > coffee shop your gmail password either. > > > > > > > I think you misunderstood that blog. You do not give your password > > intentionally to anyone. What is happening though is that you think > > you are using a secure connection (through 3G/4G/LTE for example), > > but instead, your smartphone is automatically connects to a Rogue > > AccessPoint which is fully controlled and monitored by an attacker. > > I think we may be debating at kind of cross purposes--I don't think I > misunderstood the attack, rather I disagree that it's all that > interesting. > > My point is: why do you trust Joe's Caf=E9's staff more than that guy > with a black hat sitting in the corner with a laptop? Either it's > possible for the operator of whatever Wifi network you're connected to > to obtain (somehow) your GMail password, or it isn't. If it is > possible, then it doesn't matter whether you connect to Joe's Caf=E9 or > Mr. Black Hat, whichever you connect to could be stealing your > password. If it isn't possible, then it also doesn't matter which one > you connect to, because neither one can do any harm. That's only one of the attacks that the Rogue Access Point can mount. IF you radiate SSL requests for access points that you can automatically connect to then the Rogue access point can respond and you connect automatically. Here you are not trusting a coffee shop but are eg trusting what appears to be your home network. A bonus for the RAP is that you send it the WEP key or whatever when you log in and it happily records it. If the RAP system can work out who you are and, from this, where you live, the operator now has logon access to your home system. A suitably clever RAP system could listen to your laptop and your home LAN, disconnect you so that you attempt to reconnect, mount a DOS attack on your home access point (one of the "services" in the provided toolkits) so your access point is unavailable and then accept your reconnect. Yes? Russell --=20 http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .