Will You Get Hacked Using a WiFi Hotspot?

 How Safe Are WiFi Hotspots?

wifi hotspot hack

How likely are you to get hacked when using free WiFi?

Free and Open WiFi is available almost everywhere now, Airports, Cafes, Hotels, Bars/Restaurants, Train stations, Sports stadiums, Schools, Hospitals, the Workplace and even in the street.

 

Millions of people a day use free WiFi, especially data hungry smartphone users.

But few think about what happens after they click connect (apart from getting Free WiFi!).

We have all seen the news stories about the dangers of using free WiFi but how hard (or easy) is it to have your personal information stolen or phone hacked when you connect to a WiFi hotspot?

The simple answers is both.

There are a number of ways your security can be compromised, some are very easy and can be performed by a novice with just a smartphone and an App, others require more advanced hacking skills, special equipment and software.

In this article we will look at the various methods used by hackers to exploit free WiFi.

Just a Phone & an App

This is probably the easiest method and requires only a smartphone, usually running an Android Operating System which has been rooted (Iphones suck at hacking) and a Packet Sniffer App.

Packet sniffers are networking tools usually used by network administrators to analyze networks and identify faults, they allow the user to view a host of information being sent over a wired or wireless network including website addresses, pictures, email addresses and passwords.

But they can also be abused by hackers wanting to steal information from other people connected to the same WiFi hotspot.

The most common type of attack is called a Man In The Middle attack (MITM). This can be done with a smartphone App or other software. The attacker routes all the wireless traffic between the router and the user through their device which they can view or save for later.

The effectiveness of this attack depends on a few variables. Firstly if there is any WiFi hotspot system which includes a login may also have some form of protection against MITM attacks.

Many hotspots in small cafes and bars simply give out the WiFi password or don’t use any security leaving the network ‘Open’. These type of networks will unlikely have any protection for uses and pose the most risk.

Most websites and Apps now use secure https and SSL which means that data sent over a WiFi network is encrypted, most of your data will be secure when using banking websites and their Apps, Facebook and other major sites. However they are never 100% secure and hackers can still divert your traffic to a non secure http connection or use an SSL stripper.

One of the major risks is visiting and logging in to websites which don’t use https is that an attacker can easily ‘sniff’ a visitor’s username and password. And as so many people use the same login details for all their online accounts the hacker will be able to gain access to more ‘secure’ sites like Facebook, YouTube, Twitter, Instagram and email accounts.

Packet Sniffing With Linux

Linux is an Operating System like Windows or Mac but it has specially designed versions for Penetration Testing or what most people would call hacking. There are a host of tools available for wireless penetration teasing for Linux and powerful packet sniffers are just one of them. The attacker will also have access to more powerful tools to attempt to break the security user.

A MITM attack is performed in a similar fashion as described above but often using high power WiFi adapters and antennas so the WiFi hacker can cast his or her evil net as far as possible.

Honeypots

Honeypots are WiFi networks set up with the sole intention of obtaining information from any user that connects and uses the network. A hacker will create a working WiFi hotspot with Internet access but will monitor and collect all the traffic being sent over network, filters may be set to only collect a certain type of data such as email addresses, password, usernames and credit card numbers.

Honeypot networks will often be left ‘Open’, allowing users to connect without a password to entice more victims. The routers SSID (network name) will be left as the default SSID or an innocuous name to give the impression that the network has been setup by a person without much knowledge of wireless security.

Rouge Access Points

Rouge Access Points (AP) are wireless networks created to imitate a legitimate network and its inherent trustworthiness with the intention of intercepting data for nefarious purposes.

These type of networks are the most dangerous as they require an intermediate amount of knowledge and skills and use more advanced techniques than an average WiFi hacker would have at their disposal.

A Rouge AP will have the same SSID of a nearby or popular WiFi network (Such as Starbucks, McDonalds, Free WiFi, FON Hotspot). The hacker will use a high power WiFi adapter (normally used to connect to a WiFi router) to actually broadcast the Rouge AP signal. Since the power of the adapter is higher than of the legitimate WiFi router the Rouge AP will be displayed in a users available WiFi networks as only the SSID with the most powerful signal will be shown. If a user has previously connected to a legitimate network with the same SSID then their device will automatically connect to the same SSID next time they are in range, even if it is not the genuine network.

How to Protect Yourself When Using Free WiFi

Avoid ‘Open’ networks which do not require a password or login.
Only connect to networks which you are sure are legitimate.
Never log in to websites and Apps with poor security when using a WiFi hotspot.
Be aware of security warnings when using free WiFi, redirections, fake websites trying to imitate genuine sites like Facebook, repeatably being asked to log back into Apps and sites which don’t usually ask.
Using a Virtual Private Network (VPN) service or VPN App if mobile.

How to Hack Your Passport with an Android Phone

New passports with RFID chips vulnerable to hacking and cloning

hack rfid passport

It’s that time of year again when we start to emerge from our winter hibernation and look for some summer sun. Unless you’re lucky enough to live somewhere warm and sunny most people will be travelling abroad to another country and one document is vital to boarding an international flight, a passport.

After the terrorist attacks on 9/11 in America passport security has been increased with the introduction of biometric data and the incorporation of wireless RFID chips in modern passports which contain much of the data printed in the passport, supposedly making them more secure and harder to counterfeit. But this isn’t always the case as will be explained below.

What are RFID chips?

clone rfid passport chip

RFID stand for Radio-frequency identification, a small device consisting of a chip which contains information and an antenna. Most RFID chips are passive which means they are powered by electromagnetic waves from an RFID reader, they do not need a battery and last for years, even decades. And they are everywhere. Some are as small as a grain of rice and commonly used for identification chips in pets, sometimes known as ‘pet passports’. Another major use of RFID chips is in ‘contactless cards’, security cards used in secure buildings, hotel rooms, public transportation and credit cards. Similar to a USB thumb drive, data can be read, written and sometimes rewritten to a RFID chip, and these chips are now used in passports. If you have passed through airport security recently you may have noticed the security official will scan your passport instead of looking through the pages. When he/she takes your passport it is placed on an RFID reader and all the information including your picture is displayed on their computer screen, sometimes they don’t even look inside the passport.

RFID chips are super cheap now, they have been used in disposable public transportation tickets in the Netherlands for years and blank chips can be purchased online in bulk from eBay/Amazon and numerous websites by anyone. The chip readers and writers can also be bough online for around $200 USD.

Hacking Passports with RFID Chips

Most modern smartphones now incorporate Near Field Communication (NFC), a wireless technology which can read and sometimes write data to RFID chips. This means that a passport RFID chip can be read with one of the many free Apps available for Android phones such as the NFC Passport Reader App. And data can be written to the chip with another App like this one.

Using these Apps a fraudster can read the information from your passport through your wallet or pocket with their phone, copy the information and create a clone of your passport. If you carry your passport around with you to use as ID and regularly hand it over to staff at a store or gas station they can copy the information in a matter of seconds by just placing it near a smartphone running one of the Apps mentioned above and then put all the information on to a blank card or passport later, this has been proven at the BlackHat conference and is detailed in this article.

We have provided this information to make people aware of the risks and so that they can take measure to protect their identity documents. You might want to try this yourself to see how easy it is but interfering with official documents (even your own) and many other forms of wireless hacking is illegal in most countries.

Hack an eBay Account with your Cell Phone and an App

New eBay Password Security Flaw Discovered – With a Smartphone and a free App

It has been over two and half years since eBay suffered a massive data breach which saw 145 million users details compromised and forced eBay to instruct all registered users to change their password.

But today this website can reveal a such a glaring hole in eBay’s website security we are surprised no one else has noticed it!  Albeit it is not on the same scale as the password hack of 2014, but it is something eBay really needs to fix!

In fact, it is such an obvious flaw that eBay must be aware of it, it just seems they still don’t take their user’s security that seriously.

So what do you need to exploit this flaw?  Years of hacking experience?  A Linux Box?  A Degree in computer science?

Nope!

All you need is a Rooted Android device and a free app called zANTI.

zANTI is a mobile penetration testing toolkit, similar to Intercept-NG it can perform Man-In-The-Middle (MITM) attacks, redirect users to another URL, replace images and, most importantly has an SSL Strip function which redirects from HTTPS to HTTP.

The flaw we are discussing today lies in HTTP to HTTPS exploit.  So let’s dive straight in.

This exploit, as you will notice, has been exposed on the UK eBay site, it is unclear if this flaw affects the US site (eBay.com) and other International eBay sites.

The eBay site, before a user logs in, is un-encrypted, only using HTTP.

Now there are two ways which a users is taken to the secure HTTPS sign in page.  The first is by clicking the ‘Sign in’ link in the top left hand corner of the screen and the second is by clicking on any of the options in the drop down menu ‘My eBay’.

When performing a MITM attack with zANTI using the ‘SSL Strip’ function, an eBay user who clicks the ‘Sign in’ link will still be taken to the HTTPS secure sign in page.

However if they click any of the options from the ‘My eBay’ drop down menu they will be taken to the non secure HTTP sign in page while zANTI is performing a MITM attack on a target.

And herein lies the problem.  Because the entire eBay site does not use HTTPS zANTI can redirect any user to the non secure HTTP sign in page and capture the user’s eBay Username/email and password.

Here in the zANTI log you can see, highlighted in yellow, it has captured the password.

And there you have it, with just a (basic) rooted Android device, a free App and zero pen testing knowledge we have captured the username (ebayuser123) and password (12345678) from one of the biggest websites in the world.  And one which is not exactly unversed in user security.

So the next time you are using a free WiFi hotspot, even one using WPA encryption, be aware that when you punch in your password, anyone who can use an App can potentially steal your login details.

Most sites like Facebook use secure HTTPS before you login so this exploit is ineffective, maybe it is time eBay caught up!

WiFi Password Hacker App for Android Phones

wifi password hackerWiFi Password Hacker Android App

In a recent BBC video news report it has been revealed that free WiFi in cafes and bars might be disappearing, rather than increasing as most people would expect, so the need for WiFi password hacker apps like the one we are going to show you in this post  are going to be an even more important tool in your apps arsenal to fight high data bills.

The App, simply call ‘WiFi Password Recovery’ has a simple, clear and easy to use layout.  However don’t be fooled in to thinking that just because the app’s name and appearance seems fairy benign its not a powerful WiFi password hacking tool!  The app does not have the terms ‘hack’, ‘hacking’, ‘crack’ or ‘cracking’ in its name because it would not be allowed in to the Play Store, all the apps with ‘WiFi Hack/hacker’ in their name are fake/joke/prank apps.

This App is real and WILL hack WiFi!

Using the app is very simple and you don’t need any WiFi hacking experience to use it!

The first this you need to do is download it from the Google Play Store (link at the bottom of this post) and install it.  Once you hae done that you will need to go to ‘Settings’ and the tap ‘Download Dictionary’, this is a big file so download it when you are already using free WiFi at a cafe or friends house.

You should then return to the home screen and press the refresh button and you will then be shown every WiFi network in range of your device and which ones can be hacked as it the picture below.  The App will automatically scan for WiFi networks when you open it but it is recommended that you keep refreshing it to find more networks.

wifi password hackerEvery WiFi network in range will be shown in the app and listed as either ‘No Vulnerable’, meaning it cannot find the password. Or the WiFi router will be shown as ‘Vulnerable’ which means the App can hack the password!

Just press on a ‘vulnerable’ WiFi network and the App will give you the password and you can connect to that network straight away and enjoy the free WiFi

The App will not be able to crack the WiFi password of every router but it does have a very high success rate, it can only find the password to routers which have not had their default password changed, however this is the majority of routers as most people don’t know how to!

Some of the WiFi router brands which are supported by this App are listed below, this is just a selection and many more routers can be hacked with this app:

  • Thompson
  • Speedtouch
  • WLAN
  • JAZZTELL
  • WLAN
  • YaCom
  • Megared
  • Axtel
  • InterCable6X
  • InterCable
  • INFINITUM
  • MAXCOM

So we hoped you enjoyed this post and you will be able to get free WiFi where ever you go!  If you liked it please share this page with your friends!

Download the App from the Play Store Here!

WiFI Hacker App for Android

WiFI Hacker App for Android

wifi hacker app Here in this post we are going to go through the basic functions of a new Android WiFi password hacker App that really works. In fact it is one of the best WiFi hacker Apps available for your Android phone or tablet because it works on such a wide range of routers. And additionally you don’t need to Root your phone to use it, it will work perfectly on un-rooted Android phones and any other device which uses the Android operating system.

 

So why do we claim this is the best WiFi hacker Android App?

It is because of the huge number of WiFi routers that are supported by the App, no other App available, either in the Play Store or as an .apk download can crack WiFi passwords like this App!

Regardless of where you are using the App, be it in the USA, Europe, India, China, Asia or Africa this WiFi hacker App can break the WiFi password to any router!

You are probably wanting to know which routers are supported by that App, in other words which routers it can hack the WiFi password. Below is a selection of just the routers which are known to be supported!

This is not the entire number of routers which are supported, it will work on many, many more!!

1. All Thomson based WiFi routers (Include Thomson, Speed Touch, Orange (UK), Infinitum (Europe), BBox, DMax, BigPond, O2Wireless (UK), Otenet, Cyta (Greece) , TN_private, Blink )
2. DLink
3. Verizon FiOS
4. Alice AGPF
5. Pirelli Discus
6. Eircom
7. Ono ( P1XXXXXX0000X )
8. WlanXXXXXX, YacomXXXXXX and WifiXXXXXX
9. Sky V1 routers
10. Clubinternet.box v1 and v2 ( TECOM-AH4XXXX )
11. InfostradaWifi
12. CONN-X
13. FASTWEB Pirelli and Telsey
14. Huawei (Some Infinitum XXXX)
15. Wlan_XXXX or Jazztel_XXXX
16. Wlan_XX ( Only some are supported)
17. TeleTu/Tele2
18. Axtel, Axtel-xtremo
19. Intercable
20. OTE (Greece)
21. Cabovisao Sagem
22. Alice in Germany (new)
23. Speedport (new)
24. Megared
25. EasyBox, Arcor and Vodafone
26. PBS (Austria)
27. MAXCOM
28. PTV

This list is not exhaustive as there will be many more WiFi routers and  ISPs (Internet Service Providers) it will work on, this is because lots of ISPs use Thomson routers and then simply re-brand the WiFi router with their logo.

So now you know how successful this Android WiFi password hacker App is at cracking passwords let us show you how to use it.

There is a quick setup and then you will be ready to go!

hack wifi password android without rootAfter you have downloaded and installed it, click on the settings button highlighted by the red circle in the picture.

You will be taken to the settings page for the App where you will have to download the ‘dictionary’ file, this is simply a text file containing all the default passwords.

Think of it like a combination padlock, if you know manufacture Secure Locks padlocks all come with a default unlock code of 1234 then you will be able to unlock any Secure Locks padlock you see, as long as the owner has not changed the default code.

This is how this App works, it uses the dictionary file which stores hundreds of thousands of default WiFi passwords to Thomson based routers and other popular brands of routers, and as most people don’t know how to change the default password or just don’t bother it has a very high success rate of finding the WiFi password.

wifi hackerGo to Settings> Download Dictionary

After you have downloaded the dictionary file it should automatically be stored on the SD card, if your device does not have a SD card then it will be saved on the phone’s internal memory.

Once you have downloaded the file, either through the App or from one of the two extra sources we have provided below you will just need to locate it on your device by tapping on the ‘Select Dictionary’ (See picture), the file name will usually end in .dic, just press on the file you want to use.  

 

password wifi hacker appIf you have difficulty downloading the dictionary file through the App, which is about 66MB, which sometimes happens if the developers servers are under high usage you can download one of the dictionaries from the links below.

Extra WiFi password Dictionary files – 28MB Dictionary & 62MB Dictionary

 

The setup for the App is now complete and you can return to the main/home screen.

It has an auto scan which will show all the WiFi networks in range but you may want to tap the refresh button to force a rescan, especially if you have moved to a new or better location.

You will be presented with all of the WiFi networks in range of your device and they will be color coded to show you which ones can be hacked.

  • Green/Supported – These WiFi networks can be hacked.
  • Orange/Unlikely Supported – The App might be able to hack these networks.
  • Red/Unsupported – These networks cannot be hacked.

Obviously the networks highlighted in Green, the supported networks, are the ones that you want to test as these are the WiFi networks that the App will be able to crack.

Just tap on one of the Green/Supported networks and you will be presented with the password as you can seen in the picture below!

hack pass wifi

 

After you are shown the password to the WiFi network, you can either tap on it and the App will automatically use it to connect to the network or you can copy the password to your device’s pasteboard and then send it to a friend via messenger or email, or to yourself to use it on another device.

So to conclude, if you have been searching for a WiFi hacker App that actually works then this is probably the best one you can try, it is certainly the best one we have found, and we have tested A LOT of Apps!

Once you have completed the initial setup downloading and installing the dictionary file/s the App is quick and easy to use, as with most free Apps there are a few occasional adverts but nothing too intrusive and no push notifications.

So hit the download button below and grab this excellent WiFi Hacker App from the Play Store today!

 

Welcome to the Ultimate WiFi Hacking Site

Featured

Welcome to the Ultimate WiFi Password Hacking Site

This website was created to provide the latest, best and most up to date information on WiFi password hacking Apps for Android phones and tablets, WiFi hacking tutorials and guides.

Our team test and fully review each App on the site to ensure you only download WiFi hacking Apps that actually work.  We feature Apps from the Play Store as well as .apk downloads that work on Rooted and unrooted phones, ie. on Android without root.  We have detailed installation and user guides for the best WiFi hacker apps so you can avoid the hundreds of fake and prank WiFi hacking Apps.

We also feature some of the best Android network sniffer Apps which can collect information sent over WiFi and wired networks.

Most of the Apps on this site will work on Android devices which have not been rooted, there are some Apps which will require Rooted device, if you do not have a rooted phone, check out our guide here, we have a FREE one click rooting solution!

Our site begun as an Android WiFi password cracking site but has grown in to something much bigger and better over the years, we now have extensive, detailed guides on all aspects of network penetration using Linux, Virtual Machines and even Windows!   All guides have detailed step by step instructions with pictures and links to the tools needed.

So check out some of the most popular sections of our website: