Security News > 2023 > July > Snappy: A tool to detect rogue WiFi access points on open networks
Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.
Trustwave's security researcher and wireless/RF tech enthusiast Tom Neaves explains that spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers.
The devices of those who revisit the locations of open wireless networks they previously connected to will automatically attempt to reconnect to a saved access point, and their owners will be oblivious to the fact that they connecting to a malicious device.
Neaves developed a tool that addresses this common risk, helping people detect if the access point they're using is the same as the one they used the last time or if it might be a fake or rogue device.
By analyzing Beacon Management Frames, he found certain static elements such as the vendor, BSSID, supported rates, channel, country, max transmit power, and others that vary between different 802.11 wireless access points but are consistent for a specific access point over time.
Apart from the mechanism to generate SHA256 hashes of wireless access points, Snappy can also detect access points created by Airbase-ng, a tool that attackers use to create fake access points to capture packets from connected users or even inject data into their network traffic.