A Greek security researcher, named George Chatzisofroniou, has developed a WiFi social engineering tool that is designed to steal credentials from users of secure Wi-Fi networks.The tool, dubbed WiFiPhisher, has been released on the software development website GitHub on Sunday and is freely available for users."It's a social engineering attack that does not use brute forcing in contrast to other methods. It's an easy way to get WPA passwords," said George Chatzisofroniou.However, there are several hacking tools available on the Internet that can hack a secure Wi-Fi network, but this tool automates multiple Wi-Fi hacking techniques which make it slightly different from others.WiFiPhisher tool uses "Evil Twin" attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate Wi-Fi AP. It then directs a denial of service (DoS) attack against the legitimate Wi-Fi access point, or creates RF interference around it that disconnects wireless users of the connection and and prompts users to inspect available networks.Once disconnected from the legitimate Wi-Fi access point, the tool then force offline computers and devices to automatically re-connects to the evil twin, allowing the hacker to intercept all the traffic to that device.The technique is also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP. These kind of attacks make use of phony access points with faked login pages to capture users’ Wi-Fi credentials, credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.
WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks