Wi-Fi password stealing program using USB rubber ducky

A minute is all it takes for a hacker to gain informations from your computer, such as Wi-Fi password. Due to the limited capability of people to remember a lot of complex and unique password, people tend to use the same password for most of their account. This paper aimed to implement Wi-Fi password stealing program in USB Rubber Ducky using USB Rubber Ducky Scripting, Visual Basic Script, Web Server, Command Prompt, and Ducky Toolkit to obtain clear text Wi-Fi password that ever connected to the computer. In the testing phase, the success rate of Wi-Fi password stealing program reached 94.28% with 87.87% obtained personal password is still categorized as guessable password and the password reuse rate reached 81.81%. Thus, Wi-Fi password stealing program can be very dangerous as most of the personal password was used in lots of account and still categorized as guessable

Cybercrime: An Investigation of the Attitudes and Environmental Factors that Make People more Willing to Participate in Online Crime

Cybercrime incidence rates are increasing. In order to identify solutions to this problem, the sources of cybercrime need to be identified. This research attempted to identify a potential set of circumstances that create an environment in which people are more likely to engage in cybercrime. There are three aspects to this; (1) Behaviour on the internet – Are people more likely to engage in illicit activities online than in the physical world? (2) Crime Perceptions – Do people perceive cybercrime as being less serious than non-cybercrime? (3) Resources on the Internet – Are people aware of the types of free hacking resources that are available online? In order to address the first question, a review of the existing literature on the matter was carried out and conclusions drawn from it. The Online Disinhibition Effect is a key theory in this matter. Results from this review suggest that people are more likely to engage in illicit activities online than they are in the physical world. Addressing the second question was carried out in two stages. The first was an assessment of some of the free hacking resources that are available online such as tools and educational courses, based on predefined selection criteria. The content or function of these were established and they were rated across a number of factors. This information was fed into a survey to establish awareness of the existence of some of the tool functions, and opinions on course availability. The results from this research indicate that people are aware of the kind of functionality that is available from hacking tools online. The third question was addressed through another section of the survey in which participants were asked to rate the seriousness of 6 crime scenarios, three of which were cybercrimes, and three of which were non-cybercrimes. The same scenarios were used throughout the survey as participants were asked to determine appropriate sentences for each crime, and then judge the actual sentence that the crime was given. Results from this investigation indicate that people do view cybercrime as less serious than noncybercrimes. The results from these three streams of research indicate that they are combining to create an environment in which people more readily engage in cybercrime

A Survey on Securing Personally Identifiable Information on Smartphones

With an ever-increasing footprint, already topping 3 billion devices, smartphones have become a huge cybersecurity concern. The portability of smartphones makes them convenient for users to access and store personally identifiable information (PII); this also makes them a popular target for hackers. This survey shares practical insights derived from analyzing 16 real-life case studies that exemplify: the vulnerabilities that leave smartphones open to cybersecurity attacks; the mechanisms and attack vectors typically used to steal PII from smartphones; the potential impact of PII breaches upon all parties involved; and recommended defenses to help prevent future PII losses. The contribution of this research is recommending proactive measures to dramatically decrease the frequency of PII loss involving smartphones

Analysis of Vulnerabilities in IOT Devices and the Solutions

This thesis analyzes the insecurities in IOT devices, why these insecurities exist, and solutions to fix these vulnerabilities. IoT (Internet of Things) devices are nonstandard computing devices that connect wirelessly to a network that will transmit data. The amount of IOT devices continues to increase, as the demand for the items increases. It is predicted that there will be about 26 billion IOT devices installed by 2020. They have been improving on the amount of functionality they were previously able to do. For instance, Amazon’s Alexa is a speaker that can order items for you from the Amazon website, play your favorite music via Spotify, amazon music, or play music and much more. This requires Alexa to be logged into each one of those accounts to do this. With this information, there is a lot more personal information going in and out of the device. As the demand for the products increases, manufacturers begin to feel the pressure of having to push out products. They feel so much pressure that they skip important features of the IOT devices, including security. This lack of security opens users up to attacks and vulnerabilities from hackers that are trying to steal personal information. Therefore, consumers need to know the steps to take, in order to secure all their information, and the type of attacks and techniques hackers will use to get their private information

Evil-twin framework: a Wi-Fi intrusion testing framework for pentesters

In today’s world there is no scarcity of Wi-Fi hotspots. Although users are always recommended to join protected networks to ensure they are secure, this is by far not their only concern. The convenience of easily connecting to a Wi-Fi hotspot has left security holes wide open for attackers to abuse. This stresses the concern about the lack of security on the client side of Wi-Fi capable technologies. The Wi-Fi communications security has been a concern since it was first deployed. On one hand protocols like WPA2 have greatly increased the security of the communications between clients and access points, but how can one know if the access point is legitimate in the first place? Nowadays, with the help of open-source software and the great amount of free information it is easily possible for a malicious actor to create a Wi-Fi network with the purpose of attracting Wi-Fi users and tricking them into connecting to a illegitimate Wi-Fi access point. The risk of this vulnerability becomes clear when studying client side behaviour in Wi-Fi communications where these actively seek out to access points in order to connect to them automatically. In many situations they do this even if there is no way of verifying the legitimacy of the access point they are connecting to. Attacks on the Wi-Fi client side have been known for over a decade but there still aren’t any effective ways to properly protect users from falling victims to these. Based on the presented issues there is a clear need in both, securing the Wi-Fi client side communications as well as raising awareness of the Wi-Fi technologies everyday users about the risks they are constantly facing when using them. The main contribution from this project will be a Wi-Fi vulnerability analysis and exploitation framework. The framework will focus on client-side vulnerabilities but also on extensibility for any type of Wi-Fi attack. The tool is intended to be used by auditors (penetration testers - pentesters) when performing intrusion tests on Wi-Fi networks. It also serves as a proof-of-concept tool meant to teach and raise awareness about the risks involved when using Wi-Fi technologies.Actualmente existem inúmeros pontos de acesso Wi-Fi. Apesar dos utilizadores serem sempre recomendados a utilizar redes protegidas, esta não é a única preocupação que devem ter. A conveniência de nos ligarmos facilmente a um ponto de acesso deixou grandes falhas de segurança em aberto para atacantes explorarem. Isto acentua a preocupação em relação à carência de segurança do lado cliente em tecnologias Wi-Fi. A segurança nas comunicações Wi-Fi foi uma preocupação desde os dias em que esta tecnologia foi primeiramente lançada. Por um lado, protocolos como o WPA2 aumentaram consideravelmente a segurança das comunicações Wi-Fi entre os pontos de acesso e os seus clientes, mas como saber, em primeiro lugar, se o ponto de acesso é legítimo? Hoje em dia, com a ajuda de software de código aberto e a imensa quantidade de informação gratuita, é fácil para um atacante criar uma rede Wi-Fi falsa com o objetivo de atrair clientes. O risco desta vulnerabilidade torna-se óbvio ao estudar o comportamento do lado do cliente Wi-Fi. O cliente procura activamente redes conhecidas de forma a ligar-se automaticamente a estas. Em muitos casos os clientes ligam-se sem interação do utilizador mesmo em situações em que a legitimidade do ponto de acesso não é verificável. Ataques ao lado cliente das tecnologias Wi-Fi já foram descobertos há mais de uma década, porém continuam a não existirem formas eficazes de proteger os clientes deste tipo de ataques. Com base nos problemas apresentados existe uma necessidade clara de proteger o lado cliente das comunicações Wi-Fi e ao mesmo tempo sensibilizar e educar os utilizadores de tecnologias Wi-Fi dos perigos que advêm da utilização destas tecnologias. A contribuição mais relevante deste projeto será a publicação de uma ferramenta para análise de vulnerabilidades e ataques em comunicações WiFi. A ferramenta irá focar-se em ataques ao cliente mas permitirá extensibilidade de funcionalidades de forma a possibilitar a implementação de qualquer tipo de ataques sobre Wi-Fi. A ferramenta deverá ser utilizada por auditores de segurança durante testes de intrusão Wi-Fi. Tem também como objetivo ser uma ferramenta educacional e de prova de conceitos de forma a sensibilizar os utilizadores das tecnologias Wi-Fi em relação aos riscos e falhas de segurança destas