European Parliament Gets PWNED

By Rene Millman

On Monday the 25th of November a memo was released to the  European Parliament Free Software User group mailing list announcing that they were going to be disabling the public wireless network. This is in response to a man-in-the-middle style attack which successfully intercepted traffic between cell-phones and the unencrypted wireless.

UK Tech Blog IT Pro did a writeup of the attack in which they suggest that the attack occurred when “hackers set up an “evil twin” wireless router near the building in Strasbourg and had stolen the usernames and passwords of 14 people at the European Parliament.”

As more employees bring their own devices into the workplace, businesses face the challenge of enforcing corporate security policies on consumer devices that are not solely controlled by the IT department,” said Jason Hart, vice president of cloud solutions at security firm SafeNet. “Most employees now store a wide range of both personal and business information on their mobile devices, so this lack of control exposes businesses to serious security vulnerabilities in the form of data breaches and unauthorised access.

This sounds strikingly similar to the “Evil AP” tool offered on Pwnie Express’ Pwn Pad line of products.
In the Evil AP attack the Pwn Pad tablet identifies networks which are being requested by other devices in its area. It accepts the requests for connection and acts to route their traffic through to the Internet allowing for redirection to malicious services or, as in the case of the European Parliament, interception of transmitted data and credentials. Devices with insecure wireless configurations are easily identifiable using this technique.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *