Nearest Neighbor Attack | Zero Click Zero day in Firefox
#168 - How to attack a Wi-Fi network from far-far away | Victims who browse to certain websites get infected with the malware
Hacking a wireless network using another friendly neighborhood network
An interesting development on a very traditional attack vector
How do you prevent your wireless network from being attacked?
You ensure that you have prevented drive-by wi-fi attacks by patrolling the neighborhood. You check for rogue access points or evil twins.
In this attack, the attackers hacked networks that were in close proximity to the target and used their computers to hack the wireless of the target. This meant that the attackers could have been anywhere in the world and could hack a Wi-Fi network!
A detailed analysis of the investigation can be found here.
Take Action:
The technical details are available on Volexity’s blog post. You can check it for rules to be added to SIEM. However, I think there are two key points that you should implement over and above the rules:
Disallow double homed connections (allowing a device to be connected to the Wi-Fi as well as the local LAN)
Have a strict protocol for the usage of Guest Wi-Fi - do not allow systems to connect alternate between connecting to internal wi-fi and guest wi-fi
Firefox zero day bug allows a zero click attack
When daisy chained with a Windows vulnerability
Zero Click bugs (when a user does not have to click anything to get infected) are the scariest. Add to that, the fact that a Zero Day exploit has a CVSS (Common Vulnerability Scoring System) score of 9.8. That’s a scary combination. This zero day vulnerability in Firefox, when clubbed with a Windows vulnerability can infect a system just by having a user browse to a few evil sites.
Take Action:
If you are using Firefox, update to the latest version
Add the sites to your block list. The sites are mentioned in the link