lifehacker lifehacker LifeHacker LifeHacker There is also an app that makes it easy to hack Wi-Fi!Review the basics of using public Wi-Fi safely

This is by no means a paranoid. It is dangerous to use public Wi-Fi networks or open Wi-Fi networks without considering security.

Nowadays, the security toolkit for Android, dSploit, has made such hacking as easy as anyone can. In this article, I will first introduce how to protect yourself in the current situation where there are tools such as dSploit. It also explains how dSploit works for those who want to know more.

If you actually try it, it's all easy. Before using public Wi-Fi, be aware that malicious people are always aiming for your password, etc., and take the following self-defense measures.

Using HTTPS as much as possible and connecting with a VPN when working in the library isn't too much of a hassle. You have the option of not using public Wi-Fi and waiting until you get home, or you can tether with your cell phone instead (always think about this option).

If everyone does, abuse of tools such as dSploit will not be a big deal and will only be used by those who really need it. However, as long as such tools are good performers, it makes sense to take the necessary steps to defend yourself.

Then, for those who want to know more details, I will also explain the Android tool "dSploit". Once you understand how it works, you'll have a better idea of ​​how to protect your passwords and personal data from those who abuse dSploit.

dSploit is a collection of several security tools in one application. It runs on a rooted Android (2.3 or later) device, and the code is provided free of charge on "GitHub".

It's a very useful tool for security professionals to experience and enjoy network security, hacking, and penetration testing front and back. I'd like to make it clear, but I'm not trying to treat dSploit as a bad guy. Unlike applications such as Firesheep, Faceniff, and Droidsheep, dSploit wasn't developed solely for network cracking or user session hijacking.

Security professionals or amateurs who want to learn about network security in an affordable way (or those who are in charge of Wi-Fi security at work but can't afford to ask for a professional penetration test) For those who want to protect their network, dSploit is a useful tool. On the other hand, it also helps people trying to steal your data.

With dSploit, you can find passwords sent in plain text over open networks and crack Wi-Fi networks with inadequate security measures. You can also scan for network vulnerabilities and crack shared router keys. Of course, you can hijack and control browsers, websites, and social network sessions. On this page you can see a list of all the features of dSploit.

With dSploit, you can easily do two things. The first is the detection of passwords sent unencrypted. The other is to take an active browser session and impersonate someone who is already logged in to a site or service. Either way, you can do it with just one touch by installing dSploit.

The first is easy. If you browse or log in to the site without using HTTPS or SSL, your password should be sent unencrypted. If you sniff packets on your network, you can get your password without full-scale packet inspection (monitoring the data exchanged). Once the malicious guys get the password, they'll randomly try it out on various sites and services to see if you're using the same password on another account.

The above video from OpenSource Gangster explains in more detail how this application works and how to use it.

The second is a bit more complicated. For those unfamiliar, "session hijacking" is a secure service that steals cookies and provides valid active sessions established by users other than yourself. It refers to the act of hijacking and impersonating the user.

Cookies are usually sent unencrypted, as cookies do not send confidential data such as login names and passwords. Most of the time, cookies are used on websites and social networks to identify the user of a running session and not have to reauthenticate each time the user reloads. Cookies are the most common attack vector for applications that seek out passwords and sessions over Wi-Fi.

The session hijacking technique of dSploit is almost the same as the other tools introduced so far. That's because the technique is extremely effective. "MakeUseOf details how dSploit works and also introduces some of the things you can do with this application.

Most websites only encrypt usernames and passwords, so once you decrypt that part, you can decrypt the rest. Many sites are migrating to HTTPS, but most of the time users have to enable the HTTPS feature (I'll explain later, but there are useful tools for this). Many sites have not taken any migration steps to HTTPS.

In a previous article, Lifehacker's recommended privacy-protecting browser extension, Disconnect, was used to add protection to prevent widgets and sessions from being hijacked. If you want to know a concrete example, please refer to it as well.

The real risks posed by these tools vary from situation to situation. It's highly unlikely that someone you come across at a nearby cafe is using an application such as dSploit or Firesheep to attempt password stealing or session hijacking. But, as I said, if there is even one such person, your daily life will be messed up.

The "someone" is free to steal Facebook and Twitter sessions (and then change the user's password to make their Facebook account their own) or hijack an Amazon shopping session. You can steal your address and credit card information, and read your emails and chats. The risk is increasing as simple tools are available for everyone and more and more people are not taking self-defense measures by encrypting data.

Alan Henry (Original / Translated by Tomoyo Umeda, Toshio Yoshitake / Galileo)