No offense, but it doesn't sound like you know fully what you're talking about.
As someone else said, for WPA, you can't simply spoof the home base. You have to know whatever password the device is configured for. And even if you did know that, you'd have to spoof the same MAC address for most computers to communicate with the device, which is more likely to just break everyone's internet connection, since the whole communication protocol relies on MAC addresses being unique.
> And the best part, if I show up and starbucks is already full of people I'd like to play with, I can just deauthenticate them all for a moment, and when I turn off the kill switch they all connect to me. None the wiser.
Once again, the only way they're going to auto-connect to your network is if you have the same MAC address and password, and the interference would kill you. You're more likely to get fish on the hook if you make an AP with the same name and hope you trick some people who are frustrated with you shutting down the other network into trying it.
> Wifi security is a misnomer.
Not if you actually use WPA2, pick a good password, and make sure your users aren't connecting to random unsecured networks with the same name.
> No offense, but it doesn't sound like you know fully what you're talking about.
About that ...
MAC addresses are not checked unless you use an extra tool for this. For example, a large institution (university, company, etc) can have many access points, each with a unique MAC address. However the SSID is unique among all Access Points. Your device will only check the SSID, try to connect (using mutual authentication), but no MAC address checks take place. You don't need to know or use the MAC address of the target network to clone it. You can just use any MAC address you want, that is if you know the password of it, or are cloning an unprotected network.
Yeah, I wish I could edit my post, but I believe I was wrong about the MAC address needing to be the same. The major point is that the network needs to be unsecured and/or you already know the password. At that point, creating your own faux base station doesn't make a lot of sense when you can just sniff the packets on the wire or do arp poisoning to route traffic through you (if you want to modify traffic in real time, which is what I'm assuming he was referring to when talking about the SSL stuff).
Either way, Wi-Fi security certainly != "a misnomer."
That's fine, you can say no offense and then just say I don't know what I'm talking about, but I've used this all too often. The point of airbase-ng is to do all the things I described. You can read about what it's capable of here:
Starbucks, and most other 'portal' WiFi, is unencrypted. It would be nice if there were some (automated) method of 'upgrading' the connection (i.e. providing encryption without requiring the user to acquire and input a password). Maybe providing it over an SSL connection after you've agreed to the ToS?
The cheap (flawed, but better than nothing) way is to have the SSID be something like "Businessname Public (Password: iev8eiM9)" or similar, or just have it on a blackboard inside, which has the bonus of stopping people outside using it so easily.
The whole standard it a mess; it should have opportunistic encryption on open networks, then clients can display a warning if this doesn't happen for whatever reason ("Anything you send or receive over this network may be readable by others" or similar).
Wifi encryption is not going to help you much if anyone is able to connect to the network by just asking for the password, it won't protect you inside the network. If you want to be safe use a VPN or SSH tunnel onto a server you trust.
Sure it is. Each separate WPA connection involves a unique nonce (actually four, IIRC); my laptop and your laptop aren't using the same key even if we sign in with the same password. (This gets to the problem that WPA is being used for access control, which is not what it's actually "for", but that's a separate question.)
If you are sniffing the 802.11 frames (and you should assume someone is) and you catch the entire 4-way handshake and the nonce generation is predictable you could reverse-engineer it, but then again you can say the same thing about a TLS connection too.
As someone else said, for WPA, you can't simply spoof the home base. You have to know whatever password the device is configured for. And even if you did know that, you'd have to spoof the same MAC address for most computers to communicate with the device, which is more likely to just break everyone's internet connection, since the whole communication protocol relies on MAC addresses being unique.
> And the best part, if I show up and starbucks is already full of people I'd like to play with, I can just deauthenticate them all for a moment, and when I turn off the kill switch they all connect to me. None the wiser.
Once again, the only way they're going to auto-connect to your network is if you have the same MAC address and password, and the interference would kill you. You're more likely to get fish on the hook if you make an AP with the same name and hope you trick some people who are frustrated with you shutting down the other network into trying it.
> Wifi security is a misnomer.
Not if you actually use WPA2, pick a good password, and make sure your users aren't connecting to random unsecured networks with the same name.