Sniffing and sharing Wi-Fi passwords? There's an app for that! China's internet services aren't stellar, which is why the nation's State Council recently decided to spend US$182bn on network construction in an effort to speed up local connections. While Chinese citizens wait for all that to happen, plenty are instead turning to an app called Wi-Fi Skeleton Key that collects credentials …
I wonder if the application logs only public Wifi (from a whitelist) or any wifi?
Imagine you have a guest at home and give him your Wifi password... App installed and everyone can access your Internet connection.
The logging is automatic?
If so one could unwittingly share password for office wifi.
The other obvious question is about legality of it (something very secondary in China).
Using the password granted to someone else to access a network is not legal AFAIK
">Implying that MAC Filtering is the key to keep the baddies out, and that cloning such a MAC Address would be all that difficult to pull off either."
Not the key no, but it is another layer of security and would certainly help in the context of this discussion: an authorized user giving out your password to a service that another unauthorized, but not malicious user then attempts to connect with.
there are levels of "open". Almost all public wifi in the UK is "open" in the sense that you don't need a password to connect to the router. However you *do* need to enter some personal details into a web page to allow to access the internet.
And in a shameless plug for Windows Phone, there's a inbuilt feature to automatically submit your email address or phone number to WiFi access pages requesting them. Explains why I haven't seen one for ages.
"And in a shameless plug for Windows Phone, there's a inbuilt feature to automatically submit your email address or phone number to WiFi access pages requesting them."
Sounds like a good way to harvest e-mail addresses/phone numbers to me. Setup a rogue open access point with fake access page, save the submitted data.
I take it there's some option to say "only send data to routers I've connected to before" or some such?
Sounds like a good way to harvest e-mail addresses/phone numbers to me. Setup a rogue open access point with fake access page, save the submitted data.
Well unless things have massively changed, the web page login details for many hot spots were passed over an open WiFi connection, so you only needed a WiFi sniffer...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
