Attacking AP authentication credentials
Home routers and APs provide a web administration panel to configure the devices that are usually not accessible from the Internet but only from the local network.
A security aspect that may seem atomic, but that is often not considered important enough, is default authentication credentials.
It is a common practice not to change the default usernames and passwords to access the AP administration interface and many models come preconfigured with the puny credentials such as admin/admin. On the Web, lists of models of APs and routers with the relative default credentials are available. Even when default credentials are modified, weak passwords are often chosen.
This is a severe security issue because if an attacker takes control of the AP, he/she can compromise the entire network by performing the man-in-the-middle attacks on the network, sniffing the traffic, changing the DNS settings, and launching pharming and phishing attacks.
A tool that can be used...
