File: 2000px-Wi-Fi_Logo.svg.png (72 KB, 2000x1283) Image search: [Google]

72 KB, 2000x1283

/g/, I need your expertise on a subject.

Background:
A couple of months ago, I got a new wireless adapter for the house, just a quick upgrade, nothing to particular. When installing and setting it up, I thought that if I just kept the same wifi name and password from the old router, it would be easier for everyone. It would be easier to remember for when people start asking "Hey can I get the wifi password" yadda yada.

Turns out: No one asked, because no one needed it. they automatically logged into my network without having to re-authenticate their password. Since the SSID and password was the same, I would assume their phone shot the information in themselves once it became in range. This makes sense, when people buy linksys adapters, don't configure it, and you connect to it, you can go around your town/city and connect to any SSID under the name "linksys" automatically. Phones only look for the SSID and WPA (if necessary)

This is my idea:

Let's say I root an android and develop a program that poses as a dummy access point (can be easily done on phone) and listen for authentication requests from phones. Wouldn't that grant me access to the network? I would copy the SSID of a network adapter, set it as my own, and wait for a ping and a WPA key to be sent to me?


There has to be something I'm overseeing, some type of encryption that would make the data unreadable. But even then, If I receive enough requests I would be able to compare the data and crack the password. I'm don't have that much advanced knowledge in network security that's why I turned here. It's makes gaining access to a network much more possible than brute force attacks because you have information to work off of, yet experts say "yeah, wpa keys are fucking tough to crack"


What am I not taking into consideration /g/?