WiFi Insecurity, Albeit Brief
One of the first things we did to create a working prototype was to configure the cloudBit to
hop onto our home WiFi network by supplying credentials to the network (Figure 7-11). The
finished product will also require the customers to input their WiFi credentials in a similar
fashion. It is therefore important for us to understand the potential abuse cases for this
design.
We had to join the temporary WiFi network exposed by our cloudBit to configure it. Once
on the cloudBit network, our browser connected to the cloudBit web server (with an IP
address of 10.0.0.1) and requested the resource http://10.0.0.1/scan-wifi, the output of
which is shown in Figure 7-20.
FIGURE 7-20. cloudBit query to obtain list of WiFi networks in range
Once the browser obtains the list of networks from the cloudBit, it renders it to the user
(Figure 7-10). When the user selects his home network and enters his credentials (Figure 7-11),
the web browser sends the following HTTP request to the cloudBit on the local network:
SECURITY EVALUATION 205