The Hardware

• AR9331 SoC 400Mhz

• 64MB RAM

• 802.11n

• 16MB SPI Flash

• GL827L USB SD Card Reader

• Ethernet port

• 4 GPIO pins

• 100% Compatible with Linux

Similar boards on the market

• Domino IO
• Black Swift
• Onion Omega
• etc

Best things about ZSUN Wifi

• Cheaper ( around 8EUR )
• Nice looking enclosure
• Memory Card reader
• OpenWRT compatible

Great Hacking playgound

Hacking tools readily available

• Aircrack
• Kismet
• Ettercap
• Reaver
• Dsniff
• The list goes on...

The PoC

DNS server redirecting all domain resolutions to the router itself.

Multiple ESSIDs that mimmic Popular Open Networks ( Zon Free, Meo Wifi, Porto Digital, etc)

Nginx serving several Phishing pages 

• User connects to an open network ( automatically if it's n known one)
• Any page that it tries to open it's redirected to the phishing page crafted for that network.
• It can then be redirected to other phishing pages ( e.g. facebook, gmail, etc)
• Credentials are then stored for later review

Examples

Results

Potential usages

• Phishing ( as seen before, or even just as a cookie hijacker )
• Malware distribution ( e.g. "Please install this application to procede)
• Wireless sniffer ( Kismet sniffing packets for later review)
• Wireless cracker
• etc ..

Preventive measures

• Avoid using plaing text connections 
• Avoid using public networks
• Never install unknown software

Why is this possible?

• Lack of knowledge from users ( too much trust/faith in unknown networks)
• Misconfigured web applications that do not enforce security measures (e.g. HSTS)

THE END 

Have this Darth Vader Potato