Types of Wi-Fi attacks
What are the types of Wi-Fi attacks and how to better ensure the security of Wi-Fi networks ? Check what methods of attacks are used in the wireless network and what exactly are the actions hidden under the names rouge Access Point, Evil Twin or wardriving.
How does Wi-Fi work?
If you're using the internet, there's no way you've never connected to it via Wi-Fi. There are no strengths, each of us does it. How does Wi-Fi work? In a nutshell, Wi-Fi uses radio waves with specific frequencies (e.g. 2.4 GHz and 5 GHz) to transmit data. The devices that make up the wireless network are compliant with IEEE 802.11 standards. What can be connected to Wi-Fi ?
- Smart TVs,
- game consoles,
- modern, intelligent household appliances (i.e. Thermomix).
These devices exchange a variety of information (including internet data) with each other. Their communication can take place via radio waves (they are modulated and received by the router). These waves are properly interpreted by the receiving devices within a specific network.
Attacks on wireless networks
As you can see, this is a public environment, and the radio protocols of the 802.11 family operate in the free-access band, which means that any potential user, but also an attacker, can connect to a given frequency without the use of any special tools. This, among other things, is the reason why Wi-Fi attacks are so common and increasingly used. The most commonly used software for hacking or security testing is the Aircrack-ng package and automation scripts such as Wifite2 or WEF.
Attack on WPS
WPS stands for Wireless Protected Setup. This is a feature available in many routers, which was introduced to make it as easy as possible for people to connect new devices to the network. After pressing the button on the router and the device, both elements can pair automatically. Another available option is PIN configuration. Effect? The PIN code is very easy to hack. Installing software that breaks the eight-digit code is fabulously simple. There are also no complicated command-line options to enter.
This makes this type of Wi-Fi attack a piece of cake for attackers who can gain access to your network, shared hard drives, make changes to router settings or, for example, perform a Man In The Middle attack.
The magic dust attack , i.e. the pixie dust attack , uses weaknesses in the pseudo-random number generator that is used during the encryption of M3 messages, allows you to attack the offline PIN, which in practice means that an effective attack lasts only a few minutes.
How to protect yourself against WPS attacks? The only effective way is to disable WPS in the router settings.
Attack on WPA and WPA2
This Wi-Fi attack uses the so-called dictionary brute force attack. When the attacker does not know the PSK key, he has the ability to intercept data that is sent during the so-called. 4-way handshake process. In theory, such an attack on WPA/WPA2 is extremely difficult (considering the number of possible keys), but in practice it turns out to be much simpler. Why? Because the attacker can guess the length of the key and the characters used in it. Access points offered by mass network providers, and passwords are usually a string of 8-10 characters consisting of numbers and letters. A decade ago, such passwords were impossible to break, but today an attacker can get a very powerful graphics card and test even several hundred thousand passwords per second. Therefore, testing the entire dictionary takes only a few days of cluster operation. The dictionary can be generated with the maskprocessor in Kali or found on the web.
However, when a dictionary attack fails, you can reach for the so-called. rainbow tables. They use the phenomenon of collisions in cryptographic hash functions (i.e. mapping two different strings of any data length to the same shorter hash). The attacker can generate a set of hashes for all possible keys and looks for a hash among them that will match the PSK.
How to protect against WPA/WPA2 attacks? It is best to use the best encryption that the router allows and use passwords over 15 characters.
Wi-Fi Rogue Access Point attack - untrusted access point
What attacks are used on the network? One of the most popular is the threat associated with the Rouge Access point, i.e. an access point that is not part of the infrastructure. How does this WiFi attack work ? The attacker puts a foreign access point. Then it broadcasts an SSID network identical or very similar to that of our home or company. What does it give him? Thanks to such a procedure, an attacker can easily provoke unwitting users of the device to connect to an untrusted access point. Then, skilfully analyzing the traffic that gets through the access point, it performs a Wi-Fi attack of the Man In The Middle type (MITM for short) , in which, for example, it eavesdrops on the end user's conversations.
Wi-Fi Evil Twin Attack - Fake Networks
Evil Twin is not an evil sci-fi twin, but another very popular Wi-Fi attack . This attack uses a foreign Access Point to make itself look like a known network as much as possible using a crafted SSID or substituted login page (e.g. hotspot). What are the techniques for forcing connections to such a point? Very different. One of them is the introduction of intentional interference in the vicinity of known and authorized Access Points and the release of a stronger signal from the attacking device.
What can prevent or minimize the risk of Rouge Access Point attacks? How can Wi-Fi security be strengthened ? Rouge AP Detection mechanisms can be used for this purpose, which analyze the radio environment in the vicinity of authorized access points and remove all suspicious devices emitting suspicious Wi-Fi networks. Also, be sure to check out the entry: WiFi network card - which is the best for a pentester .
Wardriving - mapping the surrounding networks
While wardriving is not a Wi-Fi attack , it is a major threat to wireless networks. It means that:
- the attacker is approaching the wireless network,
- amplifies the signal using tools (e.g. set up network cards),
- tries to connect to or share your network with other users or other attackers.
Wardriving takes advantage of the fact that there are networks with no security available in its range. It is sometimes a real treat and sport for computer geeks. You don't need anything more than a laptop equipped with the Alfa Network wireless adapter available in the Sapsan store. It's best to gather networks when you have a laptop with an AWUS card and a wardriving application ( www.kismetwireless.net ) in the car.
What does wardriving result in? If someone has an open network or an old, vulnerable router, they can become a target of attacks, because suddenly the location of their network ends up in the database , because someone mapped it and made it available.
Of course, there are many more threats and types of Wi-Fi attacks , e.g. spoofing, hijacking, smurf attack and many others. The topic of Wi-Fi security itself is also very extensive. These are topics for our next entries.
If you want to go deeper into this topic, i.e. become the king of Wi-Fi and hack the network with Kali Linux and NetHunter, see the Wi-Fi King course .
If you have any questions, we remain at your disposal. Or maybe you prefer to talk on Discord ? Feel free to.