Wi-Fi Hacking

Wi-Fi is developed on IEEE 802.11 standards, and it is widely

used in wireless communication. It provides wireless access to

applications and data across a radio network.

With the increase of Wi-Fi hotspots to the rising number of

smart

phones, PDAs, and laptops equipped with Wi-Fi radios, wireless

security is an ever increasing

issue for many organizations.

To authenticate on a wireless network there are two methods:
Open system does not provide any

security mechanisms but is simply a request to make a

connection to the network. Sharedkey

authentication has the wireless client hash a string of challenge

text with the Wired

Equivalent Privacy (WEP) key to authenticate the client to the

network.

WEP encryption can be easily cracked as it was developed

without public or cryptologists review and has several

vulnerabilities.

The Wi-Fi Alliance created additional security certifications

known

as Wi-Fi Protected Access (WPA) and WPA2 to fill the gap

between the original 802.11

standard and the latest 802.11i amendment.

WPA and WPA2 improves authentication and encryption features

of WEP.

To break WEP encryption:

Ø Find a nearest Wi-Fi hotspot

Ø Use tools like aireplay-ng to do a fake authentication with

the access point

Ø Run tools like Cain & Abel to extract encryption keys

Ø Start a Wi-Fi packet encryption tool such as aireplay-ng in

ARP request replay mode to inject packets.

To break WPA/WPA2 Encryption:

Ø As they use user defined password one must launch brute-

force or dictionary attacks. But, its very difficult to crack

a strong password.

Ø Use tools like aircrack, airplay to brute-force WPA keys

Ø WPA keys can be cracked offline by capturing the

authentication handshake for few seconds and then

cracking keys offline

Ø One can even force the client to disconnect and capture

the reconnect packet using tools like airplay.

To find a Wi-Fi hotspot one can take the help Wi-Fi finders like

inSSIDder, NetSurveyor, jiwire.com, wefi.com, etc. one can even

use wireless antenna like unidirectional antenna, parabolic grid

antenna, etc. which can pick up Wi-Fi signals from miles.

Man In The Middle Attack:

Ø Run airmon-ng in monitor mode

Ø Start airodump to discover SSIDs on interface

Ø De-authenticate the client using aireplay-ng

Ø Associate your Wi-Fi card with the access point you are

accessing with aireplay-ng

One can set up a fake access point and lure user to connect. Once

connected attacker can bypass the enterprise security policies

giving attackers access to network data.

To set up a fake hotspot:

Ø You need a laptop with internet connectivity and mini

access point.

Ø Enable internet connection sharing in your operating

system

Ø Broadcast your Wi-Fi connection and run a sniffer

program to capture passwords.

Tools like AirDefense, AirMagnet, Adaptive Wireless IPS, etc.

can be used to prevent Wi-Fi hacking.!!