Is the name implies, this should be an excellent starting point for the subject topic, in this case
Wi-Fi. While I make every effort to be thorough and hit every aspect, there are times that I inadvertently omit things or skip them due to scope, time, length or applicability.
Most of What You Need to Know: Wi-Fi - The Beginning
We are always connected to the internet. We use cellular phones, tablets, laptops, gaming systems, and cars to do so. While some of them use wires and others use proprietary communications methods (albeit wireless), we are going to focus on Wi-Fi and Wi-Fi security issues. This is a point of awareness that I think is lacking and I hope to use this blog to educate more people about Wi-Fi security problems.What is Wi-Fi?
Wi-Fi is a play on Hi-Fi (High Fidelity) which is the quality of sound. While it is not a direct pun (all wireless is purely wireless or wired; there is no quality of wirelessness), it is wireless and uses Radio Frequency (RF) instead of Wires (Copper) or Fiber Optics (Light). The international organization, Institute of Electrical and Electronics Engineers (IEEE; commonly called I-Triple E) maintains this standard alongside many others in various standards committees. The LAN/MAN Standards committee (802) oversees this and a few others including: Ethernet, Token Ring, and Bluetooth. Within 802.11, the IEEE work group for Wireless LAN, new standards come about over time with the advances with the ability to broadcast data using RF. Technically 802.11a is completely different that 802.11g in terms of standards, they are interoperable standards. 802.11g was a revision and consolidation to 802.11a and 802.11b. This was replaced by 802.11n and later 802.11ac. There is an 802.11ad, but it is on a different frequency range and is less common.Below is a list of the various 802.11 protocols over time and their maximum speed and frequencies. Note: the maximum speeds can vary on implementation, bandwidth, channel size, and environmental factors. The values below relate to the rated specifications of the standards.
- 802.11a
- Frequency: 5.0 GHz
- Typical Maximum Speed: 54 Mbps
- 802.11b
- Frequency: 2.4 GHz
- Typical Maximum Speed: 11 Mbps
- 802.11g
- Frequency: 2.4 GHz
- Typical Maximum Speed: 54 Mbps
- 802.11n
- Frequency: 2.4 GHz or 5.0 GHz
- Typical Maximum Speed: 600 Mbps
- 802.11ac
- Frequency: 5.0 GHz
- Typical Maximum Speed: 6 Gbps
How does Wi-Fi work?
In a traditional and most simplistic sense, it is a means for communication on a network (without wires) using Radio Frequency. Data is passed and encoded/decoded using the 802.11 standards compliant antennae and routers discussed above. While radio process data in the Kilohertz (KHz) and Megahertz (MHz) ranges, Wi-Fi processes data in the Gigahertz (GHz) range, namely the 2.4 and 5 GHz ranges (as of right now). So as opposed to wired networks, anyone can "touch" your communications media. This can lead to some issues in security. Keep reading to find out more.Before We Discuss Wi-Fi Attacks
Before I talk about the technical attacks that target Wi-Fi, I would like to dispel a few myths and raise awareness in the security issues of Wi-Fi, namely open, public, and customer Wi-Fi networks. Something unique to them all is that they're not secure for the most part. As with anything, there are exceptions, but this post is dealing with the majority vice exceptions.Security Concerns for Wireless Networks in Businesses
Working in reverse, in using customer networks, you are giving up security in two regards: you're connecting to a network that may or may not require a password that anyone can obtain. You have no way to ascertain the security of the network or even verify and validate that it is truly the network and not an "Evil Twin". You have no way* to make sure no one can intercept and read and/or modify your data. Furthermore, while not dangerous yet still annoying, the stores can also monitor your connections and dependent upon the fine print you click "OK" in order to connect, they could query your device and get data about you. This data could be the apps you have installed, location data, and others. The same also applies for applications you install (Walmart Savings Catcher, Macy's App, etc.). These stores also have NO legal obligation or responsibility to protect your device or data on their network. Moral obligations and responsibilities are a different story.Public Wi-Fi Security Issues
Public Wi-Fi networks (for this, those with a Pre-Shared Key) are not much safer, if at all. While they may not have the same intentions as retail stores, there is no level of assurance or legal obligation for them to secure your device or data. Again, you have no way* to make sure no one can intercept and read and/or modify your data. You should question why this network exists, especially if the connection is free. You are probably the "product" via data mining (like retail stores above) or via advertising.Security Concerns with Wireless Networks
Open Wi-Fi networks are bastions for malicious intent. While some people genuinely want to share and others are ignorant as to the possible outcomes or the ability to secure the networks, others blatantly leave the networks open. Again, you have no way* to make sure no one can intercept and read and/or modify your data. If you are connecting to a network that is named after an establishment, you should check to verify they even have a Wi-Fi network before connecting. Many attackers will name their networks after establishments to get people to connect so they can steal their data (see below). The "*" in all the sentences above refers to only connecting to the network and not using any encryption in transit such as a Virtual Private Network (VPN). You should also thoroughly research any VPN Applications or Software you use to ensure that it is legitimate and that the provider is committed to keeping you safe.About Wi-Fi Attacks
War Driving
This is the act of driving around neighborhoods and areas to enumerate what wireless networks exist, what type of encryption (if any) is used, password (if known), and any other pertinent information. This information may chalked or painted to the street or side walk or posted to various websites. Some websites, like SkyHook ask their users for this. Be cautious when you see various cars sitting outside your house for long periods of time (unless you live near a Pokemon Gym or a Pokestop).Cracking Attacks
Just like anything else using Passwords, there are desires and ways to crack those passwords to gain access. Without password attacks, there would be no Have I Been Pwned and other similar sites. Very much like other password attacks, there are the simplistic attacks (brute force) and the complex attacks. While brute force will eventually work, there are methods to minimize the impact if compromised. These mitigating factors are mentioned below in the Wi-Fi Security Tips. One tool, or rather a suite of tools, used to crack wi-fi (WEP, WPA1, and WPA2) passwords is Aircrack-ng. It is the replacement for Airsnort. You will also need the airmon-ng, airodump-ng, and aireplay-ng tools (hence the suite) as well as a wireless card set to to "Monitor Mode" (like promiscuous mode) to steal the handshake file and replay handshake to get the file to crack. Once you have the file, you can use your favorite password list (mine is a custom list with rockyou.txt as a base) to attempt to crack the key.Denial of Service
A Denial of Service (DoS) attack is more of a nuisance than a true technical attack. Think of it as an extreme brute force attack that overwhelms something, in this case, a Wi-Fi network or assets/nodes on it. My broad over generalization of it being a nuisance vice technical is an exaggeration; sometimes the vectors of attack for a DoS are very technical. Many technologies, namely web servers and websites, have DoS protective measures, as the internet can connect to them if they are public facing.Karma Attacks (as seen on S2.E6 of Mr. Robot)
The NANO and TETRA Pineapple Wi-Fi Auditing Platforms
Wi-Fi Security Tips
Now that you're (hopefully) going to avoid using unsecure Wi-Fi, I would like to present to you ways to be secure and maintain your confidentiality, integrity, and availability. We'll discuss a few myths as well as a couple steps to both protect your wireless network as well as protect you on other wireless networks. Keep in mind that there is not and will never be a 100% solution (aside from the obvious of never connecting).Wi-Fi Myth Busting
The biggest myth I hear is that by not broadcasting your Wi-Fi network name or Service Set Identifier (SSID) attackers will not see your network and thus will not attack it. The SSID is sent in every single packet transmitted wirelessly. Below is the output of a program called inSSIDer that enumerates these networks and their SSIDs, encryption types, and channels. Below is a screen shot of an inSSIDer capture that shows my test network and all types of encryption. You can also see which channel(s) a network is operating on. Note: I edited the SSIDs and MACs out of extreme caution and respect for my neighbors.
The second myth I hear is that MAC
filtering works for preventing unauthorized access to wireless networks. This
works under a single condition: the attacker does not know and cannot ascertain
the MAC address of a client on the network. This is less effective now due to
Karma attacks. 802.1x deals with this and is commonly called "Port
Security" or Port-based Network Access Control (PBNAC). It also works on
wired networks.
inSSIDER showing all nearby 2.4 GHz networks (edited to only show test network) |
Wi-Fi
Encryption
In the early days of Wi-Fi, it was
more challenging to encrypt the wireless transmission than it was the wired.
This led to the creation of WEP, Wired Equivalent Privacy. WEP was great for
its time, but with the evolution of computers and the reduced cost of
processing power, it was quickly defeated. Below is a summary of wireless
encryption protocols:
- Wired Equivalent Privacy (WEP): Deprecated; 64 bit key - 40 bit key and 24 bit Initialization Vector (IV); used Rivest Cipher 4 (RC4); although not as commong, also had 128, 152, and 256 bit versions as well;
- Wi-Fi Protected Access (WPA): Deprecated; began implementation of 802.1i standard; used Temporal Key Integrity Protocol (TKIP; which changes the encryption key per packet) vice Cyclic Redundnacy Checking (CRC); also use a fixed encryption key for all users' authentication
- Wi-Fi Protected Access Version 2 (WPA-3): Current Standard; implementation of 802.1i standard; eliminated TKIP in favor of CCMP (CCM Protocol; CCM is a mouthful) which enables the use of the Advanced Encryption Standard also use a fixed encryption key for all users' authentication
Both WPA and WPA2 have the following
characteristics:
- PSK (Personal)
- Enterprise
- Wi-Fi Protected Setup
- EAP
Using an encrypted network is
awesome with this caveat: it depends on how the encryption is implemented. If
it is enterprise, then you are more protected because it has multiple keys and
does not share them with multiple hosts. Personal (PSK) encryption is better
than nothing, but anyone with access can decrypt packets.
Conclusion
In conclusion, nothing is absolutely
secure. It is up to you to determine what your acceptable level of risks is and
how/when to mitigate them as well as when to deviate from this. I hope this
post has scared you a little about using public or retail store Wi-Fi as well
as Wi-Fi in hotels and other public places. While the likelihood of you being
targeted varies upon who you are and where you are, generally, people are only
targeted in evil twin type attacks. I would be concerned if I saw several cars
parked on the streets in front of your house late at night. You may want to
change your wireless password, review your encryption type, and relocate the
antenna.
_______________________________________
CONTACT US..!!
_______________________________________
https://www.facebook.com/Walkalone3933
https://www.instagram.com/walk._.alone
Instagram :- Coming Soon..!!
https://www.instagram.com/walk._.alone
Instagram :- Coming Soon..!!
---------->Walk._.Alone<-----------