2. Wired Vs Wireless Hacking
r i m e i s a l l a r o u n d u s .C
In theory, wireless LANs are less secure than
wired LANs, because wireless communication
signals travel through the air and can easily be
intercepted.
4. Unfortunately, turning off the broadcast of the
SSID may lead to a false sense of security. The
method discourages only casual wireless
snooping, but does not stop a person trying to
attack the network.
Scanning for Access Points
• Access points periodically transmit beacon
frames (SSID, data rate, etc.)
• Client scans frequencies and picks an access
point based on SSID, signal strength, ...
• Client switches to assigned channel and
establishes an association
11. How to Attack
Scan -> Test Injection Capability
Use sniffing tools and collect IV’s
Try Fake authentication and MAC spoofing
When you have enough IV’s use cracking tool
to extract password
Or try MIM Attack and inject packets
12. Source: Consumer Reports
MisconfigurationMisconfiguration possibilitiespossibilities
•• no encryption usedno encryption used
•• weak (guessable) passwordweak (guessable) password
used to generate keyused to generate key
•• weak protection of encryptionweak protection of encryption
key on client machinekey on client machine
•• weak protection ofweak protection of
management interface formanagement interface for
access pointaccess point
22. Recommendations: WLAN Security
• WEP (fair)
• enable wireless frame encryption
• use longest key
• change the WEP key regularly (manually)
• 802.1X and WPA (user authentication + dynamic
keys) (better)
• use as soon as practical and stable
• set rekeying to occur every few hours
• 802.11i (best)
• upgrade / use when available and supported