Wi-Fi Compromise

Wi-Fi HACKING- (how to hack a Wi-Fi)

Wireless Fidelity (Wi-Fi) is a technology used for wireless local area network i.e. allowing devices to communicate without cords. The devices used for this particular purpose is based on the IEEE 802.11 standards. Wi-Fi allows us to access digital data without being tethered to desk. For Wi-Fi to work it must have internet access

 The convenience of Wi-Fi also introduces security concern that exist less in wired world. For current scenario data packets are airborne and available to anyone with ability to intercept and decode them.

To be a good Ethical hacker and penetration tester, you must have knowledge about wireless and its concept, encryptions and threats so as to protect Wi-Fi from hacking.

T-Mobile as well as AT&T t— largest providers of Wi-Fi in coffee café, bookstores and airports sectors — these don't require encryption of data that is travelling wirelessly between laptops/mobile and the Internet. Neither do hotels and municipalities with free Wi-Fi in public areas. T-Mobile and AT&T recommended all customers to download and use their free encryption software and to work on VPN networks.

Wi-Fi eavesdropping is a biggest security concern of all time. Anyone with laptop equipped with Wi-Fi can download Wi-Fi monitoring programs and can sit up to 100 feet away and monitor what a victim is doing on the Net.

There are different set of software we used here to demonstrate you how it is possibly done. Below are the description provided about the software:

·        Kali Linux - It is a Debian-based Linux OS aimed for advanced Penetration Testing (PT) and even for Security Auditing. In Kali hundreds of tools which are developed for various Information security tasks, such as Penetration Testing, Cyber Research, Vulnerability assessment, Cyber Forensics and Reverse Engineering.(to download Kali use link:  https://www.kali.org/downloads/ )

Aircrack- It is an 802.11 WEP key cracker. Its main purpose is to find the secret key used during a communication in a wireless network.(for Kali use tool aircrack-ng/Windows download https://www.aircrack-ng.org/ ) It focuses on:

1.      Monitoring: Packet capture and export of data to text files for further processing by third party tools.

2.      Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.

3.      Testing: Checking WiFi cards and driver capabilities (capture and injection).

4.      Cracking: WEP and WPA PSK (WPA 1 and 2).

There is also need of external antenna for intercepting and receiving Wi-Fi connection.

(go to : http://www.amazon.in/Wireless-USB-Adapters/b?ie=UTF8&node=1375441031)

Below are the given types of security keys used in Wi-Fi system to protect it:-

WEP

WEP is acronym for Wired Equivalent Privacy. It was developed on IEEE 802.11 WLAN standards. Main goal of WEP was to provide privacy equivalent to that provided by wired networks. WEP works to encrypt the data that has been transmitted over the network to keep it safe from eavesdropping. 

WEP Weakness

WEP has significant flaws and vulnerabilities.

•  Integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can easily be compromised by capturing minimum two packets. Bits in the encrypted stream and the checksum is modified by the attacker so that the packet is accepted by the authentication system. This leads to unauthorized access to the network.
• IT uses the RC4 encryption algo to create stream ciphers. Stream cipher input is made up of an initial value and a secret key. The length of the initial value is 24 bits long while the secret key can either be of 40 bits or 104 bits long. The total length of both the initial value and secret can either be 64 bits or 128 bits long. The lower possible value of the secret key makes it easy to crack it.
• Weak Initial values combinations do not encrypt sufficiently. This property makes them vulnerable to attacks.
• WEP is based on passwords; this makes it vulnerable to dictionary attacks.
• Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP does not provide a centralized key management system.

WPA

WPA is acronym for the Wi-Fi Protected Access. It is another kind of security protocol developed in response to the flaw found in WEP. WAP is used to encrypt data upon 802.11 WLANs. It uses higher Initial Values of about 48 bits instead of the 24 bits that WEP uses.  It uses temporal keys to encrypt the data packets.

WPA Weaknesses

• Collision avoidance implementation can be broken.
• WAP is vulnerable to denial of service attacks
• Pre-shared keys use passphrases. Weak passphrases are vulnerable to dictionary attacks

As per the survey  practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information is one of the most aggressive way to hack and compromise system.

On the basis of study hackers also tries to play with public Wi-Fi to steal other users information and data by hacking mechanism.

CONCEPT

How to hack Wi-Fi machine to gain internet access.

1. Open Terminal window in KALI LINUX.

2. Firstly check for wlan service on your system and try to stop it to kill the work on it.

3. Now start the airodump service(using command- airodump-ng wlan0mon) on wlan0 and check for available  Wi-Fi.

4. Let the airodump service to complete first and find the ESSID of the Wi-Fi you need to hack.

5. Scan the airodump file for the respective ESSID Wi-Fi and try to find  the respective connected device.

(use command- airodump-ng –w <ESSID> -c CH –bssid <BSSID OF ESSID device> wlan0mon).

6. Now after scan chooses any station/device you want to disrupt the internet so that it again do handshake on reconnecting.

7. Now deauthenticate the chosen station so that it tries to reconnect itself to Wi-Fi again and complete its handshake.

(use command- aireplay-ng –deauth 10 –a <BSSID> -c <Station> wlan0mon).

8. As the WPA handshake is done, you get .cap file of the respective Wi-Fi.

9. Now using a dictionary file use dictionary attack on the Wi-Fi device using aircrack command in terminal with the Wi-Fi BSSID and its .cap file.

(use command- aircrack–ng -w /root/Desktop/<dictionary_filelist> -b <BSSID> /root/<.cap file of BSSID generated>)

10. As your aircrack is done you get the password. It’s kind of brute force attack on Wi-Fi.

11. Use the password to connect on Wi-Fi normally and you get access to someone else Wi-Fi. Enjoy free net guys.

How to secure wireless networks

In minimizing wireless network attacks; an organization can adopt the following policies

• Always Changing the default passwords that come with the hardware.
• Enabling the authentication mechanism of the device.
• Network Access can be restricted by allowing only authorization to registered MAC addresses.
• Use strong WEP and WPA-PSK keys, like by using combination of symbols, number and characters reduce the chance of the keys been cracking using dictionary and brute force attacks.
• Firewall can help reduce unauthorized access.