So you want to be a wireless hacker

1,265 views

Published on

Short presentation I did at BrainTank 2012 in Providence RI. The focus was on issues surrounding wireless security at the small business level and how there is not enough being done to address it.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,265
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

So you want to be a wireless hacker

  1. 1. So you want to be a wireless hacker… Casey Dunham Gnosis Consulting BrainTank 2012 Providence RI
  2. 2. Background• B.S. Computer Science – Univ. Southern Maine• Active – DC207 (dc207.org) Portland, ME DEF CON Group – PWM TOOOL (toool.us) – Have you been by the Lockpick Village?• Gnosis – Security Consulting for Small Biz
  3. 3. WiFi Everywhere
  4. 4. IssuesBroken encryptionConfusing Administration InterfacesRogue Access PointsMan In the Middle AttacksLack of visibility (who / what / when)WPS (WiFi Protected Setup)
  5. 5. WHERE’S THE EASY BUTTON?
  6. 6. Firesheep
  7. 7. Pineapple Nothing to see here. Just a plastic pineapple.http://hakshop.myshopify.com/products/wifi-pineapple
  8. 8. Why YOU should care “… FBI special agents drove past the home and noted the existence of two WiFi networks reachable from the property. One used WEP encryption, the other had the more robust WPA2, but the key point from the FBIs perspective was that neither network was unsecured. A search thus seemed much more likely to find its proper target.”http://arstechnica.com/tech-policy/2012/06/swat-team-throws-flashbangs-raids-wrong-home-due-to-open-wifi-network/
  9. 9. “…they used sophisticated electronic equipment to break through networks”http://www.seattlepi.com/local/article/Feds-Wi-Fi-hacking-burglars-targeted-dozens-of-2178421.php
  10. 10. sophisticated electronic equipmenthttp://www.backtrack-linux.org/ Alfa-AWUS036NHR
  11. 11. Aircrack-ng Set of tools for auditing wireless packet sniffer WEP and WPA/WPA2-PSK cracker / analyzer Can also use airbase-ng to attack clients Included with BackTrack Linux Works out of the box with Alfa cards
  12. 12. Antennae
  13. 13. Making it Better (sort of)Disable remote managementOnly allow management via HTTPSDisable WPSUse WPA2 + AES + Really Good Key!Don’t Use WiFi
  14. 14. Which one is stronger?A. P4ssw0rdB. MH0hzFt4ZMgRgCbt2ibqC. dinosaursarereallyveryexcitingcreaturesD. r;IX&15z[&Kf+0aM4fi
  15. 15. Questions / Feedback?@CaseyDunhamcasey@dc207.org
  16. 16. Resourceshttp://www.backtrack-linux.orghttp://www.securitytube.net/ BackTrack 5 Wireless Penetration Testing Beginners Guide http://www.aircrack-ng.org/ http://hak5.org/ https://www.cloudcracker.com/
  17. 17. DEMO

×