Wi-fi Hacking


Published on

A brief introduction to the security weaknesses of Wi-Fi, and hacking techniques.

Published in: Technology
  • How to Easy Find-Crack Wireless Network Password [Free Download]

    New Hack version Download:http://www.mediafire.com/download/bx98241o42mmfp8/Hack_2013_(updated)
    Are you sure you want to  Yes  No
    Your message goes here
  • update :)
    This file works better ..
    wifi Hack tool Free Download > http://bit.ly/11KyZyr
    Are you sure you want to  Yes  No
    Your message goes here
  • This file works better | wifi hack tool download : http://po.st/NdoiJr
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi

    Dunno if you had a look at the Wi-Fi Megaprimer series on SecurityTube: http://securitytube.net/downloads

    Vivek, the creator of the Megaprimer, has started a really affordable certification course in wireless called – SecurityTube Wi-Fi Security Expert (SWSE).

    SecurityTube Providing Free Training of WiFi-Security. Topics Are ..

    * Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
    * Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption * based flaws (WEP,TKIP,CCMP)
    * Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-Fi Protected Setup
    * Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, EAP-TTLS
    * Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc * Networks and Viral SSIDs, WiFishing
    * Breaking into the Client – Metasploit, SET, Social Engineering
    * Enterprise Wi-Fi Worms, Backdoors and Botnets

    Check it Out, and download the videos.

    Are you sure you want to  Yes  No
    Your message goes here
  • PACKAGE FOR STEALING WI-FI of networks in windows and linux:
    - 2 versions commVier one for Whists another for ХР both with crack
    - 3 versions aircrack
    - The huge dictionary for breaking WPA and WEP
    - Video the instruction as all should work
    The archive was 34 Mb before unpacking and 87 after (a move compression)
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wi-fi Hacking

  1. 1. WI-FI SECURITY A gentle introduction to Hacking Wi-Fi Thursday, February 25, 2010
  2. 2. PRESENTED BY Paul Gillingwater, CISSP, CISM Adjunct Professor of Computer Science Webster University Vienna http://security-risk.blogspot.com Working in IT Security 20+ years Thursday, February 25, 2010
  3. 3. A BRIEF OVERVIEW Wi-Fi has been around more than 12 years -- originally, it lacked any form of security Since 2001, Wireless Encryption Protocol (WEP) has been successfully attacked -- in 2007, it takes no more than 90,000 packets to break keys (due to weaknesses in RC4) -- time to crack less than 1 minute Since 2004, Wi-Fi Protected Access (WPA & WPA2) were introduced to address WEP’s failure -- but even this is not quite enough for full security Thursday, February 25, 2010
  4. 4. WI-FI HISTORY Originally offered as IEEE 802.11 in 1997 -- security limited due to export restrictions of certain governments Implements Wireless LAN access over 2.4 and 5 GHz bands -- former with 3 channels (and shared with Amateur Radio and Cordless Phones), latter with 19 Initial systems 1-2 Mbps, later increased to 11 Mbps with 802.11b, then up to 802.11n with 54-600 Mbps possible (since 2009) Thursday, February 25, 2010
  5. 5. WIRELESS SIGNALS Any wireless signal can be received by suitable equipment Key-sharing is fundamental issue -- and the more often a key is used, the easier it is to find it due to mathematics of encryption In addition to receiving packets, we can also inject packets -- e.g., ARP or de-auth to create traffic Thursday, February 25, 2010
  6. 6. SECURING WI-FI In my view, only reliable method for securing Wi-Fi is to run a VPN on top (e.g., OpenVPN) WEP and WPA are easily broken (WPA TKIP cracked in less than 1 minute by Japanese researchers in 2009) WPA is TKIP -- WPA2 is CCMP, which is better (AES) WPA2 is probably secure enough for home usage -- but there is still risk of impersonation Thursday, February 25, 2010
  7. 7. TRAFFIC MONITORING On OSX, from command line (with sudo): /System/Library/PrivateFrameworks/ Apple80211.framework/Versions/A/ Resources/airport Specify en1 sniff 1 as parameters to capture packets into /tmp/airportSniffxxxx.cap file WireShark is free utility for Windows, OSX or Linux that captures and displays packets Thursday, February 25, 2010
  8. 8. HOW WPA WORKS WPA tried to fix WEP problems, while WPA2 was a new approach to solving security problem 802.1X port access control is key to successful use This “Enterprise” approach depends on separate RADIUS authentication server -- each new session gets a fresh key, good for a short time Home networks don’t use RADIUS, so a “Pre Shared Key” (PSK) is used Thursday, February 25, 2010
  9. 9. WPA KEY HANDSHAKE Thursday, February 25, 2010
  10. 10. COW PATTY ATTACK Where 802.1X not available, PSK may be sniffed from other authenticating stations KisMac and coWPAtty use dictionary and other attacks to guess the PSK from captured packets Packet injection can force re-connects to capture coWPAtty with Rainbow Tables (pre-calculated hashes) can test >18,000 pass-phrases per second Thursday, February 25, 2010
  11. 11. WPA CRACKER Regular WPA-PSK cracking on “business grade” hardware can take up to two weeks “WPA Cracker” is a commercial service using cloud- based computing with 400 nodes, which can crack a WPA key in 20 minutes for $34 This is based on 135 million word dictionary attack -- therefore a strong password can defeat this class Businesses now know the price of security Thursday, February 25, 2010
  12. 12. BOGUS HOTSPOTS Any computer can also be a Wireless Access Point Windows 7 has new feature “SoftAP” -- which can be used for Internet Connection Sharing (use Connectify for example -- http://connectify.me/) However, the “bad guys” can capture all of the packets which pass through their system, even if they connect to you with WEP or WPA Bad guys can use similar names, e.g., Webster-Wi-Fi Thursday, February 25, 2010
  13. 13. MAC SPOOFING Some Access Points allow restriction based on the MAC (Media Access Control) address This is good basic security, but not reliable -- because attackers can simply sniff for “trusted” address and use that in their own systems 802.1x makes this more difficult for attackers Thursday, February 25, 2010
  14. 14. SUPPRESSING SSID Most Wi-Fi networks broadcast their network name -- called the SSID Security may be improved by disabling this feature for a home or business network However, experienced hackers will simply monitor authorized connections to learn the SSID Thursday, February 25, 2010
  15. 15. MAN IN THE MIDDLE A MITM attack means intruder pretends to be authorized gateway, but intercepts and can change packets (this was used by Japanese team with TKIP) Example: Video of “Cain” tool, with packet capture and WEP cracking cracking-wep-with-airpcap-packet-injection-and-cain-and-abel.wmv Thursday, February 25, 2010
  16. 16. BYPASSING AIRPORT WI-FI Frequent airport travelers know about airport Wi-Fi Such systems intercept HTTP, redirect to a login page before allowing access (e.g., Boingo Hotspot) Most airport Wi-Fi allows DNS lookups -- some direct, and some via DNS relay If port 53 is allowed, then you can run OpenVPN using UDP port 53 to your home system If DNS relayed, then use DNS tunnel (Linux mostly) Thursday, February 25, 2010
  17. 17. AIRPORT RISKS “Free” Wi-Fi hotspots in an airport or cafe might belong to a hacker, who is capturing traffic -- including, potentially, user names & passwords Hackers can also relay HTTPS -- so don’t assume your password is safe at a public Hot Spot Most hotspots don’t use WEP or WPA -- so most traffic is not encrypted (unless SSH or SSL is used) Thursday, February 25, 2010
  18. 18. WI-FI SECURITY ADVICE Avoid WEP and WPA/TKIP, use WPA2 or WPA/AES If using in a business, use 802.1X -- otherwise make sure you have PSK length > 20 characters Use MAC access control (restrict connecting devices based on their internal address) Use VPN for truly sensitive information Thursday, February 25, 2010
  19. 19. COMMERCIAL RISKS TJ Maxx is classic example of Wi-Fi vector: resulted in loss of 45 million customer records (Credit Card details) The weakness was the use of WEP to secure a LAN, which was exploited by the hackers This breach cost the company $12 million in direct costs, not including the subsequent remedial work and loss of PCI compliance Average cost of a Data Breach rose to $200 per customer record in 2009, according to Ponemon Institute study -- average total cost rose to $6.75m Thursday, February 25, 2010
  20. 20. LEGAL ASPECTS In many countries, hacking other’s Wi-Fi is illegal -- therefore, do any tests using your OWN gear See NCSL web site for summary of States’ laws “Unauthorized access” can attract serious prosecutions, fines and criminal charges Within Webster University, unauthorized Wi-Fi access could be grounds for expulsion Thursday, February 25, 2010
  22. 22. THANK YOU! Any questions? Comments? Discussion.... Thursday, February 25, 2010