Wireless Network Assessment or Wi-Fi Hacking

Published on : 21 Sep 2022

Wireless Network Assessment or Wi-Fi Hacking

Wireless network technology is widely used but at the same time, it has many security weaknesses. Several reports have explained weaknesses in the Wired Equivalent Privacy (WEP) & Wi-Fi Protected Setup (WPS) to encrypt wireless data. Before understanding the benefits of Wireless Network Assessment it is necessary to know what it is, why it is needed, how the service works and what you get from the service.

Let’s understand what is known as wireless assessment

Wireless Assessment is an analysis of the current wireless installation that looks at the specific environmental, architectural, and configuration factors that impact the performance and functionality of the system.

In Wireless Assessment following items are considered:

The Wireless Assessment provides tactical analysis and strategic assessment of the risks of your wireless implementations. Security Consultants utilize the same techniques the hackers use and provide a realistic view of your susceptibility to network attacks. It helps in determining if the systems, data, and wireless users are being protected. Further, it also improves Wireless Network Security and mitigates possible threats. Wireless Assessment or Wi-Fi hacking involves different attacks like weak encryption, evil twin attacks, Deauth attacks, etc.

Why is the Wireless Assessment essential?

The Wireless Assessment is necessary because it uncovers specific configurations or components that are affecting the performance of the system. It provides insight into the system and highlights weaknesses or gaps that require remediation to improve the overall health of the system.

Wireless Encryption Types:

  • WEP (Wired Equivalent Privacy)
  • WPS (WiFi Protected Setup)
  • WPA (WiFi Protected Access)
  • WPA2 (WiFi Protected Access v2)
  • WPA3 (WiFi Protected Access v3)

 a) Wired Equivalent Privacy (WEP)

The main issue with WEP is that while sending data from our computer, it only utilises one static key. When WEP first appeared, this wasn’t a problem, but over time, hackers were able to decipher the secret code hidden in the keys. As a result, if a hacker obtains the key to your Wi-Fi connectivity, they can decrypt the data you’re sending and read it. Of course, a hacker can’t just apply a key and hope for the best, our computer can choose from a variety of WEP keys. Hackers can, however, observe patterns in the encryption and keep an eye on the packets. They then determine which key matches the profile and decipher the code.

b) Wi-Fi Protected Setup (WPS)

WPS is a built-in feature of many routers that makes it easier to connect Wi-Fi-enabled devices to a secure wireless network. This information is provided to help connect your TV or other supported home video products to a wireless network using WPS. A router with WPS enabled is at a risk of getting hacked. A successful attack on your router’s WPS function will reveal your network password in a matter of hours – regardless of how strong that password is. Again, there is no point in putting a strong password on a weak network.

c) Wi-Fi Protected Access (WPA)

WPA improves upon the security feature of WEP by using Extensible Authentication Protocol (EAP) to secure network access and Temporal Key Integrity Protocol (TKIP) encryption method to secure data transmissions. Temporary Key Integrity Protocol (TKIP), a 128-bit dynamic key that makes WPA distinct and difficult to crack, is what gives it its security. Because it was designed for WEP-enabled devices, WPA’s main components were much the same as those of WEP, which was one obvious drawback.

d) Wi-Fi Protected Access Version 2 (WPA2)

Only users with your network password can access the data broadcast or received over your wireless network thanks to WPA2. The Advanced Encryption Technology (AES), which replaced the more exposed TKIP system used in the original WPA protocol, was one advantage of the WPA2 system.

e) Wi-Fi Protected Access Version 3 (WPA3)

The newest security encryption, the WPA3 Protocol, is rising in popularity. WPA3 provides excellent security and hinders illegal access. This degree of security is impenetrable to unauthenticated or unauthorised users. Due to its automatic encryption, WPA3 is the preferred security protocol for public networks.Further, WPA3 security uses GCMP-256 encryption, which is way better than previously used 128-bit encryption.

Types of wireless attacks.

  • Fake authentication Attack
  • Deauthentication Attack
  • Hirte Attack
  • Fragmentation Attack
  • Chop-Chop Attack
  • Evil twin Attack

a) Fake Authentication Attack

In Fake Authentication attacks, attacker tries to authenticate to the access points in the disguise of an authenticated client. Fake authentication attacks work with conjunction to deauthentication attack.

b) De-authentication Attack

A Wi-Fi De-authentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. De-authentication attacks represent fraudulent requests that interfere with the communication between routers and devices. The strategy attacks 802.11-based wireless networks, as they require De-authentication frames whenever users terminate connections.

c) Hirte Attacks

Hirte is a form of assault that aims to crack the WEP key of wi-fi networks that aren’t available however the client device (laptop, mobile, etc.) is withinside the vicinity of the attacker. This can be accomplished due to the fact the WEP key and the configuration info are nevertheless saved in the wi-fi device.

d) Fragmentation Attacks

A Fragmentation attack does one of the two things: It captures visitors passing via unsecured networks, mimics it, and then impersonates servers. It injects the community visitors with malicious plaintext frames that resemble handshake messages.

e) Chop-Chop Attack

It targets the WEP encrypted Wi-Fi Network. This attack determines the pre-shared key (PSK) through trial and error, rather than mathematically or cryptographically. The WEP key or WPA/WPA2 pre-shared key/passphrase is not the same as the password for the access point. The WEP key or WPA/WPA2 pre-shared key/passphrase allows printers and computers to join your wireless network.

f) Evil Twin Attack

An evil twin attack is a spoofing cyber-attack that works by tricking users into connecting to a fake Wi-Fi access point that mimics a legitimate network.

What is the expected outcome of the Wireless Assessment?

Post conducting the Wireless Assessment, the assessment engineer and your account executive will deliver a detailed report comprising the data gathered during the engagement. The Wireless Assessment report includes an overall summary of the assessment and its findings.  The Wireless Assessment report provides a list of findings that the assessment engineer found concerning the wireless system.

These findings are analyzed individually and prioritized to specifically address concerns. The Wireless Assessment report provides a list of recommendations for remediating the items that were of concern from the findings section of the report. The recommendations are very specific about what changes are needed, why they are needed, and how they will improve the performance of the system.

Protecting Wireless Networks – Best Practices

 a) Update router firmware

It is recommended to update the firmware of the router whenever an update is released. Updating the firmware will minimize the risk of getting hacked as it will remove most of the vulnerabilities.

 b) Make use of Strong Passwords

A strong password is at least eight characters long and includes a mix of upper- and lower-case letters, numbers, and symbols. It is recommended to change the passwords frequently.

 c) Using MAC Filtering

By allowing only devices with specific MAC addresses to connect to the network, you can prevent unauthorized access. MAC filtering can be implemented by accessing the wireless router’s configuration page and adding the MAC addresses of devices that are allowed to connect to the network.

 d) Enable WPA3 Security

It is recommended to make use of WPA3 encryption as it provides stronger protection than WPA2

Swapnesh Chogle
Swapnesh Chogle

Swapnesh Chogle, Associate Security Consultant at VISTA InfoSec. Certified Wireless Network Security Expert (CWSP), CEH (Certified Ethical Hacker), CHFI (Computer Hacking Forensic Investigator)