In a previous post, we gave an overview and importance of Wireless Penetration testing. But we need to understand what the different ways or types of wireless attacks that we can or should perform during the process of penetration testing. Don’t worry, we have got your back and in this very post I will be discussing this topic.
Different Types of Wireless Attacks
To grasp Wireless penetration testing in its entirety, it’s best we understand the nature of potential attacks which can happen. These attacks can range from Access control to confidentiality to Authentication.
1. Wireless Access Control Attacks
Wireless Access Control Attacks aims to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. The attacks can take place through anything from war-driving, rouge access points, MAC spoofing, ad-hoc associations, AP/Client misconfigurations, unauthorized association and Promiscuous clients.
2. Wireless Integrity Attacks
In integrity attacks, the attackers send forged control, data, and management frames over the wireless network to misdirect the wireless devices in order to perform DOS attack. This can happen through a range of spectrums such as Data Frame Injections, WEP Injections, Data Replay, Vector Replay Attacks, AP Replay Attacks, Radius Replay and Wireless Network Viruses.
3. Wireless confidentiality Attacks
Confidentiality attacks attempt to intercept confidential information sent over the wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. This can be caused through Eavesdropping, Session Hijacking, Honeypot AP, Masquerading, Evil Twin AP, Cracking WEP Key or Traffic Analysis.
4. Wireless Availability Attacks
Wireless Availability Attacks aim to prevent legitimate users from accessing resources in a wireless network via AP Theft, Beacon Flood, Authentication Flood, TKIP MIC exploitation, De-authenticate Flood, Routing Attacks ARP Cache Positioning and Power Saving Attacks.
5. Wireless Authentication Attacks
The objective of Wireless Authentication Attacks is to steal the identity of Wi-Fi clients, their personal information, login credentials, etc to gain unauthorized access to network resources which can happen over a course of time through Application Login Theft, PSK Cracking, Shared Key Guessing, Domain Login Cracking, Identity Theft, VPN Login Cracking, LEAP Cracking and Password Speculation.
6. Wireless Networks and Hacking
Wireless networks are based on IEEE 802.11 standards defined by IEEE(Institute of Electrical and Electronics Engineers) for ad hoc networks or infrastructure networks. Infrastructure networks have one or more access points which coordinate the traffic between the nodes. But in ad hoc networks, there is no access point; each node connects in a peer-to-peer way.
Basically, there are two types of vulnerabilities which can be found in the Wireless LAN. One is poor configuration and the other is poor encryption. Poor configuration is caused by the network admin who manages the network. It may include the weak password, no security settings, use of default configurations, and other user related things. Poor encryption is related to security keys used to protect the wireless network. It is there because of issues in WEP or WPA.
WEP and WPA
WEP and WPA are the two main security protocols used in Wi-Fi LAN. WEP is known as Wired Equivalent Privacy (WEP). It is a deprecated security protocol which was introduced back in 1997 as a part of original 802.11 standards. But it was weak, and several serious weaknesses were found in the protocol. Now, this can be cracked within minutes. So, a new kind of security protocol was introduced in 2003.
The new protocol was Wi-Fi Protected Access (WPA). It has mainly two versions, 1 and 2 (WPA and WPA2). Now it is the current security protocol used in wireless networks. To get unauthorized access to a network, one needs to crack these security protocols. There are many tools which can crack Wi-Fi encryption. These tools can either take advantage of WEP weaknesses or use brute- force attacks on WPA/WPA2. I am sure now you know that you should never use WEP security.