SlideShare uma empresa Scribd logo

Wi-fi Hacking

Paul Gillingwater, MBA
Paul Gillingwater, MBA

A brief introduction to the security weaknesses of Wi-Fi, and hacking techniques.

Tecnologia
1 de 22
Baixar para ler offline
WI-FI SECURITY A gentle introduction to Hacking Wi-Fi Thursday, February 25, 2010
PRESENTED BY Paul Gillingwater, CISSP, CISM Adjunct Professor of Computer Science Webster University Vienna http://security-risk.blogspot.com Working in IT Security 20+ years Thursday, February 25, 2010
A BRIEF OVERVIEW Wi-Fi has been around more than 12 years -- originally, it lacked any form of security Since 2001, Wireless Encryption Protocol (WEP) has been successfully attacked -- in 2007, it takes no more than 90,000 packets to break keys (due to weaknesses in RC4) -- time to crack less than 1 minute Since 2004, Wi-Fi Protected Access (WPA & WPA2) were introduced to address WEP’s failure -- but even this is not quite enough for full security Thursday, February 25, 2010
WI-FI HISTORY Originally offered as IEEE 802.11 in 1997 -- security limited due to export restrictions of certain governments Implements Wireless LAN access over 2.4 and 5 GHz bands -- former with 3 channels (and shared with Amateur Radio and Cordless Phones), latter with 19 Initial systems 1-2 Mbps, later increased to 11 Mbps with 802.11b, then up to 802.11n with 54-600 Mbps possible (since 2009) Thursday, February 25, 2010
WIRELESS SIGNALS Any wireless signal can be received by suitable equipment Key-sharing is fundamental issue -- and the more often a key is used, the easier it is to find it due to mathematics of encryption In addition to receiving packets, we can also inject packets -- e.g., ARP or de-auth to create traffic Thursday, February 25, 2010
SECURING WI-FI In my view, only reliable method for securing Wi-Fi is to run a VPN on top (e.g., OpenVPN) WEP and WPA are easily broken (WPA TKIP cracked in less than 1 minute by Japanese researchers in 2009) WPA is TKIP -- WPA2 is CCMP, which is better (AES) WPA2 is probably secure enough for home usage -- but there is still risk of impersonation Thursday, February 25, 2010
TRAFFIC MONITORING On OSX, from command line (with sudo): /System/Library/PrivateFrameworks/ Apple80211.framework/Versions/A/ Resources/airport Specify en1 sniff 1 as parameters to capture packets into /tmp/airportSniffxxxx.cap file WireShark is free utility for Windows, OSX or Linux that captures and displays packets Thursday, February 25, 2010
HOW WPA WORKS WPA tried to fix WEP problems, while WPA2 was a new approach to solving security problem 802.1X port access control is key to successful use This “Enterprise” approach depends on separate RADIUS authentication server -- each new session gets a fresh key, good for a short time Home networks don’t use RADIUS, so a “Pre Shared Key” (PSK) is used Thursday, February 25, 2010
WPA KEY HANDSHAKE Thursday, February 25, 2010
COW PATTY ATTACK Where 802.1X not available, PSK may be sniffed from other authenticating stations KisMac and coWPAtty use dictionary and other attacks to guess the PSK from captured packets Packet injection can force re-connects to capture coWPAtty with Rainbow Tables (pre-calculated hashes) can test >18,000 pass-phrases per second Thursday, February 25, 2010
WPA CRACKER Regular WPA-PSK cracking on “business grade” hardware can take up to two weeks “WPA Cracker” is a commercial service using cloud- based computing with 400 nodes, which can crack a WPA key in 20 minutes for $34 This is based on 135 million word dictionary attack -- therefore a strong password can defeat this class Businesses now know the price of security Thursday, February 25, 2010
BOGUS HOTSPOTS Any computer can also be a Wireless Access Point Windows 7 has new feature “SoftAP” -- which can be used for Internet Connection Sharing (use Connectify for example -- http://connectify.me/) However, the “bad guys” can capture all of the packets which pass through their system, even if they connect to you with WEP or WPA Bad guys can use similar names, e.g., Webster-Wi-Fi Thursday, February 25, 2010
MAC SPOOFING Some Access Points allow restriction based on the MAC (Media Access Control) address This is good basic security, but not reliable -- because attackers can simply sniff for “trusted” address and use that in their own systems 802.1x makes this more difficult for attackers Thursday, February 25, 2010
SUPPRESSING SSID Most Wi-Fi networks broadcast their network name -- called the SSID Security may be improved by disabling this feature for a home or business network However, experienced hackers will simply monitor authorized connections to learn the SSID Thursday, February 25, 2010
MAN IN THE MIDDLE A MITM attack means intruder pretends to be authorized gateway, but intercepts and can change packets (this was used by Japanese team with TKIP) Example: Video of “Cain” tool, with packet capture and WEP cracking cracking-wep-with-airpcap-packet-injection-and-cain-and-abel.wmv Thursday, February 25, 2010
BYPASSING AIRPORT WI-FI Frequent airport travelers know about airport Wi-Fi Such systems intercept HTTP, redirect to a login page before allowing access (e.g., Boingo Hotspot) Most airport Wi-Fi allows DNS lookups -- some direct, and some via DNS relay If port 53 is allowed, then you can run OpenVPN using UDP port 53 to your home system If DNS relayed, then use DNS tunnel (Linux mostly) Thursday, February 25, 2010
AIRPORT RISKS “Free” Wi-Fi hotspots in an airport or cafe might belong to a hacker, who is capturing traffic -- including, potentially, user names & passwords Hackers can also relay HTTPS -- so don’t assume your password is safe at a public Hot Spot Most hotspots don’t use WEP or WPA -- so most traffic is not encrypted (unless SSH or SSL is used) Thursday, February 25, 2010
WI-FI SECURITY ADVICE Avoid WEP and WPA/TKIP, use WPA2 or WPA/AES If using in a business, use 802.1X -- otherwise make sure you have PSK length > 20 characters Use MAC access control (restrict connecting devices based on their internal address) Use VPN for truly sensitive information Thursday, February 25, 2010
COMMERCIAL RISKS TJ Maxx is classic example of Wi-Fi vector: resulted in loss of 45 million customer records (Credit Card details) The weakness was the use of WEP to secure a LAN, which was exploited by the hackers This breach cost the company $12 million in direct costs, not including the subsequent remedial work and loss of PCI compliance Average cost of a Data Breach rose to $200 per customer record in 2009, according to Ponemon Institute study -- average total cost rose to $6.75m Thursday, February 25, 2010
LEGAL ASPECTS In many countries, hacking other’s Wi-Fi is illegal -- therefore, do any tests using your OWN gear See NCSL web site for summary of States’ laws “Unauthorized access” can attract serious prosecutions, fines and criminal charges Within Webster University, unauthorized Wi-Fi access could be grounds for expulsion Thursday, February 25, 2010
LATEST WI-FI TRENDS Passive-Aggressive SSIDs now used by some... e.g.: YOURDOGPOOPSINMYYARD TURNTHEMUSICDOWN CAITLINSTOPUSINGOURINTERNET WECANHEARYOUHAVINGSEX OBAMAISASOCIALIST Thursday, February 25, 2010
THANK YOU! Any questions? Comments? Discussion.... Thursday, February 25, 2010

Recomendados

How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless HackingVIKAS SINGH BHADOURIA
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityAgris Ameriks
 

Recomendados

How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless HackingVIKAS SINGH BHADOURIA
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityAgris Ameriks
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityShital Kat
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSourabh Badve
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Proxy Servers
Proxy ServersProxy Servers
Proxy ServersSourav Roy
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+Ajin Abraham
 

Mais conteúdo relacionado

Mais procurados

Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 

Mais procurados (20)

Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
FireWall
FireWallFireWall
FireWall
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Aircrack
AircrackAircrack
Aircrack
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 

Semelhante a Wi-fi Hacking

Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+Ajin Abraham
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network securitynikshaikh786
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingMihir Shah
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonOWASP Delhi
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
chapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptchapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptabenimelos
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijaythevijayps
 

Semelhante a Wi-fi Hacking (20)

Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network security
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
609 618
609 618609 618
609 618
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh Jadon
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 
chapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptchapter 7 -wireless network security.ppt
chapter 7 -wireless network security.ppt
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijay
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Wi-fi Hacking

  • 1. WI-FI SECURITY A gentle introduction to Hacking Wi-Fi Thursday, February 25, 2010
  • 2. PRESENTED BY Paul Gillingwater, CISSP, CISM Adjunct Professor of Computer Science Webster University Vienna http://security-risk.blogspot.com Working in IT Security 20+ years Thursday, February 25, 2010
  • 3. A BRIEF OVERVIEW Wi-Fi has been around more than 12 years -- originally, it lacked any form of security Since 2001, Wireless Encryption Protocol (WEP) has been successfully attacked -- in 2007, it takes no more than 90,000 packets to break keys (due to weaknesses in RC4) -- time to crack less than 1 minute Since 2004, Wi-Fi Protected Access (WPA & WPA2) were introduced to address WEP’s failure -- but even this is not quite enough for full security Thursday, February 25, 2010
  • 4. WI-FI HISTORY Originally offered as IEEE 802.11 in 1997 -- security limited due to export restrictions of certain governments Implements Wireless LAN access over 2.4 and 5 GHz bands -- former with 3 channels (and shared with Amateur Radio and Cordless Phones), latter with 19 Initial systems 1-2 Mbps, later increased to 11 Mbps with 802.11b, then up to 802.11n with 54-600 Mbps possible (since 2009) Thursday, February 25, 2010
  • 5. WIRELESS SIGNALS Any wireless signal can be received by suitable equipment Key-sharing is fundamental issue -- and the more often a key is used, the easier it is to find it due to mathematics of encryption In addition to receiving packets, we can also inject packets -- e.g., ARP or de-auth to create traffic Thursday, February 25, 2010
  • 6. SECURING WI-FI In my view, only reliable method for securing Wi-Fi is to run a VPN on top (e.g., OpenVPN) WEP and WPA are easily broken (WPA TKIP cracked in less than 1 minute by Japanese researchers in 2009) WPA is TKIP -- WPA2 is CCMP, which is better (AES) WPA2 is probably secure enough for home usage -- but there is still risk of impersonation Thursday, February 25, 2010
  • 7. TRAFFIC MONITORING On OSX, from command line (with sudo): /System/Library/PrivateFrameworks/ Apple80211.framework/Versions/A/ Resources/airport Specify en1 sniff 1 as parameters to capture packets into /tmp/airportSniffxxxx.cap file WireShark is free utility for Windows, OSX or Linux that captures and displays packets Thursday, February 25, 2010
  • 8. HOW WPA WORKS WPA tried to fix WEP problems, while WPA2 was a new approach to solving security problem 802.1X port access control is key to successful use This “Enterprise” approach depends on separate RADIUS authentication server -- each new session gets a fresh key, good for a short time Home networks don’t use RADIUS, so a “Pre Shared Key” (PSK) is used Thursday, February 25, 2010
  • 9. WPA KEY HANDSHAKE Thursday, February 25, 2010
  • 10. COW PATTY ATTACK Where 802.1X not available, PSK may be sniffed from other authenticating stations KisMac and coWPAtty use dictionary and other attacks to guess the PSK from captured packets Packet injection can force re-connects to capture coWPAtty with Rainbow Tables (pre-calculated hashes) can test >18,000 pass-phrases per second Thursday, February 25, 2010
  • 11. WPA CRACKER Regular WPA-PSK cracking on “business grade” hardware can take up to two weeks “WPA Cracker” is a commercial service using cloud- based computing with 400 nodes, which can crack a WPA key in 20 minutes for $34 This is based on 135 million word dictionary attack -- therefore a strong password can defeat this class Businesses now know the price of security Thursday, February 25, 2010
  • 12. BOGUS HOTSPOTS Any computer can also be a Wireless Access Point Windows 7 has new feature “SoftAP” -- which can be used for Internet Connection Sharing (use Connectify for example -- http://connectify.me/) However, the “bad guys” can capture all of the packets which pass through their system, even if they connect to you with WEP or WPA Bad guys can use similar names, e.g., Webster-Wi-Fi Thursday, February 25, 2010
  • 13. MAC SPOOFING Some Access Points allow restriction based on the MAC (Media Access Control) address This is good basic security, but not reliable -- because attackers can simply sniff for “trusted” address and use that in their own systems 802.1x makes this more difficult for attackers Thursday, February 25, 2010
  • 14. SUPPRESSING SSID Most Wi-Fi networks broadcast their network name -- called the SSID Security may be improved by disabling this feature for a home or business network However, experienced hackers will simply monitor authorized connections to learn the SSID Thursday, February 25, 2010
  • 15. MAN IN THE MIDDLE A MITM attack means intruder pretends to be authorized gateway, but intercepts and can change packets (this was used by Japanese team with TKIP) Example: Video of “Cain” tool, with packet capture and WEP cracking cracking-wep-with-airpcap-packet-injection-and-cain-and-abel.wmv Thursday, February 25, 2010
  • 16. BYPASSING AIRPORT WI-FI Frequent airport travelers know about airport Wi-Fi Such systems intercept HTTP, redirect to a login page before allowing access (e.g., Boingo Hotspot) Most airport Wi-Fi allows DNS lookups -- some direct, and some via DNS relay If port 53 is allowed, then you can run OpenVPN using UDP port 53 to your home system If DNS relayed, then use DNS tunnel (Linux mostly) Thursday, February 25, 2010
  • 17. AIRPORT RISKS “Free” Wi-Fi hotspots in an airport or cafe might belong to a hacker, who is capturing traffic -- including, potentially, user names & passwords Hackers can also relay HTTPS -- so don’t assume your password is safe at a public Hot Spot Most hotspots don’t use WEP or WPA -- so most traffic is not encrypted (unless SSH or SSL is used) Thursday, February 25, 2010
  • 18. WI-FI SECURITY ADVICE Avoid WEP and WPA/TKIP, use WPA2 or WPA/AES If using in a business, use 802.1X -- otherwise make sure you have PSK length > 20 characters Use MAC access control (restrict connecting devices based on their internal address) Use VPN for truly sensitive information Thursday, February 25, 2010
  • 19. COMMERCIAL RISKS TJ Maxx is classic example of Wi-Fi vector: resulted in loss of 45 million customer records (Credit Card details) The weakness was the use of WEP to secure a LAN, which was exploited by the hackers This breach cost the company $12 million in direct costs, not including the subsequent remedial work and loss of PCI compliance Average cost of a Data Breach rose to $200 per customer record in 2009, according to Ponemon Institute study -- average total cost rose to $6.75m Thursday, February 25, 2010
  • 20. LEGAL ASPECTS In many countries, hacking other’s Wi-Fi is illegal -- therefore, do any tests using your OWN gear See NCSL web site for summary of States’ laws “Unauthorized access” can attract serious prosecutions, fines and criminal charges Within Webster University, unauthorized Wi-Fi access could be grounds for expulsion Thursday, February 25, 2010
  • 21. LATEST WI-FI TRENDS Passive-Aggressive SSIDs now used by some... e.g.: YOURDOGPOOPSINMYYARD TURNTHEMUSICDOWN CAITLINSTOPUSINGOURINTERNET WECANHEARYOUHAVINGSEX OBAMAISASOCIALIST Thursday, February 25, 2010
  • 22. THANK YOU! Any questions? Comments? Discussion.... Thursday, February 25, 2010