Wi-Fi is a technology for wireless local area networking using radio wave transmission and based on the IEEE 802.11 standard. Wi-Fi is used widely in private homes as a convenient and inexpensive method of networking. Many businesses and public places provide Wi-Fi as an amenity for both employees and customers. Wi-Fi networks can be set up in Peer-to-Peer mode or Access Point (AP) mode, and authentication modes include:
With the widespread adoption of Wi-Fi, we often fail to recognize the fundamental security weakness of a wireless network. Since the transmission is over radio waves, it is difficult to prevent a rogue user from having access to the wireless signals that are within range. Some techniques touted to improve WiFi security (such as preventing SSID broadcasting, MAC address filtering) are quite ineffective – a hacker with knowledge of wireless sniffing tools (such as Kismet, NetStumbler and others) can easily sniff the SSID and MAC addresses from the packets circulating on the network and gain access to the wireless network. Encryption is the most effective mechanism available to protect communication over Wi-Fi. Security protocols and encryption mechanisms on the IEEE 802.11 standard have evolved over the years and include the following:
As mentioned above, WEP is very easy to crack. WPA and WPA2 are less exploitable than WEP; however, an attacker can still crack WPA/WPA2 by capturing WPA/WPA2 authentication handshake packets and performing an offline attack. WPA with user-chosen Pre-Shared Keys (PSK) can be cracked using dictionary attacks or through offline brute-force attacks. Using a long enough random password (e.g. 14 random letters) or passphrase makes pre-shared key WPA difficult to crack. WPA/WPA2 networks with active wireless clients are susceptible to “de-authentication attacks” where the attacker forces the client to disconnect from and reconnect to the AP and captures the authentication packets using a tool such as Airplay. The Pairwise Master Key (PMK) included in the authentication handshake may be brute-forced using tools such as AirCrack. WPA2 with strong authentication and AES encryption is nearly impossible to crack.
The IEEE 802.11 has evolved from an extension of the wired LAN into the wireless channel to a mature protocol that supports enterprise authentication, strong encryption and quality of service. However, the type of authentication used (user-chosen PSK versus 2-factor mechanisms) and the type of encryption used determine the strength of the wireless network and its vulnerability to hacking attacks.
Contributed by Dr. Sarbari Gupta