How to Hack WiFi
(Wireless) Network
Wireless networks are accessible to anyone within the router’s
transmission radius. This
makes them vulnerable to attacks. Hotspots are available in public places such
as airports, restaurants, parks, etc.
In
this tutorial, we will introduce you to common techniques used to exploit
weaknesses in wireless network security implementations. We will also look
at some of the countermeasures you can put in place to protect against such
attacks.
What is a wireless network?
A
wireless network is a network that uses radio waves to link computers and other
devices together. The implementation is done at the Layer 1 (physical layer) of
the OSI model.
How to access a wireless network?
You
will need a wireless network enabled device such as a laptop, tablet,
smartphones, etc. You will also need to be within the transmission radius of a
wireless network access point. Most devices (if the wireless network option is
turned on) will provide you with a list of available networks. If the network
is not password protected, then you just have to click on connect. If it is
password protected, then you will need the password to gain access.
Wireless Network Authentication
Since
the network is easily accessible to everyone with a wireless network enabled
device, most networks are password protected. Let’s look at some of the most
commonly used authentication techniques.
WEP
WEP
is the acronym for Wired Equivalent Privacy. It was developed for IEEE 802.11
WLAN standards. Its goal was to provide the privacy equivalent to that provided
by wired networks. WEP works by encrypting the data been transmitted over the
network to keep it safe from eavesdropping.
WEP Authentication
Open
System Authentication (OSA) – this methods grants access to station
authentication requested based on the configured access policy.
Shared
Key Authentication (SKA) – This method sends to an encrypted challenge to the
station requesting access. The station encrypts the challenge with its key then
responds. If the encrypted challenge matches the AP value, then access is
granted.
WEP Weakness
WEP
has significant design flaws and vulnerabilities.
- The integrity of the packets is
checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can be compromised by
capturing at least two packets. The bits in the encrypted stream and the
checksum can be modified by the attacker so that the packet is accepted by
the authentication system. This leads to unauthorized access to the network.
- WEP uses the RC4 encryption
algorithm to create stream ciphers. The
stream cipher input is made up of an initial value (IV) and a secret key.
The length of the initial value (IV) is 24 bits long while the
secret key can either be 40 bits or 104 bits long. The total length of
both the initial value and secret can either be 64 bits or 128 bits long.The
lower possible value of the secret key makes it easy to crack it.
- Weak Initial values
combinations do not encrypt sufficiently.
This makes them vulnerable to attacks.
- WEP is based on passwords; this
makes it vulnerable to dictionary attacks.
- Keys management is poorly
implemented. Changing keys especially on
large networks is challenging. WEP does not provide a centralized key
management system.
- The Initial values can be
reused
No comments:
Post a Comment