Wireless Hacking: Things You Should Know
For a hacking to take place, there must be a communication connection between at least two devices, and the connection between them can be via a cable (LAN) or wireless. Most hacking processes you have learned so far are done over the internet, meaning that they have been remote hacks that you can carry out anywhere provided the target host is online, and you have an internet connection.
The kinds of hackers you hear about on the news causing so much trouble to your potential clients are remote hackers. However, there is an even more dangerous type of hacker who can compromise a computer system by finding vulnerabilities in local computers using the client’s wireless network. More and more corporations and even individuals are hiring whitehat hackers to try to hack their wireless systems to know just how safe you are.
In this and the next hour, we will cover wireless hacking. This chapter will cover all the important things you need to know about wireless networks to prepare you for the different kinds of networks you will encounter and how easy or difficult it is to hack each one. You will learn what hidden networks are and find out how much of a challenge they are to a hacker. This hour is meant to give you a rough idea on how different kinds of wireless networks are usually hacked.
9.1 Understanding Wireless Security Levels
Wireless networks can be classified according to how secure they are. The various wireless network security protocols will need different hacking strategies, but first, let us summarize how many there are:
9.2 Open Wireless Network
A public wi-fi is a free wireless network that is typically available to the public to connect to the access point (wireless router) and access the internet. There are two types of open wireless networks:
9.2.1 Open unrestricted
This is a kind of network where anyone can connect to and use without limitations. This is the kind of network used in public places such as trains, restaurants, and Wi-Fi hotspots that offer free internet access.
9.2.2 Open but restricted
With this kind of network, users can connect to the access point, but this does not guarantee access to the internet. This kind of connection has another layer of authentication beneath the open protocol.
Considering that hacking a wireless network refers to finding the router’s password, you can hack the open but restricted but not the open, unrestricted network. However, in the scope of this book, both of these networks do not require hacking.
9.3 WEP (Wired Equivalent Privacy)
Wireless Networks
Picture this as a house that asks you for a password before the door opens for you. Using tools that come with Kali Linux, you will be able to hack this type of network within minutes because WEP is the least secure security protocol. ISPs who require users to log in to access the internet on their network, schools and colleges that require students to log in with their student ID and password to access the internet and large offices still use this security protocol. However, WEP is less common today as security-conscious network admins prefer WPA and WPA-2.
9.4 WPA (Wi-Fi Protected Access)
Wireless Networks
The development of the WPA and later WPA-2 security protocol was a direct response to the apparent vulnerabilities that WEP standard had. WPA was officially adopted in 2003, just a year before the WEP was officially retired. The most common configurations of WPA is Pre-Shared Key (WPA-PSK) which features a 256-bit encryption system that can either use TKIP (Temporary Key Integrity Protocol) or AES (Advanced Encryption Standard).
As far as security goes, the TKIP is an earlier a stopgap encryption protocol that is no longer considered secure because it is easier to hack. This means that as an ethical hacker, you will have an easier time with a TKIP Wi-Fi than AES.
The AES was introduced with WPA-2 as a replacement for TKIP in WPA, and it is considered so secure that even the US military uses it.
9.5 Hidden Networks
Any type of Wi-Fi networks we have discussed can be hidden. Consider it “security through obscurity.” A hidden network does not broadcast its name (called SSID) and is, therefore, a little bit harder to access or hack. It is a lot like trying to pick a lock to a door you do not know where it is located.
Kali Linux comes with several tools that you will use to scan for and find hidden network SSIDs.
You have two options to find a hidden network: passive and active. With the passive method, you can wait until a client connects to the network to locate the network from the clues the client leaves behind. The active method involves deauthenticating clients on the network to force the access point to reveal the network details. However, finding and hacking hidden wireless networks is not the scope of this book.
9.6 What Makes WPA Networks so Secure?
Some of the changes implemented in WPA that makes it more secure than WEP include message integrity checks, which are carried out to determine whether an intruder had intercepted or altered packets exchanged between a client and the access point.
The WPA-2 protocol that was launched in 2006 introduced Counter Cipher Mode with Block Chaining Message Authentication Protocol (CCMP) which is essentially what makes the AES more secure than the TKIP.
One of the top weakness of the AES is brute-force attacks, which can be prevented by using strong and complex passphrases. The Wi-Fi Protected Setup (WPS) remains the biggest hole in the WPA armor because an intruder just needs to gain access to the secured Wi-Fi network to access the keys they need to hack devices on the network.
In summation...
Now that you have a general idea of the various types of wireless network security protocols, you are better armed to learn how to hack a Wi-Fi network. In the next hour, we will get our hands' dirty learning to hack WPA and WPA-2 WiFi networks.
Hour 10: Hacking WPA/WPA-2 Wireless Networks
I will be straight with you and say that hacking a WPA/WPA-2 network is a tedious and most cases time consuming job. In some cases, a dictionary attack may take days, and even then it may not be a success. Also, the best dictionaries you will need to download are huge files. This is so because a brute force or dictionary attack is a trial-and-error approach to establish a connection with an access point using different combinations of all the letters of the alphabet in both upper and lower case, numbers, and common symbols.
Rainbow tables, which are known to speed up the hacking process by completing parts of the letter, number, and symbol combinations, is a large file that could be hundreds of gigabytes. This hour, we will learn two of the most effective ways to hack a wireless WPA or WPA-2 network to introduce you to the world of on-location wireless penetration.
Comments
Post a Comment