Introduction to WiFi Security

Transcript

1. An Introduction to Wi-Fi Hacking Security

2. Harold Rodriguez Hacks for CYCURA Cybersecurity researcher Penetration tester Me

   hacking

3. Presentation outline • Brief history of Wi-Fi security • Early

   Wi-Fi protection and its in-effectiveness • Current Wi-Fi protections and how they're attacked • Why using free Wi-Fi hotspots are bad • Finally the good stuff; actual hacking

4. Disclaimer You’re going to learn some things today that could

   potentially get you in trouble. Everything presented today is for educational purposes only. If you want to try this out, do it on your own equipment and networks. You are responsible for your own actions!

5. A brief and incomplete history of Wi-Fi security • 1997:

   Wi-Fi with Wired Equivalent Privacy (WEP) released • 2001: Researchers figure out how to break WEP :( • 2002: Wi-Fi Protected Access (WPA) released as a quick fix • 2004: WPA2 released, people told to stop using WEP • 2008 - 2018: Researchers discover ways to attack WPA2 • 2019: Waiting for WPA3 to fix this mess

6. Types of attacks on Wi-Fi networks • Eavesdropping Wi-Fi communications

   • Cracking Wi-Fi passwords • Phishing attacks • Man-in-the-Middle attacks • Fake Wi-Fi access points • The list goes on…

7. Encryption in the early days of Wi-Fi

8. What is encryption anyway?

9. Encryption: The process of converting information into an unintelligible form

   by means of a key Decryption: Reversing the encryption process using the same key that was used for encryption

10. Caesar cipher: each letter is "shifted" down the alphabet by

    a certain number (key). Message : HACK THE PLANET Key : 3 Encrypted: KDFN WKH SODQHW To decrypt it, just reverse the process using the same key used to encrypt it.

11. Wired Equivalent Privacy (WEP) • A solution to encrypt data

    in early Wi-Fi networks • Allow only authorized users into your Wi-Fi network • Failed because it the implementation was horribly flawed • Gave a false sense of security • The options became no protection, or protection that didn't work WEP in a nutshell

12. How bad was it? • Easily decrypt your Wi-Fi data

    as if it weren't encrypted at all • Retrieve your Wi-Fi access key to log into your Wi-Fi network without you knowing

13. Freely available tools made WEP hacking easy SCRIPT KIDDIES

14. Most Wi-Fi networks today use WPA2, and WEP networks are

    almost non-existent

15. WPA2 is significantly more secure and robust! Hacking it is

    a lot harder (for now)

16. Free Wi-Fi Hotspots or “thanks for your private info!”

17. Free Wi-Fi because they <3 u? • Advertisements from sponsors

    generate revenue • User behaviour and tracking so they know what your interests are • Smart targeting based on location, gender, habits, purchases • Login to the service using your social network so they can promote themselves to your followers

18. In many cases, you may be paying for the service

    with your private information.

19. Best thing to do is to read the Terms of

    Service before agreeing to use the hotspot.

20. Just kidding, nobody reads those.

21. But how safe are free Wi-Fi hotspots anyway?

22. Attacking open Wi-Fi networks

23. Have you noticed that if you’ve connected to a Starbucks

    Wi-Fi in one location, your device automatically connects to a Starbucks Wi-Fi anywhere in the city without you having to do anything?

24. When your device connects to a Wi-Fi network, it remembers

    it. Your device will periodically probe for Wi-Fi networks it has connected to before, and try to connect to ones that it recognizes.

25. Probe requests Hom e W iFi are you there? TTC

    WiFi are you there? Starbucks WiFi are you there?

26. DEMO TIME! Capturing probe requests

27. What happens if your school Wi-Fi and Starbucks Wi-Fi are

    both within range? Your device connects to the access point with the stronger signal.

28. Evil Twin attack • Hacker sets up a fake access

    point somewhere like a library without a Starbucks and calls it Starbucks WiFi • Anyone’s device that has connected to Starbucks WiFi in the past will automatically connect to the hacker's fake Starbucks WiFi • Hacker can now spy on your traffic I’m Batman! No, really.

29. DEMO TIME! Evil Twin attack

30. Don’t trust open Wi-Fi access points! If you must use

    one, at least use a VPN to encrypt all your traffic.

31. Equipment cost

32. Overpriced hipster Macbook Pro + wireless adapter About $3,000 (dongles

    not included)

33. Ugly PC laptop + wireless adapter Between $300 to $600

34. But wait, it's 2018 and everyone has a laptop! Wireless

    adapter: $20

35. Hacking Wi-Fi is cheap and easy! And that should terrify

    you.

36. Thank you! Q & A Email: [email protected] Email: [email protected] Twitter:

    @superkojiman