This was a short presentation I gave on WiFi hacking at Cycura Inc for the first HackStudent event.
An Introduction to
Wi-Fi Hacking Security
Hacks for CYCURA
Brief history of Wi-Fi security
Early Wi-Fi protection and its in-effectiveness
Current Wi-Fi protections and how they're attacked
Why using free Wi-Fi hotspots are bad
Finally the good stuff; actual hacking
You’re going to learn some things today
that could potentially get you in trouble.
Everything presented today is for
educational purposes only.
If you want to try this out, do it on your
own equipment and networks.
You are responsible for your own actions!
A brief and incomplete history of Wi-Fi security
1997: Wi-Fi with Wired Equivalent Privacy (WEP) released
2001: Researchers figure out how to break WEP :(
2002: Wi-Fi Protected Access (WPA) released as a quick fix
2004: WPA2 released, people told to stop using WEP
2008 - 2018: Researchers discover ways to attack WPA2
2019: Waiting for WPA3 to fix this mess
Types of attacks on Wi-Fi networks
Eavesdropping Wi-Fi communications
Cracking Wi-Fi passwords
Fake Wi-Fi access points
The list goes on…
Encryption in the early days of Wi-Fi
What is encryption anyway?
Encryption: The process of converting
information into an unintelligible form by
means of a key
Decryption: Reversing the encryption process
using the same key that was used for
Caesar cipher: each letter is "shifted" down
the alphabet by a certain number (key).
Message : HACK THE PLANET
Key : 3
Encrypted: KDFN WKH SODQHW
To decrypt it, just reverse the process using
the same key used to encrypt it.
Wired Equivalent Privacy (WEP)
A solution to encrypt data in early
Allow only authorized users into your
Failed because it the implementation
was horribly flawed
Gave a false sense of security
The options became no protection, or
protection that didn't work
WEP in a nutshell
How bad was it?
Easily decrypt your Wi-Fi data as if it weren't
encrypted at all
Retrieve your Wi-Fi access key to log into your
Wi-Fi network without you knowing
Freely available tools made WEP hacking easy
Most Wi-Fi networks today use WPA2, and
WEP networks are almost non-existent
WPA2 is significantly more secure and robust!
Hacking it is a lot harder (for now)
Free Wi-Fi Hotspots
or “thanks for your private info!”
Free Wi-Fi because they <3 u?
Advertisements from sponsors generate revenue
User behaviour and tracking so they know what your interests are
Smart targeting based on location, gender, habits, purchases
Login to the service using your social network so they can promote themselves to
In many cases, you may be paying for the
service with your private information.
Best thing to do is to read the Terms of
Service before agreeing to use the hotspot.
Just kidding, nobody reads those.
But how safe are free Wi-Fi hotspots anyway?
Attacking open Wi-Fi networks
Have you noticed that if you’ve connected to a
Starbucks Wi-Fi in one location, your device
automatically connects to a Starbucks Wi-Fi
anywhere in the city without you having to do
When your device connects to a Wi-Fi
network, it remembers it.
Your device will periodically probe for Wi-Fi
networks it has connected to before, and try
to connect to ones that it recognizes.
TTC WiFi are you
there? Starbucks WiFi are
Capturing probe requests
What happens if your school Wi-Fi and
Starbucks Wi-Fi are both within range?
Your device connects to the access point with
the stronger signal.
Evil Twin attack
Hacker sets up a fake access point somewhere
like a library without a Starbucks and calls it
Anyone’s device that has connected to
Starbucks WiFi in the past will automatically
connect to the hacker's fake Starbucks WiFi
Hacker can now spy on your traffic
I’m Batman! No, really.
Evil Twin attack
Don’t trust open Wi-Fi access points!
If you must use one, at least use a VPN to
encrypt all your traffic.
Overpriced hipster Macbook Pro + wireless
About $3,000 (dongles not included)
Ugly PC laptop + wireless adapter
Between $300 to $600
But wait, it's 2018 and everyone has a laptop!
Wireless adapter: $20
Hacking Wi-Fi is cheap and easy!
And that should terrify you.
Q & A
Email: [email protected]
Email: [email protected]