Presentation outline ● Brief history of Wi-Fi security ● Early Wi-Fi protection and its in-effectiveness ● Current Wi-Fi protections and how they're attacked ● Why using free Wi-Fi hotspots are bad ● Finally the good stuff; actual hacking
Disclaimer You’re going to learn some things today that could potentially get you in trouble. Everything presented today is for educational purposes only. If you want to try this out, do it on your own equipment and networks. You are responsible for your own actions!
A brief and incomplete history of Wi-Fi security ● 1997: Wi-Fi with Wired Equivalent Privacy (WEP) released ● 2001: Researchers figure out how to break WEP :( ● 2002: Wi-Fi Protected Access (WPA) released as a quick fix ● 2004: WPA2 released, people told to stop using WEP ● 2008 - 2018: Researchers discover ways to attack WPA2 ● 2019: Waiting for WPA3 to fix this mess
Encryption: The process of converting information into an unintelligible form by means of a key Decryption: Reversing the encryption process using the same key that was used for encryption
Caesar cipher: each letter is "shifted" down the alphabet by a certain number (key). Message : HACK THE PLANET Key : 3 Encrypted: KDFN WKH SODQHW To decrypt it, just reverse the process using the same key used to encrypt it.
Wired Equivalent Privacy (WEP) ● A solution to encrypt data in early Wi-Fi networks ● Allow only authorized users into your Wi-Fi network ● Failed because it the implementation was horribly flawed ● Gave a false sense of security ● The options became no protection, or protection that didn't work WEP in a nutshell
How bad was it? ● Easily decrypt your Wi-Fi data as if it weren't encrypted at all ● Retrieve your Wi-Fi access key to log into your Wi-Fi network without you knowing
Free Wi-Fi because they <3 u? ● Advertisements from sponsors generate revenue ● User behaviour and tracking so they know what your interests are ● Smart targeting based on location, gender, habits, purchases ● Login to the service using your social network so they can promote themselves to your followers
Have you noticed that if you’ve connected to a Starbucks Wi-Fi in one location, your device automatically connects to a Starbucks Wi-Fi anywhere in the city without you having to do anything?
When your device connects to a Wi-Fi network, it remembers it. Your device will periodically probe for Wi-Fi networks it has connected to before, and try to connect to ones that it recognizes.
Evil Twin attack ● Hacker sets up a fake access point somewhere like a library without a Starbucks and calls it Starbucks WiFi ● Anyone’s device that has connected to Starbucks WiFi in the past will automatically connect to the hacker's fake Starbucks WiFi ● Hacker can now spy on your traffic I’m Batman! No, really.
superkojiman
mizunohiroaki
jordihofc
ybrliiu
gen519
xibuka
lmi
sat
sbtechnight
devops_vtj
iseki
oracle4engineer
bun913
orderedlist
skipperchong
lemiorhan
hatefulcrawdad
morganepeng
speakerdeck
holman
jlugia
jensimmons
quramy
chriscoyier
sachag