Introduction to WiFi Security

Introduction to WiFi Security

This was a short presentation I gave on WiFi hacking at Cycura Inc for the first HackStudent event.


Harold Rodriguez

October 21, 2018


  1. 3.

    Presentation outline • Brief history of Wi-Fi security • Early

    Wi-Fi protection and its in-effectiveness • Current Wi-Fi protections and how they're attacked • Why using free Wi-Fi hotspots are bad • Finally the good stuff; actual hacking
  2. 4.

    Disclaimer You’re going to learn some things today that could

    potentially get you in trouble. Everything presented today is for educational purposes only. If you want to try this out, do it on your own equipment and networks. You are responsible for your own actions!
  3. 5.

    A brief and incomplete history of Wi-Fi security • 1997:

    Wi-Fi with Wired Equivalent Privacy (WEP) released • 2001: Researchers figure out how to break WEP :( • 2002: Wi-Fi Protected Access (WPA) released as a quick fix • 2004: WPA2 released, people told to stop using WEP • 2008 - 2018: Researchers discover ways to attack WPA2 • 2019: Waiting for WPA3 to fix this mess
  4. 6.

    Types of attacks on Wi-Fi networks • Eavesdropping Wi-Fi communications

    • Cracking Wi-Fi passwords • Phishing attacks • Man-in-the-Middle attacks • Fake Wi-Fi access points • The list goes on…
  5. 9.

    Encryption: The process of converting information into an unintelligible form

    by means of a key Decryption: Reversing the encryption process using the same key that was used for encryption
  6. 10.

    Caesar cipher: each letter is "shifted" down the alphabet by

    a certain number (key). Message : HACK THE PLANET Key : 3 Encrypted: KDFN WKH SODQHW To decrypt it, just reverse the process using the same key used to encrypt it.
  7. 11.

    Wired Equivalent Privacy (WEP) • A solution to encrypt data

    in early Wi-Fi networks • Allow only authorized users into your Wi-Fi network • Failed because it the implementation was horribly flawed • Gave a false sense of security • The options became no protection, or protection that didn't work WEP in a nutshell
  8. 12.

    How bad was it? • Easily decrypt your Wi-Fi data

    as if it weren't encrypted at all • Retrieve your Wi-Fi access key to log into your Wi-Fi network without you knowing
  9. 17.

    Free Wi-Fi because they <3 u? • Advertisements from sponsors

    generate revenue • User behaviour and tracking so they know what your interests are • Smart targeting based on location, gender, habits, purchases • Login to the service using your social network so they can promote themselves to your followers
  10. 18.

    In many cases, you may be paying for the service

    with your private information.
  11. 19.

    Best thing to do is to read the Terms of

    Service before agreeing to use the hotspot.
  12. 23.

    Have you noticed that if you’ve connected to a Starbucks

    Wi-Fi in one location, your device automatically connects to a Starbucks Wi-Fi anywhere in the city without you having to do anything?
  13. 24.

    When your device connects to a Wi-Fi network, it remembers

    it. Your device will periodically probe for Wi-Fi networks it has connected to before, and try to connect to ones that it recognizes.
  14. 25.

    Probe requests Hom e W iFi are you there? TTC

    WiFi are you there? Starbucks WiFi are you there?
  15. 27.

    What happens if your school Wi-Fi and Starbucks Wi-Fi are

    both within range? Your device connects to the access point with the stronger signal.
  16. 28.

    Evil Twin attack • Hacker sets up a fake access

    point somewhere like a library without a Starbucks and calls it Starbucks WiFi • Anyone’s device that has connected to Starbucks WiFi in the past will automatically connect to the hacker's fake Starbucks WiFi • Hacker can now spy on your traffic I’m Batman! No, really.
  17. 30.

    Don’t trust open Wi-Fi access points! If you must use

    one, at least use a VPN to encrypt all your traffic.