Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to WiFi Security

Introduction to WiFi Security

This was a short presentation I gave on WiFi hacking at Cycura Inc for the first HackStudent event.

Harold Rodriguez

October 21, 2018
Tweet

More Decks by Harold Rodriguez

Other Decks in Technology

Transcript

  1. An Introduction to
    Wi-Fi Hacking Security

    View full-size slide

  2. Harold Rodriguez
    Hacks for CYCURA
    Cybersecurity researcher
    Penetration tester
    Me hacking

    View full-size slide

  3. Presentation outline

    Brief history of Wi-Fi security

    Early Wi-Fi protection and its in-effectiveness

    Current Wi-Fi protections and how they're attacked

    Why using free Wi-Fi hotspots are bad

    Finally the good stuff; actual hacking

    View full-size slide

  4. Disclaimer
    You’re going to learn some things today
    that could potentially get you in trouble.
    Everything presented today is for
    educational purposes only.
    If you want to try this out, do it on your
    own equipment and networks.
    You are responsible for your own actions!

    View full-size slide

  5. A brief and incomplete history of Wi-Fi security

    1997: Wi-Fi with Wired Equivalent Privacy (WEP) released

    2001: Researchers figure out how to break WEP :(

    2002: Wi-Fi Protected Access (WPA) released as a quick fix

    2004: WPA2 released, people told to stop using WEP

    2008 - 2018: Researchers discover ways to attack WPA2

    2019: Waiting for WPA3 to fix this mess

    View full-size slide

  6. Types of attacks on Wi-Fi networks

    Eavesdropping Wi-Fi communications

    Cracking Wi-Fi passwords

    Phishing attacks

    Man-in-the-Middle attacks

    Fake Wi-Fi access points

    The list goes on…

    View full-size slide

  7. Encryption in the early days of Wi-Fi

    View full-size slide

  8. What is encryption anyway?

    View full-size slide

  9. Encryption: The process of converting
    information into an unintelligible form by
    means of a key
    Decryption: Reversing the encryption process
    using the same key that was used for
    encryption

    View full-size slide

  10. Caesar cipher: each letter is "shifted" down
    the alphabet by a certain number (key).
    Message : HACK THE PLANET
    Key : 3
    Encrypted: KDFN WKH SODQHW
    To decrypt it, just reverse the process using
    the same key used to encrypt it.

    View full-size slide

  11. Wired Equivalent Privacy (WEP)

    A solution to encrypt data in early
    Wi-Fi networks

    Allow only authorized users into your
    Wi-Fi network

    Failed because it the implementation
    was horribly flawed

    Gave a false sense of security

    The options became no protection, or
    protection that didn't work
    WEP in a nutshell

    View full-size slide

  12. How bad was it?

    Easily decrypt your Wi-Fi data as if it weren't
    encrypted at all

    Retrieve your Wi-Fi access key to log into your
    Wi-Fi network without you knowing

    View full-size slide

  13. Freely available tools made WEP hacking easy
    SCRIPT KIDDIES

    View full-size slide

  14. Most Wi-Fi networks today use WPA2, and
    WEP networks are almost non-existent

    View full-size slide

  15. WPA2 is significantly more secure and robust!
    Hacking it is a lot harder (for now)

    View full-size slide

  16. Free Wi-Fi Hotspots
    or “thanks for your private info!”

    View full-size slide

  17. Free Wi-Fi because they <3 u?

    Advertisements from sponsors generate revenue

    User behaviour and tracking so they know what your interests are

    Smart targeting based on location, gender, habits, purchases

    Login to the service using your social network so they can promote themselves to
    your followers

    View full-size slide

  18. In many cases, you may be paying for the
    service with your private information.

    View full-size slide

  19. Best thing to do is to read the Terms of
    Service before agreeing to use the hotspot.

    View full-size slide

  20. Just kidding, nobody reads those.

    View full-size slide

  21. But how safe are free Wi-Fi hotspots anyway?

    View full-size slide

  22. Attacking open Wi-Fi networks

    View full-size slide

  23. Have you noticed that if you’ve connected to a
    Starbucks Wi-Fi in one location, your device
    automatically connects to a Starbucks Wi-Fi
    anywhere in the city without you having to do
    anything?

    View full-size slide

  24. When your device connects to a Wi-Fi
    network, it remembers it.
    Your device will periodically probe for Wi-Fi
    networks it has connected to before, and try
    to connect to ones that it recognizes.

    View full-size slide

  25. Probe requests
    Hom
    e
    W
    iFi are
    you
    there?
    TTC WiFi are you
    there? Starbucks WiFi are
    you there?

    View full-size slide

  26. DEMO TIME!
    Capturing probe requests

    View full-size slide

  27. What happens if your school Wi-Fi and
    Starbucks Wi-Fi are both within range?
    Your device connects to the access point with
    the stronger signal.

    View full-size slide

  28. Evil Twin attack

    Hacker sets up a fake access point somewhere
    like a library without a Starbucks and calls it
    Starbucks WiFi

    Anyone’s device that has connected to
    Starbucks WiFi in the past will automatically
    connect to the hacker's fake Starbucks WiFi

    Hacker can now spy on your traffic
    I’m Batman! No, really.

    View full-size slide

  29. DEMO TIME!
    Evil Twin attack

    View full-size slide

  30. Don’t trust open Wi-Fi access points!
    If you must use one, at least use a VPN to
    encrypt all your traffic.

    View full-size slide

  31. Equipment cost

    View full-size slide

  32. Overpriced hipster Macbook Pro + wireless
    adapter
    About $3,000 (dongles not included)

    View full-size slide

  33. Ugly PC laptop + wireless adapter
    Between $300 to $600

    View full-size slide

  34. But wait, it's 2018 and everyone has a laptop!
    Wireless adapter: $20

    View full-size slide

  35. Hacking Wi-Fi is cheap and easy!
    And that should terrify you.

    View full-size slide

  36. Thank you!
    Q & A
    Email: [email protected]
    Email: [email protected]
    Twitter: @superkojiman

    View full-size slide