Cracking the Window to WiFi

Michael Stamat


  • Wireless Technology
  • Basic Wireless Issues
  • Forms of Encryption
  • Bypassing Security
  • Protection Methods
  • Conclusion

Wireless Technology

  • Why Wireless?
  • Portability, convenience, flexibility
  • Increased productivity, lower installation costs
  • Data synchronization
  • Application sharing
  • Advanced network services

Problems with Wireless

  • Wired vulnerabilities still apply
  • Unauthorized access attempts are more convenient
  • Unencrypted traffic (or poor encryption) can be more readily intercepted
  • DoS attacks now wireless capable

Problems with Wireless (continued)

  • Corruption of sensitive data – improper synchronization
  • Identity theft more transparent
  • Attacker can deploy unauthorized equipment
  • Data extraction - improperly configured devices

Forms of Encryption

  • Wired Equivalent Privacy (WEP)
  • WiFi Protected Access (WPA)
  • Pre-Shared Key (WPA-PSK)

Wireless Equivalent Privacy (WEP)

  • Based on a security scheme, RC4
  • combination of secret user keys and system-generated values.
  • Originally 40-bit encryption (weak headers)
  • Now 128-bit encryption
  • key length of 104 bits, not 128 bits or better (including 152-bit and 256-bit WEP systems).
  • Still vulnerable

WiFi Protected Access (WPA-PSK)

  • One of the most widely implemented
  • Resolves WEP issues (weak headers)
  • Message passes through MIC using TKIP
  • Encryption keys automatically changed over a period of time (rekeying)
  • Authentication can be exploited
  • Passphrase 8 – 23 characters required

Let’s Crack some WiFi!!!!

  • Tools Needed
  • Kismet
  • Aircrack Suite
  • airodump - Grabbing IVs
  • aircrack - Cracking the IVs
  • airdecap - Decoding captured packets
  • airreplay - packet injector to attack APs.
  • kismet - Network Sniffer, can grab IVs as well.


  • Collecting the data
  • The Handshake
  • Designed to occur over insecure channels and in plaintext
  • Dictionary Brute Force
  • Need a good dictionary!

Live Demo!

  • Demo cracking a WPA connection
  • Demo cracking a WEP connection

Protection Methods

  • Change default admin password and username
  • Enable MAC Address Filtering (minor hurdle to hackers)
  • Change default SSID (or disable broadcast) (minor hurdle to hackers)
  • Assign Static IP addresses (minor to hurdle)
  • Do not Auto-Connect to open WiFi networks
  • Position router to avoid a propagating signal
  • Turn off router during extended non-use

In Review

  • Wireless Technology
  • Basic Wireless Issues
  • Forms of Encryption
  • Bypassing Security
  • Protection Methods
  • Conclusion

:articles:wirelesscracking.odp :articles:wirelesscracking.ppt