The Threats to Security Associated With Using Wi-Fi

7/29/2019 The Threats to Security Associated With Using Wi-Fi

1/6

UNIVERSITY OF SUNDERLAND

The threats to security

associated with using Wi-Fi in a business

environment.A Critical analysis of current security

techniquesRobert Ian Hawdon

29/01/2012

Wi-Fi networks are very popular amongst both home users and businesses. But with ever smarter,

tech-savvy, computer hackers, can we trust personal data to be transferred using this method?


2/6

2 | P a g e

Robert Ian Hawdon

Introduction

Wireless networking makes life easy for

those that use it. But, unless it is properlyconfigured, it is also remarkably easy to

attack. (Bradbury, 2011)

The IEEE 802.11 standard, which implements

wireless local area network, has extended the

abilities that were once limited in a

networking environment by allowing users to

use portable devices on a network without

the need for wires, or the ability to build a

network in a building where wires are just not

an option. (Rowan, 2010)

The problem with wireless networks though is

that, unlike modern wired solutions which will

protect users from being spied upon, wireless

connections can be intercepted.

Several standards have been used to improve

wireless security, but older standards such as

WEP can be easily broken into, andWPA/WPA2, although there is no known way

of cracking, can be broken into via other

hacking methods, such as social engineering.

Broadcasting Personal

Information

When using a wireless connection, there is no

way to only allow certain devices to receive

your information. Its essentially the same as

overhearing a conversation in a public place.

Whilst you cant physically block devices

listening to your traffic, it is possible to

scramble the data, so that unauthorised

devices cant understand whats being

broadcast. (Saito, 2011)

WEP, which stands for Wired Equivalent

Privacy, aimed to secure a wireless network to

the same standard as a wired one. Sadly, due

to the way WEP encrypts, using whats known

as an Initialisation Vector or IV (used to

power the RC4 ciphering algorithm), and a

shared key. The IV is always 24bit, and it is

borrowed from the overall bits used for the

WEP key (a 64bit key leaves 40 bits for the

shared key, and a 128bit key leaves 104 bits).

The IV is broadcast between devices in plain

text, and are rarely changed, which means if

someone was to monitor the connection long

enough, they would be able to figure out the

key used to access the network, and use that

to monitor the traffic on that network.

(Rowan, 2010)

If an attacker was able to see the raw traffic

going through a network, they would be able

to cause a considerable amount of damage, as

most Internet traffic is broadcast in plain text,

and from this, an attacker would be able to

capture data, such as usernames, passwords,

or cookies.

A penetration tester could easily demonstrate

accessing someones online account by using

freely available tools. If the tester has access

to a WPA2 network, and the MAC addresses

of the clients router and computer, then

theyll also be able to view the packets on

these more secure networks. This kind of

attack is known as Social Engineering, where

the attacker cleverly gets the password for a

network, by either directly, or indirectly

asking someone who knows it. Thepenetration tester will probably have been

given the WPA2 key if their testing

environment is from the point of view of an

employee in a company.

Once a hacker has access to a breached

wireless network, they can easily view

unsecure traffic travelling over the network,

which is a huge security threat for both the

company, and the individuals using it.


3/6

3 | P a g e

Robert Ian Hawdon

An example of a security

breach

Lets say, for example, and employee of acompany, in his spare time, uses the

companys wireless network to access, the

popular social network service, Facebook. By

default, Facebook uses an insecure HTTP

service, this means any data passed from the

users browser, and the server and back, could

be intercepted at any point.

A hacker within range of the wireless network

could use a packet sniffer, such as WireShark,to view the packets being sent over this

network, in real time. Theoretically, if the user

was to log in to Facebook at the same time

the hacker was monitoring the network, one

of the packets sent to Facebook would

contain the victims username and password.

But in practice, users set their accounts to

automatically log in, or are already logged in

when the attack is started. So, rather than

sniffing their username and password, the

hacker can then target cookies.

Sites like Facebook use cookies to allow the

service to authenticate the user each time a

page is loaded without requiring a username

and password. This cookie, known as a session

cookie, is transmitted on every page load

request, which means theres more

opportunity to capture one of these cookies.

(Gold, 2011) With this cookie, the hacker is

able to inject it into their own browser, go to

the Facebook site, and theyll be

automatically logged in with the victims

account.

From here, the hacker has a potentially

unlimited amount of data they can steal,

including the victims name, email address,

friends names, hometown, contact details, or

anything the user has decided to put on the

site, even if its not public. Without knowing

the users password, some things cant be

changed, but having the users email address

is the starting point for another attack.

(Hawdon, 2011)

In the worst case scenario, if the victims

password was captured, and that user uses

the same password for all of their accounts,

then theyve given the hacker to an almost

infinite amount of information about

themselves, which could be used for

Identification Theft. From a companys point

of view, if their business details were stolen,

the consequences would be so severe that it

could be enough to put them out of business.

Strengthening Wi-Fi

Encryption

When the IEEE 802.11 standard was defined,

there were concerns over how secure sending

data over airwaves would be. To remedy this,a standard of encrypting data was proposed.

As mentioned earlier, WEP was created to

make Wi-Fi networks more secure, and was

advertised as being as secure as a wired

network. In reality though, a WEP encrypted

network can be cracked into anywhere

between 5 to 30 minutes depending on how

busy the network is at the time of the attack.

(Rowan, 2010) This lead to the developmentof a more secure encryption protection

known as Wi-Fi Protected Access (WPA).

WPA uses the same encryption technique as

WEP, but treats the IV with a little more care,

increasing the size from 24bit to 48bit. This

means the collision issue from WEP is

practically eliminated; causing the WEP based

attack to be rendered useless. WPA adds

another layer of protection in called MIChael,which also protects the network from the kind


4/6

4 | P a g e

Robert Ian Hawdon

of attack used in WEP, known as a replay

attack where the attacker floods the WEP

network with packets to make an IV collision

occur more regularly. When the WPA network

detects a replay attack (which is achieved

when it sees two identical packets occur in a

minute) it will shut down the whole network

for another 60 seconds, this would make

hacking a WPA network very time consuming

and impractical.

WPA also has two modes of operation, the

most commonly used mode is WPA-PSK (Wi-Fi

Protected Access Pre Shared Key) where

both the access point, and the client know a

password which is needed to connect to the

wireless network. This has a similar issue that

WEP has in that the keys are rarely changed.

Weak passphrases can be brute forced, but

like any authentication system, care should be

taken to make sure a strong passphrase is

used. All WPA-PSK keys are 256bit, which is

more secure than the stronger WEP key

options.

The other mode WPA can be used in is an

Enterprise level using WPA-EAP (Wi-Fi

Protected Access Extensible Authentication

Protocol), this requires hardware that can use

this method of encryption such as a RADIUS

server. This method of encrypting on WPA

gives each device on the network a unique

key that cant be changed by the user. This is

by far the most secure option in terms of the

protection of sensitive data, but WPA (andWPA2) Wi-Fi enabled access points are still

vulnerable to other kinds of attacks sucks as

Denial of Service (DoS). (Odhiambo, Biermann

and Noel, 2009)

WPA was a stopgap used to address the issues

with WEP on old hardware, new hardware

supports a revised standard, WPA2, which

strengthens the network further, by using

Robust Security Network (RSN). RSNintroduces the concept of a 4 way handshake

which is another step taken to secure the

network, this is done when the client access

the access point. (The Institute of Electrical

and Electronics Engineers, Inc., 2004)

Using Wi-Fi in the

workplace

Does this mean Wi-Fi shouldnt be used in the

workplace? It would be a bit impractical to

boycott Wireless network access in a

workplace all together, as there would be

other ways to penetrate into a company viathe use of Trojen horses, any part of the

companys network thats publically available

online, or even by tricking an employee

though social engineering. (Wang, 2003)

Instead, care should be taken to ensure that a

wireless network cant be breached by any

amateur wannabe hacker. (Fourati, Ayed

and Banzekri, 2004)

Firstly, choosing the right kind of encryption isvital; a small company with only a few

employees wouldnt generally need to bother

with enterprise WPA2 as the equipment

needed to set up such a network would be

impractical when the personal WPA2-PSK

method is still secure enough. In a large

enterprise, the more secure solution, with a

RADIUS server should be used. Unsecure

networks and WEP networks should never be

used, especially when sensitive data could be

sent over the network.

Secondly, most routers, and/or access points

have the option of filtering by MAC (Media

Access Control) address, whilst this wont stop

anyone from viewing unsecured or WEP

traffic, it will stop them from connecting to

the network in question. This can be

overcome by more serious hackers if they

know a MAC address of a computer that is

trusted on the network (which could be


5/6

5 | P a g e

Robert Ian Hawdon

acquired though the use of a packet sniffer),

and make their network card spoof another

MAC specifically to connect to the

compromised network.

Finally, the company can opt for their access

points to not broadcast its SSID (Service Set

IDentifaction), which will make their network

invisible, or appear as an unnamed network.

This would then require the user to know

both the SSID as well as the encryption key

needed to gain access. This isnt

recommended though, as SSID requests will

be sent in plain text, and its also possible for

a hacker to fake an access point to capture

data. (Davies, 2007)

Conclusion

In conclusion, there is no sure way of securing

a wireless network connection and using a

wired connection is far more secure. But if a

wireless connection is nessessary, using the

newer encryption methods such as WPA2 is

currently the most secure way of ensuring

data is kept safe.


6/6

6 | P a g e

Robert Ian Hawdon

Works CitedBradbury, D. (2011) 'Hacking wifi the easy

way', Network Security, vol. 2011, no. 2,

February, pp. 9-12.

Davies, J. (2007) Non-broadcast Wireless

Networks with Microsoft Windows, 19 April,

[Online], Available:

http://technet.microsoft.com/en-

us/library/bb726942.aspx#EDAA [29 January

2012].

Fourati, A., Ayed, H.K.B. and Banzekri, A.

(2004) 'Security issues of M-commerce over

hotspot networks', 2004 IEEE Wireless

Communications And Networking Conference

(Vol 1-4), New York, 873-878.

Gold, S. (2011) 'The cookie monster',

Computer Fraud & Security, vol. 2011, no. 9,

September, pp. 12-15.

Hawdon, R.I. (2011) How To Hack Into A

Friend's Facebook Account, 9 December,

[Online], Available:

http://robertianhawdon.me.uk/blog/2011/12

/09/how-to-hack-into-a-friends-facebook-

account/[25 January 2012].

Odhiambo, O.N., Biermann, E. and Noel, G.

(2009) 'An integrated security model for

WLAN', AFRICON, 2009, Nairobi, 1-6.

Rowan, T. (2010) 'Negotiation WiFi security',

Network Security, vol. 2010, no. 2, February,

pp. 8-12.

Saito, W.H. (2011) 'Our Naked Data', Futurist,

vol. 45, no. 4, July/August, pp. 42-45.

The Institute of Electrical and Electronics

Engineers, Inc. (2004) 'IEEE Standard for

Information technology

Telecommunications and information

exchange between systems Local and

metropolitan area networks Specific

requirements - Part 11: Wireless LAN Medium

Access Control (MAC) and Physical Layer (PHY)

specifications - Amendment 6: Medium

Access Control (MAC) Security

Enhancements', IEEE Std 802.11i-2004, New

York, 1-190.

Wang, W. (2003) Steal This Computer Book 3,

San Francisco: No Starch Press, Inc.
http://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA

Documents

The Threats to Security Associated With Using Wi-Fi