Upload
robert-ian-hawdon
View
217
Download
0
Embed Size (px)
Citation preview
7/29/2019 The Threats to Security Associated With Using Wi-Fi
1/6
UNIVERSITY OF SUNDERLAND
The threats to security
associated with using Wi-Fi in a business
environment.A Critical analysis of current security
techniquesRobert Ian Hawdon
29/01/2012
Wi-Fi networks are very popular amongst both home users and businesses. But with ever smarter,
tech-savvy, computer hackers, can we trust personal data to be transferred using this method?
7/29/2019 The Threats to Security Associated With Using Wi-Fi
2/6
2 | P a g e
Robert Ian Hawdon
Introduction
Wireless networking makes life easy for
those that use it. But, unless it is properlyconfigured, it is also remarkably easy to
attack. (Bradbury, 2011)
The IEEE 802.11 standard, which implements
wireless local area network, has extended the
abilities that were once limited in a
networking environment by allowing users to
use portable devices on a network without
the need for wires, or the ability to build a
network in a building where wires are just not
an option. (Rowan, 2010)
The problem with wireless networks though is
that, unlike modern wired solutions which will
protect users from being spied upon, wireless
connections can be intercepted.
Several standards have been used to improve
wireless security, but older standards such as
WEP can be easily broken into, andWPA/WPA2, although there is no known way
of cracking, can be broken into via other
hacking methods, such as social engineering.
Broadcasting Personal
Information
When using a wireless connection, there is no
way to only allow certain devices to receive
your information. Its essentially the same as
overhearing a conversation in a public place.
Whilst you cant physically block devices
listening to your traffic, it is possible to
scramble the data, so that unauthorised
devices cant understand whats being
broadcast. (Saito, 2011)
WEP, which stands for Wired Equivalent
Privacy, aimed to secure a wireless network to
the same standard as a wired one. Sadly, due
to the way WEP encrypts, using whats known
as an Initialisation Vector or IV (used to
power the RC4 ciphering algorithm), and a
shared key. The IV is always 24bit, and it is
borrowed from the overall bits used for the
WEP key (a 64bit key leaves 40 bits for the
shared key, and a 128bit key leaves 104 bits).
The IV is broadcast between devices in plain
text, and are rarely changed, which means if
someone was to monitor the connection long
enough, they would be able to figure out the
key used to access the network, and use that
to monitor the traffic on that network.
(Rowan, 2010)
If an attacker was able to see the raw traffic
going through a network, they would be able
to cause a considerable amount of damage, as
most Internet traffic is broadcast in plain text,
and from this, an attacker would be able to
capture data, such as usernames, passwords,
or cookies.
A penetration tester could easily demonstrate
accessing someones online account by using
freely available tools. If the tester has access
to a WPA2 network, and the MAC addresses
of the clients router and computer, then
theyll also be able to view the packets on
these more secure networks. This kind of
attack is known as Social Engineering, where
the attacker cleverly gets the password for a
network, by either directly, or indirectly
asking someone who knows it. Thepenetration tester will probably have been
given the WPA2 key if their testing
environment is from the point of view of an
employee in a company.
Once a hacker has access to a breached
wireless network, they can easily view
unsecure traffic travelling over the network,
which is a huge security threat for both the
company, and the individuals using it.
7/29/2019 The Threats to Security Associated With Using Wi-Fi
3/6
3 | P a g e
Robert Ian Hawdon
An example of a security
breach
Lets say, for example, and employee of acompany, in his spare time, uses the
companys wireless network to access, the
popular social network service, Facebook. By
default, Facebook uses an insecure HTTP
service, this means any data passed from the
users browser, and the server and back, could
be intercepted at any point.
A hacker within range of the wireless network
could use a packet sniffer, such as WireShark,to view the packets being sent over this
network, in real time. Theoretically, if the user
was to log in to Facebook at the same time
the hacker was monitoring the network, one
of the packets sent to Facebook would
contain the victims username and password.
But in practice, users set their accounts to
automatically log in, or are already logged in
when the attack is started. So, rather than
sniffing their username and password, the
hacker can then target cookies.
Sites like Facebook use cookies to allow the
service to authenticate the user each time a
page is loaded without requiring a username
and password. This cookie, known as a session
cookie, is transmitted on every page load
request, which means theres more
opportunity to capture one of these cookies.
(Gold, 2011) With this cookie, the hacker is
able to inject it into their own browser, go to
the Facebook site, and theyll be
automatically logged in with the victims
account.
From here, the hacker has a potentially
unlimited amount of data they can steal,
including the victims name, email address,
friends names, hometown, contact details, or
anything the user has decided to put on the
site, even if its not public. Without knowing
the users password, some things cant be
changed, but having the users email address
is the starting point for another attack.
(Hawdon, 2011)
In the worst case scenario, if the victims
password was captured, and that user uses
the same password for all of their accounts,
then theyve given the hacker to an almost
infinite amount of information about
themselves, which could be used for
Identification Theft. From a companys point
of view, if their business details were stolen,
the consequences would be so severe that it
could be enough to put them out of business.
Strengthening Wi-Fi
Encryption
When the IEEE 802.11 standard was defined,
there were concerns over how secure sending
data over airwaves would be. To remedy this,a standard of encrypting data was proposed.
As mentioned earlier, WEP was created to
make Wi-Fi networks more secure, and was
advertised as being as secure as a wired
network. In reality though, a WEP encrypted
network can be cracked into anywhere
between 5 to 30 minutes depending on how
busy the network is at the time of the attack.
(Rowan, 2010) This lead to the developmentof a more secure encryption protection
known as Wi-Fi Protected Access (WPA).
WPA uses the same encryption technique as
WEP, but treats the IV with a little more care,
increasing the size from 24bit to 48bit. This
means the collision issue from WEP is
practically eliminated; causing the WEP based
attack to be rendered useless. WPA adds
another layer of protection in called MIChael,which also protects the network from the kind
7/29/2019 The Threats to Security Associated With Using Wi-Fi
4/6
4 | P a g e
Robert Ian Hawdon
of attack used in WEP, known as a replay
attack where the attacker floods the WEP
network with packets to make an IV collision
occur more regularly. When the WPA network
detects a replay attack (which is achieved
when it sees two identical packets occur in a
minute) it will shut down the whole network
for another 60 seconds, this would make
hacking a WPA network very time consuming
and impractical.
WPA also has two modes of operation, the
most commonly used mode is WPA-PSK (Wi-Fi
Protected Access Pre Shared Key) where
both the access point, and the client know a
password which is needed to connect to the
wireless network. This has a similar issue that
WEP has in that the keys are rarely changed.
Weak passphrases can be brute forced, but
like any authentication system, care should be
taken to make sure a strong passphrase is
used. All WPA-PSK keys are 256bit, which is
more secure than the stronger WEP key
options.
The other mode WPA can be used in is an
Enterprise level using WPA-EAP (Wi-Fi
Protected Access Extensible Authentication
Protocol), this requires hardware that can use
this method of encryption such as a RADIUS
server. This method of encrypting on WPA
gives each device on the network a unique
key that cant be changed by the user. This is
by far the most secure option in terms of the
protection of sensitive data, but WPA (andWPA2) Wi-Fi enabled access points are still
vulnerable to other kinds of attacks sucks as
Denial of Service (DoS). (Odhiambo, Biermann
and Noel, 2009)
WPA was a stopgap used to address the issues
with WEP on old hardware, new hardware
supports a revised standard, WPA2, which
strengthens the network further, by using
Robust Security Network (RSN). RSNintroduces the concept of a 4 way handshake
which is another step taken to secure the
network, this is done when the client access
the access point. (The Institute of Electrical
and Electronics Engineers, Inc., 2004)
Using Wi-Fi in the
workplace
Does this mean Wi-Fi shouldnt be used in the
workplace? It would be a bit impractical to
boycott Wireless network access in a
workplace all together, as there would be
other ways to penetrate into a company viathe use of Trojen horses, any part of the
companys network thats publically available
online, or even by tricking an employee
though social engineering. (Wang, 2003)
Instead, care should be taken to ensure that a
wireless network cant be breached by any
amateur wannabe hacker. (Fourati, Ayed
and Banzekri, 2004)
Firstly, choosing the right kind of encryption isvital; a small company with only a few
employees wouldnt generally need to bother
with enterprise WPA2 as the equipment
needed to set up such a network would be
impractical when the personal WPA2-PSK
method is still secure enough. In a large
enterprise, the more secure solution, with a
RADIUS server should be used. Unsecure
networks and WEP networks should never be
used, especially when sensitive data could be
sent over the network.
Secondly, most routers, and/or access points
have the option of filtering by MAC (Media
Access Control) address, whilst this wont stop
anyone from viewing unsecured or WEP
traffic, it will stop them from connecting to
the network in question. This can be
overcome by more serious hackers if they
know a MAC address of a computer that is
trusted on the network (which could be
7/29/2019 The Threats to Security Associated With Using Wi-Fi
5/6
5 | P a g e
Robert Ian Hawdon
acquired though the use of a packet sniffer),
and make their network card spoof another
MAC specifically to connect to the
compromised network.
Finally, the company can opt for their access
points to not broadcast its SSID (Service Set
IDentifaction), which will make their network
invisible, or appear as an unnamed network.
This would then require the user to know
both the SSID as well as the encryption key
needed to gain access. This isnt
recommended though, as SSID requests will
be sent in plain text, and its also possible for
a hacker to fake an access point to capture
data. (Davies, 2007)
Conclusion
In conclusion, there is no sure way of securing
a wireless network connection and using a
wired connection is far more secure. But if a
wireless connection is nessessary, using the
newer encryption methods such as WPA2 is
currently the most secure way of ensuring
data is kept safe.
7/29/2019 The Threats to Security Associated With Using Wi-Fi
6/6
6 | P a g e
Robert Ian Hawdon
Works CitedBradbury, D. (2011) 'Hacking wifi the easy
way', Network Security, vol. 2011, no. 2,
February, pp. 9-12.
Davies, J. (2007) Non-broadcast Wireless
Networks with Microsoft Windows, 19 April,
[Online], Available:
http://technet.microsoft.com/en-
us/library/bb726942.aspx#EDAA [29 January
2012].
Fourati, A., Ayed, H.K.B. and Banzekri, A.
(2004) 'Security issues of M-commerce over
hotspot networks', 2004 IEEE Wireless
Communications And Networking Conference
(Vol 1-4), New York, 873-878.
Gold, S. (2011) 'The cookie monster',
Computer Fraud & Security, vol. 2011, no. 9,
September, pp. 12-15.
Hawdon, R.I. (2011) How To Hack Into A
Friend's Facebook Account, 9 December,
[Online], Available:
http://robertianhawdon.me.uk/blog/2011/12
/09/how-to-hack-into-a-friends-facebook-
account/[25 January 2012].
Odhiambo, O.N., Biermann, E. and Noel, G.
(2009) 'An integrated security model for
WLAN', AFRICON, 2009, Nairobi, 1-6.
Rowan, T. (2010) 'Negotiation WiFi security',
Network Security, vol. 2010, no. 2, February,
pp. 8-12.
Saito, W.H. (2011) 'Our Naked Data', Futurist,
vol. 45, no. 4, July/August, pp. 42-45.
The Institute of Electrical and Electronics
Engineers, Inc. (2004) 'IEEE Standard for
Information technology
Telecommunications and information
exchange between systems Local and
metropolitan area networks Specific
requirements - Part 11: Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY)
specifications - Amendment 6: Medium
Access Control (MAC) Security
Enhancements', IEEE Std 802.11i-2004, New
York, 1-190.
Wang, W. (2003) Steal This Computer Book 3,
San Francisco: No Starch Press, Inc.
http://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://robertianhawdon.me.uk/blog/2011/12/09/how-to-hack-into-a-friends-facebook-account/http://technet.microsoft.com/en-us/library/bb726942.aspx#EDAAhttp://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA