WiFi is amazing, it makes connections to the internet simple and wireless. It’s become essential to many of us thanks to its convenience. However, this also makes wifi a great target for hackers. In this article, we will be going over a few ways hackers can kick or prevent devices from connecting to WiFi.
Deauthentication
This attack leverages the fact that most WiFi networks do not use encrypted management frames. Management frames are what allow routers and clients to communicate. With the exception of 802.11w, all wifi standards don’t encrypt management frames. To perform the attack, the attacker first finds the target AP mac and a client mac if necessary. Using tools like aireplay-ng, the attacker can send fake deauthentication frames to either a specific target or all the clients on a network, causing them to disconnect. This attack is less effective against mesh networks and can be mitigated with 802.11w.
Disassociation
Similar to the deauthentication attack with the difference being what management frame is exploited.
Beacon Flood
Beacons are what routers use to tell clients they’re there. On mesh networks routers send out beacon frames with the same ESSID and the device is able to determine that and put them all into one option. Beacon flood attacks work by sending out beacons with names similar to the real network. The target device (and devices nearby) will see hundreds of different WiFi options and be confused about which one to pick. This attack does not work if the target is already connected.
Authentication Flood
Authentication Floods are exactly what they sound like. By Sending many authentication attempts at a router it may crash or become unresponsive. This attack can be easily performed by the mdk4 tool. The attack is no longer effective as most routers now have countermeasures in place for this attack.
Michael Countermeasures Exploitation
The Michal Countermeasures Exploit works by taking advantage of a countermeasure in the TKIP algorithm. By sending random packets or two Michael MIC Failure Reports to the router all clients authenticated using TKIP will be disconnected for one minute. By performing the attack every minute all clients on TKIP are DOSed. This Attack is mitigated by using the CCMP algorithm which is the default on most routers.
EAPOL Start and Logoff Packet Injection
EAPOL is the communication protocol between clients and routers used to establish an encrypted connection. To perform an EAPOL start attack the attacker sends many EAPOL start messages to the router. The router gets overloaded with connection attempts and real clients can’t connect. The EAPOL log off attack targets clients instead. The attacker sends EAPOL log off packets to the target. This tricks the client into dropping the connection attempt. Both of these attacks don’t work if the client is already connected.
WIDS Confusion
WIDS stands for wireless intrusion detection system. It helps increase the security of networks by detecting rouge access points. WIDS confusion attacks work by connecting clients to multiple WIDS nodes and confusing the systems. This messes with routing tables and prevents data from going where it should.
Packet Fuzzer
A packet fuzzer sends modified packets to routers in an attempt to crash or confuse them. If this works then the router is unable to serve clients, making the attack successful.
Radio Flooding
This attack floods the air with radio waves in an attempt to drown out the other waves. This attack is indiscriminate but also impractical as it requires specialized equipment (also illegal in most countries). The attack can be mitigated by switching channels (unless all channels are being jammed).
Conclusion
Although WiFi is great, it’s not the most secure thing in the world. Most of the attacks mentioned above can be mitigated however most networks do not have such protections in place. The best way to make sure such attacks don’t happen in the real world is if manufacturers implement security features and consumers update their products.
Happy Hacking~!
Leave a Reply
You must be logged in to post a comment.