Everything you thought you knew about WiFi is flawed. Operational and personal use of 802.11/WiFi is a weak link in terms of OPSEC and being able to keep yourself safe from identity theft. It is the gateway to collection, exploitation, and attacks that may not have been available had you been on a wired network. As with other frequently used network services, WiFi was not designed with security in mind. Think of it as the doggie door of network security; most people cannot get through the door, however, some can and some do.
The number and types of attacks available to anyone with a laptop and web connection is significant. Wireless can be abused and exploited at various layers to include the RF (Radio Frequency) spectrum, hardware, and application-level services. Personally identifiable information (PII) and proprietary information can be stolen, services can be poisoned, software can be corrupted, and hardware can be controlled by the attacker. Identify theft through credential harvesting when on public WiFi is the most common threat one faces today. Even if the café you work at uses a password to connect, don’t you think an attacker knows the same password? All he has to do is sit in the café and collect wireless frames being transmitted, and then later decrypt all the traffic offsite. Or, even more insidious, he can exploit your wireless traffic in real time since he knows the encryption key.
When working overseas, the 802.11/WiFi attacks surface and vulnerabilities increase. The consequences of a successful attack are more significant when operational. An adversary can determine one’s actual and virtual “pattern of life” (POL), credentials passed via web-based communications techniques and more. Some of you are thinking, “But wait, my sessions are encrypted with SSL or TLS, and I have the little green lock in my URL bar telling me I’m safe.” Every time I hear this, I smile because there are various ways to conduct a “man-in-the-middle” (MITM) attack and bypass these security mechanisms. When on public WiFi, it’s even easier. With some of the automated tools and scripts these days, even a kid can do it.
You've reached your daily free article limit.
Subscribe and support our veteran writing staff to continue reading.
Everything you thought you knew about WiFi is flawed. Operational and personal use of 802.11/WiFi is a weak link in terms of OPSEC and being able to keep yourself safe from identity theft. It is the gateway to collection, exploitation, and attacks that may not have been available had you been on a wired network. As with other frequently used network services, WiFi was not designed with security in mind. Think of it as the doggie door of network security; most people cannot get through the door, however, some can and some do.
The number and types of attacks available to anyone with a laptop and web connection is significant. Wireless can be abused and exploited at various layers to include the RF (Radio Frequency) spectrum, hardware, and application-level services. Personally identifiable information (PII) and proprietary information can be stolen, services can be poisoned, software can be corrupted, and hardware can be controlled by the attacker. Identify theft through credential harvesting when on public WiFi is the most common threat one faces today. Even if the café you work at uses a password to connect, don’t you think an attacker knows the same password? All he has to do is sit in the café and collect wireless frames being transmitted, and then later decrypt all the traffic offsite. Or, even more insidious, he can exploit your wireless traffic in real time since he knows the encryption key.
When working overseas, the 802.11/WiFi attacks surface and vulnerabilities increase. The consequences of a successful attack are more significant when operational. An adversary can determine one’s actual and virtual “pattern of life” (POL), credentials passed via web-based communications techniques and more. Some of you are thinking, “But wait, my sessions are encrypted with SSL or TLS, and I have the little green lock in my URL bar telling me I’m safe.” Every time I hear this, I smile because there are various ways to conduct a “man-in-the-middle” (MITM) attack and bypass these security mechanisms. When on public WiFi, it’s even easier. With some of the automated tools and scripts these days, even a kid can do it.
I thought the SOFREP readership might enjoy seeing a list of some of the vulnerabilities associated with using WiFi and some of the tools at our disposal to abuse this ubiquitous service. This list is just meant to inform you of some of the freely available, open-source tools that anyone can download and run. For those readers that want to know how the threat/vulnerability/tool cycle works for this subject, I’ve created a table below. If you’re interested in learning more, you can find lots of videos on Youtube and Vimeo, or just Google the “tool” in question. I created the table with the SOFREP community in mind. A regular civilian would have little concern about their pattern of life (POL) unless they were being specifically targeted. Same goes for safe-house locations and SDR cover-stop discovery—meaningful in the SOF world, not so much in the regular world.
The majority of attack vectors and tools available for use against 802.11 are free and simple to use. In the hands of a skilled attacker, they are devastating and could result in identity theft, operational discovery, or more.
Some threats, vulnerabilities, and attack tools are listed below:
Threat | Vulnerability | Tool |
---|---|---|
POL Discovery | Preferred Network List | Kismet, Airmon-ng, WiFi Pineapple |
Bed-Down/Safe House Location Discovery | Preferred Network List | Kismet, Airmon-ng, WiFi Pineapple |
Surveillance Detection Route (SDR) Cover Stop Discovery | Preferred Network List | Kismet, Airmon-ng, WiFi Pineapple |
Web Traffic Decryption | Weak Encryption/Weak Password | Aircrack-ng, Gerix WiFi Cracker, Wireshark, John, Cain |
Session Abuse/Credential Harvesting | Using 802.11/Weak Encryption/Weak Password/Access Point Fuzzing/Weak Session Security | GreaseMonkey, Burp Sequencer, Burp Intruder, BeEF, Nikto, Cain & Abel, Durzosploit, FireSheep, SSLStrip |
Denial of Service | Using 802.11 | Any radio that can create more RF noise than the 802.11 Access Point |
Remote Code Execution resulting in Remote Attacker Access | Various 802.11 drivers, OS vulnerabilities, vulnerable 3rd party applications, unpatched systems | Karmetasploit, WiFi Pineapple, Burp Suite, Cain & Abel, Metasploit, Various Exploits available on the Web |
DNS Cache Poisoning resulting in DoS and others attacks | Using 802.11 and others | Jizz, Ettercap, Metasploit |
Promotion of Delta Force Trained General Who Led 82nd Airborne Division During Afghanistan Evacuation Held Up By Senate
Navy Removes Yet Another Officer From Command
Captain Lacie Hester First Woman in Air Force History to Be Awarded Silver Star
US Marine Corps Achieves Full Capability for MK 22 Sniper Rifle
Inside Delta Force: America’s Most Elite Special Mission Unit
Join SOFREP for insider access and analysis.
TRY 14 DAYS FREEAlready a subscriber? Log In
COMMENTS
You must become a subscriber or login to view or post comments on this article.