Everything you thought you knew about WiFi is flawed. Operational and personal use of 802.11/WiFi is a weak link in terms of OPSEC and being able to keep yourself safe from identity theft. It is the gateway to collection, exploitation, and attacks that may not have been available had you been on a wired network. As with other frequently used network services, WiFi was not designed with security in mind. Think of it as the doggie door of network security; most people cannot get through the door, however, some can and some do.

The number and types of attacks available to anyone with a laptop and web connection is significant. Wireless can be abused and exploited at various layers to include the RF (Radio Frequency) spectrum, hardware, and application-level services. Personally identifiable information (PII) and proprietary information can be stolen, services can be poisoned, software can be corrupted, and hardware can be controlled by the attacker. Identify theft through credential harvesting when on public WiFi is the most common threat one faces today. Even if the café you work at uses a password to connect, don’t you think an attacker knows the same password? All he has to do is sit in the café and collect wireless frames being transmitted, and then later decrypt all the traffic offsite. Or, even more insidious, he can exploit your wireless traffic in real time since he knows the encryption key.

When working overseas, the 802.11/WiFi attacks surface and vulnerabilities increase. The consequences of a successful attack are more significant when operational. An adversary can determine one’s actual and virtual “pattern of life” (POL), credentials passed via web-based communications techniques and more. Some of you are thinking, “But wait, my sessions are encrypted with SSL or TLS, and I have the little green lock in my URL bar telling me I’m safe.” Every time I hear this, I smile because there are various ways to conduct a “man-in-the-middle” (MITM) attack and bypass these security mechanisms. When on public WiFi, it’s even easier. With some of the automated tools and scripts these days, even a kid can do it.

I thought the SOFREP readership might enjoy seeing a list of some of the vulnerabilities associated with using WiFi and some of the tools at our disposal to abuse this ubiquitous service. This list is just meant to inform you of some of the freely available, open-source tools that anyone can download and run. For those readers that want to know how the threat/vulnerability/tool cycle works for this subject, I’ve created a table below. If you’re interested in learning more, you can find lots of videos on Youtube and Vimeo, or just Google the “tool” in question. I created the table with the SOFREP community in mind. A regular civilian would have little concern about their pattern of life (POL) unless they were being specifically targeted. Same goes for safe-house locations and SDR cover-stop discovery—meaningful in the SOF world, not so much in the regular world.

Man in the Middle Attack Diagram

The majority of attack vectors and tools available for use against 802.11 are free and simple to use. In the hands of a skilled attacker, they are devastating and could result in identity theft, operational discovery, or more.

Some threats, vulnerabilities, and attack tools are listed below:

Threat Vulnerability Tool
POL Discovery Preferred Network List Kismet, Airmon-ng, WiFi Pineapple
Bed-Down/Safe House Location Discovery Preferred Network List Kismet, Airmon-ng, WiFi Pineapple
Surveillance Detection Route (SDR) Cover Stop Discovery Preferred Network List Kismet, Airmon-ng, WiFi Pineapple
Web Traffic Decryption Weak Encryption/Weak Password Aircrack-ng, Gerix WiFi Cracker, Wireshark, John, Cain
Session Abuse/Credential Harvesting Using 802.11/Weak Encryption/Weak Password/Access Point Fuzzing/Weak Session Security GreaseMonkey, Burp Sequencer, Burp Intruder, BeEF, Nikto, Cain & Abel, Durzosploit, FireSheep, SSLStrip
Denial of Service Using 802.11 Any radio that can create more RF noise than the 802.11 Access Point
Remote Code Execution resulting in Remote Attacker Access Various 802.11 drivers, OS vulnerabilities, vulnerable 3rd party applications, unpatched systems Karmetasploit, WiFi Pineapple, Burp Suite, Cain & Abel, Metasploit, Various Exploits available on the Web
DNS Cache Poisoning resulting in DoS and others attacks Using 802.11 and others Jizz, Ettercap, Metasploit

If you enjoyed this article, please consider supporting our Veteran Editorial by becoming a SOFREP subscriber. Click here to get 3 months of full ad-free access for only $1 $29.97.