Are demons wake up at dusk? Wardriving and warchalking

WiFi networks security

WiFi networks are ubiquitous, they are in coffee shops, cinemas, shopping centers etc. Hot-spots are even on the streets. People get used to have an access to the network 24 hours a day. However, the wireless medium carries the risk of intrusion and unauthorized access. It is a natural consequence. When we thing about cable network, we know, that if someone would like to connect then he/she has to use a cable. In the case of WiFi network everyone is able to connect if the network is not properly secured. In the era of fast computers collapse of basic security is a breeze. We can say that it is a matter of ten minutes with the watch on your wrist to break the basic protection of WiFi network. It is ridiculous that despite this, people still do not protect their networks properly. It is not difficult to find a home hotspot with WEP access point or not difficult passwords like: the name of a loved one, pet’s name or a standard one (e.g. admin, root, 12345 etc.). This is a playing field for minor hackers who can make for fun more harm than good. Therefore, the perfect WiFi network should be confidential (only the authorized recipient have can receive data), integral (data cannot be changed by an unauthorized user) and debt (authentication of data source, i.e. the data can came only from a reliable source).

How to do it in order to not harm?

If you would know how to crack WiFi networks, you have to know what threatens to the networks at first. Unauthorized users can eavesdrop network or they can attack the network using different technique e.g. DoS, WEP, MITM.

The first and the simplest situation is when server uses a Mac Filtering (intruder can find clients MAC and change own MAC to client MAC) or invisible SSID (intruder has to wait for client authorization and can speed up it by sending a frame breaking). The second situation is better (from security side), i.e. administrator knows something about security and has put WEP key on the AP. The main problem is that the WEP uses the same key for all users (authentication failure). Two packets encrypted with the same key allow you to explore the information by methods of statistical analysis (lack of confidentiality). Additionally, CRC32 allows you to easily change data in the transmitted information without loss of receivables. Hackers used AiroPack application which allows you to gather a large number of packets (5 to 6 million packets = approx 20min laden AP) and then retrieve key fragment using the initial statistical analysis technique. If the application knows the initial permutation then it can easily retrieve other key fragments. The next situation is the network secured by WPA key, which is better that WEP. However, it turns out that the WPA is also breakable. In turn, WPA2 ensures confidentiality on RC4, but every time the other keys: TKIP (Temporal Key Integrity Protocol); 802.11i - integrity (i.e. instead of CRC we use MIC (Message Integrity Code)); 802.11i – authentication: PSK (Pre-Shared Key) and EAP (Extensible Authentication Protocol), Enterprise or Radius implemented in 802.11x. Still hackers can use Dictionary Attack (cannot give any results either take a very long time) but WPA-EAP, Radius are probably not breakable (for possible DoS attacks).

Motivation of network intruders

Some computer enthusiasts feel strange thrill of "seeing" the AP occurring during a ride on the computer screen / handheld. Therefore they created a specific form of entertainment - wardriving, sometimes called warchalking because it is inextricably linked with chalk :) Old hackers (long, long time ago before mammoths ;) the oldest people cannot remember when it was) organized war-games such as:

  • fox hunt - find the hidden AP,
  • AP hunt - find as many AP at given time,
  • capture the flag - find all enemy AP and then return to the base with the logo of their positions

Lot of reasons for intrusion is known. At first (the most popular) is free internet access. It does not need to explain this closer. Secondary, it can be attempt to extract data or to compromise the server. Sometimes, but rarely it is for a fun or by an accident. So anyway, burglary remain the dangerously and their number must be minimized or eliminated.

Do you like this article? Please share on Facebook or back to Knowledge Base index