WiFi, a hacker’s dream

28 May

wifi

The average user doesn’t give WiFi security much thought. As far as they’re concerned, it’s just as safe as wired networks and that’s where the fun begins. I did a few experiments in order to find out if hacking into someone else’s access point is really that hard. This is a lengthy article, but I didn’t want to divide it into separate posts.

The basics
Let’s start with the basics. Wi-Fi (also spelled Wifi or WiFi) is a technology allowing electronic devices to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any “Wireless Local Area Network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers’ (IEEE) 802.11 standards”. However, since most modern WLANs are based gained controlon these standards, the term “Wi-Fi” is used in general English as a synonym for “WLAN”. (more: Wikipedia)

Most modern routers come with an integrated wireless access point. It gives you a choice: connect cables to the integrated multi-port switch, use WiFi, or a combination of both. In my home both are used: desktops are wired, notebooks, smartphones and tablets use WiFi.

secure-wifi

Security
When your access point is open (e.g. no password), everyone in range can use your Internet connection and peek into your internal network. That’s not a smart idea. Someone might abuse your connection to send threatening e-mails or download porn – and your IP address is attached to the messages and downloads. Your house might be raided by a SWAT team, and this actually happened not too long ago.

It is obvious you should protect your network to the best of your abilities. If you go into the Web interface of your router/access point, you will be presented with a number of options. Below a typical screen.

Security

  1. Disable Security, no password. Bad idea, see above.
  2. WEP (Wired Equivalent Privacy).  Bad idea too, can be hacked in minutes because the key is transmitted over the air in plain text at regular intervals.
  3. WPA/WPA2 (Wi-Fi Protected Access). Acceptable.
  4. WPA2/WPA2-PSK. Best option. The abbreviation PSK stands for Pre-Shared Key. You define the key (pass phrase) yourself and share it with others in the family. WPA2 can use AES encryption.

Do not use ‘WiFi Protected Setup“, an automated system which was invented to make setup easier for unexperienced users. In this system you press and hold a button on the router or access point to send the key to a new device. Because the key is transmitted over the air, it can be picked up.

OK, I did everything right. Am I still vulnerable?
Unfortunately the answer is “Yes”. Any signal transmitted over the air can be intercepted and inspected. Not too long ago hacking into WiFi was the domain of seasoned hackers, but times changed. Anyone can get hold of so-called sniffers and other tools to get into your system. A good example is Kali Linux, a cover-it-all distribution specifically designed to discover security flaws.

kali-linux

If someone is really committed, finding the right key is just a matter of time. I used some tools and tried to get into my own system. In order to mimic a real life situation, none of the devices present in my home network were protected in any way. I also shared a directory present on a Windows XP desktop, something commonly done.

To make it easier, my WiFi key was the shortest possible (8 characters), something many people think is just fine. It took a while, but I got in and could surf the Internet for free. After that I picked up my Android phone on which three special apps were installed. These apps are also available for the iPhone.

  1. Fing. This program scans a network, finds all devices, and shows supported protocols you can use to access them.
  2. AndSMB. This program is used to access shared files and directories on networks.
  3. AndFTP. This program uses the FTP protocol which is used by some devices.

This is what I could see and do:
– See all devices present in the network,
– Open, download, move, replace or delete files on any NAS or shared directory,
– Upload files (could be used to plant viruses or worms)
– Open ports in the router/firewall for later (ab)use

And more. If I would have had a Samsung Smart TV, I could have gained control over it.

Screenshot_2013-05-28-13-40-20

Scanning the network, 13 devices found, selecting the PLAYONHD media player

Screenshot_2013-05-28-13-44-44

Scanning for protocols, selecting SMB

Screenshot_2013-05-28-13-44-55

Selecting Samba client

Screenshot_2013-05-28-13-45-02

No password needed, so can be erased

Screenshot_2013-05-28-13-45-23

And there’s the directory structure.

Screenshot_2013-05-28-13-46-02

What can I do here apart from listening to the music?

Screenshot_2013-05-28-13-51-23

Checking the shared directory on the IBM computer. Login with Guest/Guest. A password file, a passport scan, AMEX info. Nice!

Some prevention tips:

  1. Use the best security protocol and make the key as long as possible instead of only 8 characters
  2. Hide the SSID of your access point
  3. Avoid using wireless for financial transactions
  4. Password-protect shared devices and directories
  5. Limit access to your devices only based on their MAC Address
  6. Being paranoid is good. Switch off WiFi when there’s nobody home.

Source: http://sacredsilicon.wordpress.com/2013/05/28/wifi-a-hackers-dream/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: