WiFi security self-defense

$whoami

  • Igor Tarpan
  • 2009 – 2013: Military Academy “Alexandru cel Bun” Chisinau
  • 2013 – 2017: Networking team National Army                                        Server/Service team National Army                                    Security team National Army
  • 2017 – Present : Information Security Engineer at Starlab 

WiFi protocol (IEEE 802.11)

WiFi protocol (IEEE 802.11)

b,g,n  

2.4 GHz up to 600 Mbit/s

a,ac

5 GHz up to 3466 Mbit/s

WiFi deffence

  • Protocols

    WEP
    WPA/WPA2
    Authetntication: PSK / EAP
    WPS
    Chipher: AES, TKIP

  • Aditional Techincs:

    Hide SSID
    MAC addres filtering

  • IEEE 802.1X Authentication

WEP attack !

WEP Security

  • 10 000 broadcast packets what's all what I need !
  • Type (ARP,ICMP, IPv6-NDNP)
  • Fragmentation frame attack

Only my granny WEP

WPS Security

WPS Security

 

  • 8 digits pin = 100 000 000

  • Last simbol is checksum

  • Remain 7 digits pin =  10 000 000

  • COOL !

  • M4, M6 and EAP-NACK packets

  • 1 part = 4 digits (10 000)

  • 2 part = 3 digits (1000)

  • 11 000 < 100 000 000

IEEE 802.1X

Typical authentication progression

 

 

 - Initialization 

 - Initiation 

 - Negotiation

 - Authentication 

IEEE 802.1X

Typical authentication progression

 

 

 - Initialization 

 - Initiation 

 - Negotiation

 - Authentication 

Demo Wigle

WPA/WPA2 hacking

WPA / WPA 2

  • Home of office use
    • PSK (AES or TKIP)
    • AES international cryptography standard 
    • TKIP (use pack to pack encryption)
  • Company or industrial
    • EAP (Extensible Authentication Protocol
      • EAP Transport Layer Security
      • EAP-MD5
      • EAP Protected One-Time Password
      • EAP Pre-Shared Key
      • EAP Tunneled Transport Layer Security
      • EAP Internet Key Exchange

Password cracking

Top 100 passwords
Top 1000 passwords
Top 10 000 passwords
Top 99.99 passwords

Password Min Max 63

Password pattern

Name+(2-4)
Lastname+(2-4)
name+(2-4)
lastname+(2-4)
Nr.tel+name
Nr.tel
Company+(2-4)
Company+(2-4)

 

Demo password generation

Tool Mentalist and deauth

How to protect ?

  • Use hard password (I know you will not)

  • Make misspelling in your password
    Iggor
    Igariok
    Tarrpan
    Gromeara
    Anndreii

    * Separate networks

WiFi Evil Twin

WiFi Evil Twin

Ewill twin attack

Tool fluxion

How to protect ?

Open WIFI

Open WIFI

  • Park WIFI
  • Cafe WIFI
  • Hotels WIFI
  • Airport WIFI
  • University /School WIFI
  • Operators WIFI
  • etc...

How to find ?

Wiredriving

  • WiGLE
  • https://wigle.net
  • WiGLE Android

 

Demo Wigle

wigle.net and tool mdk3

How to protect ?

Karma attack

How Karma attack work

Hey Internet FREE ?

Hey Park WIFI ?

Hey Star Kebab Free WIFI ?

Hey Internet gratis ?

Hey Restaurant Codru ?

Hey Guest WIFI ?

How Karma attack work

I am Internet FREE  !

I am Park WIFI !

I am Star Kebab Free WIFI !

I am Internet gratis !

I am Restaurant Codru !

I am Guest WIFI !

Demo Mana toolkit

Tool mana toolkit

How to protect ?

At the end 

 

  • Use only WPA2
  • Do not connect to open wifi
  • Turn off WIFI card when you not use it
  • Disable auto connect to WIFI networks
  • Beware strange messages in browser
  • Use VPN (buy or create your own)

I am a hacker !!!

"With great power comes great responsibility"

Questions ?

Contacts:
Facebook: Igor Tarpan
e-mail: hi@tigorv.com , itarpan@starlab.md

Made with Slides.com