Chapter 8: Wireless Hacking

OVERVIEW

Wireless technology hit the American market more than 60 years ago during the World War I, World War II era. However, due to the perceived threats to national security, it was deemed for military use only. Today, wireless computing is in the steep upside climb toward its peak in the marketplace ; likewise are the technology hype, feature development, and insecurities surrounding wireless. In 1999, approximately 1.4 million wireless local area network (WLAN) transceivers were distributed worldwide. Only one year later, in 2000, the number nearly quadrupled to 4.9 million, and the numbers are expected to keep growing until 2006, when nearly 56 million WLAN transceivers are projected to be distributed. This growth would represent a predicted $4.5 billion market, according to recent Allied Business Intelligence reports .

802.11 wireless networks should not be confused with their cousin Bluetooth, which was developed by a commercial coalition , including Ericsson, Motorola, and Microsoft. 802.11 networks currently transmit on the 2GHz and 3GHz bands, although development and prototypes have been created to work on the 5GHz band . Due to the relatively quick development time and the initial specification for the 802. x protocols and the Wired Equivalent Privacy (WEP) algorithm, numerous attacks, cracks, and easy-to-use tools have been released to irritate such technology innovators.

In this chapter, we will discuss the more important security issues, countermeasures, and core technologies publicly identified in the 802.11 realm to date, from the perspective of the standard attack methodology we have outlined earlier in the book: footprint, scan, enumerate, penetrate , and, if desired, deny service. Because wireless technology is somewhat different in attack techniques when compared to wired devices, our methodology combines the scan and enumerate phases into one cohesive stage. The three leading 802.11 protocols802.11a, 802.11b, and 802.11gwill be covered.

You can expect to see the latest tools and techniques that hackers use during their war-driving escapades to identify wireless networks, users, and authentication protocols, in addition to penetration tactics for cracking protected authentication data and leveraging poorly configured WLANs. Also, numerous vendor configurations and thirdparty tools will be highlighted so that site administrators will gain a step up in defending their wireless users and networks.

At the end of this chapter, you should be able to design, implement, and use a modern war-driving system capable of executing most of the latest attacks on your wireless networkas well as defend against such attacks.