Wireless Hacking: A Wi-Fi Hack
SAYYAD SAJID
9021399298
Abstract – Wireless Networks or WLANS is
what everybody wants today. These networks
offer more mobility, more flexibility and more
cost effectiveness than the traditional wired
networks. Wireless Networks are getting used in
houses, offices, organizations and many more.
With this huge demand many vendors are
coming forward with new devices and solutions.
But are these networks offer the level of security
that is offered by the wired networks? This is
what is discussed in this paper. Wireless
networks have their own and sometimes more
critical security issues. So the main focus of this
paper is Ethically Hacking the wireless
networks and checking the vulnerabilities
present in them. We will have a look at the
different hacking tools like NetStumbler, cain
and kismet, using them ethically to protect our
air privacy and making our network more
difficult to attack.
Keywords - Wireless Hacking; WEP; Kismet;
Cain; NetStumbler
I. INTRODUCTION
The Institute of Electrical and Electronics
Engineers (IEEE) provides 802.11 set of standards
for WLANs. The wing ".11" refers to a subset of
the 802 group which is the wireless LAN working
group. Many industry groups are involved in work
with wireless systems, however the IEEE 802.11
working group and the Wi-Fi Alliance came out as
key troupes. At present, Wi-Fi schemes shaped a
demand in the market and they are in reality
everywhere. But by this augmented exposure
comes the amplified risk, the extensive use of
wireless systems has facilitated make them a huge
target than the IEEE ever negotiated for. (Not many
flaws such as the Wired Equivalent Privacy (WEP)
[3] in the 802.11 wireless network protocol help
things, either. Through the expediency, cost
reserves, and efficiency gains of wireless networks
raise security risks.
The regular security issues, like weak passwords,
spyware, and missing patches are not the things
that are going to matter. Networking with no wires
brings in an intact new set of vulnerabilities from
an entirely different point of view. Here comes the
concept of ethical hacking. Ethical hacking,
occasionally called as white-hat hacking is the use
of hacking to check and advance the defenses
against unethical hackers. It may be compared to
access testing and susceptibility testing, but it goes
even deeper. Ethical hacking entails the usage of
same tools and practices the bad guys make use of,
however it also involves wide range forefront
planning, a set of precise tools, multifaceted testing
methodologies, and adequate report to fix any
problems before the bad guys exploit our privacy.
II. EXPLORING ETHICAL HACKING
We’ve all heard of hackers. Many of us have even
heard the consequences of hacker actions. So who
are these hackers? Why is it important to know
about them? First we will see what is a Hacker
actually,
A. Defining hacker
Hacker is a word that has two meanings:
 Traditionally, a hacker is someone who
likes to tinker with software or electronic
systems. Hackers enjoy exploring and
learning how computer systems operate.
They love discovering new ways to work
electronically.
 Recently, hacker has taken on a new
meaning that someone who maliciously
breaks into systems for personal gain.
Technically, these criminals are crackers
(criminal hackers). Crackers break into
(crack) systems with malicious intent.
They are out for personal gain: fame,
profit, and even revenge. They modify,
delete, and steal critical information, often
making other people miserable.
B. Defining Ethical hacking
also known as penetration testing or white-hat
hacking involves the same tools, tricks, and
techniques that hackers use, but with one major
difference: Ethical hacking is legal. Ethical hacking
is performed with the target’s permission. The
intent of ethical hacking is to discover
vulnerabilities from a hacker’s viewpoint so
systems can be better secured. It’s part of an
overall information risk management program that
allows for ongoing security improvements. Ethical
hacking can also ensure that vendor’s claims
about the security of their products are legitimate.
III. DANGERS OF HACKING
Just going deep into the ethical-hacking process,
we should know a couple of terms we'll be using
throughout this paper. They are, Threat: A threat is
a sign of target to cause disturbance within an
information system. A few paradigms of threat
agents are hackers, annoyed employees, and
malware such as viruses or spyware that can inflict
disorder on a wireless network.
Vulnerability: It is a flaw inside an information
system that can be browbeaten by a threat. We'll be
seeking out Wireless network vulnerabilities all
through this paper. Going further than these nuts
and bolts, precise things can happen when
vulnerabilities have been exploited by a threat. This
state is called risk. Risks allied with vulnerable
wireless networks comprise,
• Full access to files
• Stolen passwords
• Wired network back door entry points
• DoS attacks causing productivity losses
• Violation of laws and regulations relating to
privacy,
corporate fmancial reporting, and more
• Zombies: A hacker attacks other networks using
our
system making us look like bad guys
 To crack passwords, you need a cracking
tool such as LC4, John the Ripper, or
pwdump.
A general port scanner, such as
SuperScan, may not crack passwords.
 For an in-depth analysis of a Web
application, a Web-application assessment
tool (such as Whisker or WebInspect) is
more appropriate than a network analyzer
(such as Ethereal).
Some other popular tools are,
 Nmap
 EtherPeek
 SuperScan
 QualysGuard
 WebInspect
 LC4 (formerly called L0phtcrack)
 LANguard Network Security Scanner
 Network Stumbler
 ToneLoc
V. SOMETHING IMPORTANT
Before starting the Ethical Hacking process there
are some measures that we should take care of like:
 Acquiring permission from our boss or
project sponsor or client to carry out our
tests
 Over viewing testing objectives
 Reconciling what tests to run
 Grasping the ethical hacking techniques
before
carrying out our tests.

IV. TOOLS TO BE USED VI. ATTACKS CARRIED OUT BY

ETHICAL HACKERS
As with any project, if you don’t have the right
tools for ethical hacking, Accomplishing the task
effectively is difficult. Having said that, just
because you use the right tools doesn’t mean that A. Access control attacks[1]
you will discover all vulnerabilities. Know the
personal and technical limitations. Many security- These attacks attempt to penetrate a network by
assessment tools generate false positives and using wireless or evading WLAN access control
negatives (incorrectly identifying vulnerabilities). measures, like AP MAC filters and 802.1X port
Others may miss vulnerabilities. If you’re access controls.
performing tests such as social engineering or
physical-security assessments, you may miss Type of Methods and
weaknesses. Many tools focus on specific tests, but Description
Attack Tools
no one tool can test for everything. For the same
reason that you wouldn’t drive in a nail with a War Discovering Airmon-ng,
screwdriver, you shouldn’t use a word processor to Driving wireless LANs by DStumbler,
scan your network for open ports. This is why you listening to KisMAC,
need a set of specific tools that you can call on for beacons or MacStumbler,
the task at hand. The more tools you have, the sending probe NetStumbler,
easier your ethical hacking efforts are. Make sure requests, thereby Wellenreiter,
you that you’re using the right tool for the task: providing launch WiFiFoFum
 point for further
attacks. These attacks send forged control, management or
Installing an data frames over wireless to mislead the recipient
unsecured AP or facilitate another type of attack (e.g., DoS).
Rogue
inside firewall, Any hardware or
Access creating open software AP
Points Type of Methods and
backdoor into Description
trusted network.
Attack Tools
Airpwn, File2air,
Reconfiguring an MacChanger, 802.11 Crafting and libradiate, void11,
attacker's MAC SirMACsAlot,
MAC Frame sending forged WEPWedgie,
address to pose as SMAC,
Spoofing an authorized AP Wellenreiter, Injection 802.11 frames. wnet
dinject/reinject
or station. wicontrol
Capturing
Ethernet Capture
802.1X RADIUS
+ Injection Tools
Access-Accept
B. Confidentiality attacks RADIUS or Reject
between AP and
Replay authentication
messages for
server
These attacks attempt to intercept private later replay.
information sent over wireless associations,
whether sent in the clear or encrypted by 802.11 or D. Authentication attacks
higher layer protocols.
Intruders use these attacks to steal legitimate user
Type of Methods identities and credentials to access otherwise
Description private networks and services.
Attack and Tools
Capturing and
decoding
bsd-airtools, Type of Methods
unprotected Description
Ettercap, Attack and Tools
application
Kismet, Attempting 802.11
Eavesdropping traffic to
Wireshark,
obtain Shared Key
commercial Authentication WEP
potentially
analyzers Shared Key
sensitive with guessed, Cracking
Guessing vendor default or Tools
information.
cracked WEP
Aircrack-ng, keys.
airoway,
Capturing data Recovering a
AirSnort,
to recover a WPA/WPA2 PSK coWPAtty,
chopchop,
WEP Key WEP key PSK from captured key genpmk,
dwepcrack,
Cracking using passive Cracking handshake frames KisMAC,
WepAttack,
or active using a dictionary wpa_crack
WepDecrypt,
methods. attack tool.
WepLab,
wesside Capturing user
Ace
Running credentials (e.g., e-
Password
mail address and
traditional Application Sniffer,
man-in-the- password) from
Login Theft Dsniff,
middle attack cleartext
dsniff, PHoss,
Man in the tools on an application
Ettercap-NG, WinSniffer
evil twin AP protocols.
Middle sshmitm
to intercept
TCP sessions E. Availability attacks
or SSL/SSH
tunnels. These attacks impede delivery of wireless services
to legitimate users, either by denying them access
to WLAN resources or by crippling those
C. Integrity attacks resources.
 Type of Methods considerable efforts to make people know and
Description implement use of good passwords.
Attack and Tools
Physically
removing an AP "Five finger VIII. IMPROVING SECURITY OF
AP Theft from a public discount" WIRELESS NETWORKS
space.
Exploiting the An adapter Many folks setting up wireless home networks rush
CSMA/CA Clear that supports through the job to get their Internet connectivity
Channel CW Tx mode, working as quickly as possible. That's totally
Queensland Assessment with a low- understandable. It's also quite risky as numerous
DoS (CCA) level utility to security problems can result. Today's Wi-Fi
mechanism to invoke networking products don't always help the situation
make a channel continuous as configuring their security features can be time-
appear busy. transmit consuming and non-intuitive. The
Sending EAP recommendations below summarize the steps you
802.1X type-specific should take to improve the security of your home
messages with QACafe, wireless network.
EAP
bad length fields File2air,
Length to try to crash an libradiate A. Change Default Administrator
Attacks AP or RADIUS Passwords (and Usernames)
server.
At the core of most Wi-Fi home networks is an
access point or router. To set up these pieces of
VII. FINDING THE REASONS FOR equipment, manufacturers provide Web pages that
WEAK SECURITY allow owners to enter their network address and
account information. These Web tools are protected
A. They know but... with a login screen (username and password) so
that only the rightful owner can do this. However,
Many times what happens is network for any given piece of equipment, the logins
administrators know the risks but they fail to provided are simple and very well-known to
implement necessary things about security. After hackers on the Internet. Change these settings
all everybody wants to get the network working as immediately.
soon as possible. So the administrators don’t think
that they will get hacked or they just ignore the B. Turn on (Compatible) WPA / WEP
necessary security precautions. Encryption

B. Default passwords All Wi-Fi equipment supports some form of

All the vendors provide some default Ids and
passwords with their devices for initial security
purpose. A lot of times these Ids and passwords
remain unchanged. That means any hacker can
make use of these easily known passwords and
gain access to the wireless device.
C. No use of encryption
Every WLAN device comes with some built in
encryption technology like WEP or WPA. But
many times people never implement them! What a
nice way to secure your network!
D. Weak passwords
Sometimes it very easy for hackers to get the social
information about individuals and apply simple
password guessing attack. There is need of
encryption. Encryption technology scrambles
messages sent over wireless networks so that they
cannot be easily read by humans. Several
encryption technologies exist for Wi-Fi today.
Naturally you will want to pick the strongest form
of encryption that works with your wireless
network. However, the way these technologies
work, all Wi-Fi devices on your network must
share the identical encryption settings.
C. Change the Default SSID
Access points and routers all use a network name
called the SSID. Manufacturers normally ship their
products with the same SSID set. For example, the
SSID for Linksys devices is normally "linksys."
True, knowing the SSID does not by itself allow
your neighbors to break into your network, but it is
a start. More importantly, when someone finds a
default SSID, they see it is a poorly configured
network and are much more likely to attack it.
Change the default SSID immediately when
configuring wireless security on your network.
D. Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique
identifier called the physical address or MAC
address. Access points and routers keep track of the
MAC addresses of all devices that connect to them.
Many such products offer the owner an option to
key in the MAC addresses of their home
equipment, that restricts the network to only allow
connections from those devices. Do this, but also
know that the feature is not so powerful as it may
seem. Hackers and their software programs can
fake MAC addresses easily.
E. Disable SSID Broadcast
In Wi-Fi networking, the wireless access point or
router typically broadcasts the network name
(SSID) over the air at regular intervals. This feature
was designed for businesses and mobile hotspots
where Wi-Fi clients may roam in and out of range.
In the home, this roaming feature is unnecessary,
and it increases the likelihood someone will try to
log in to your home network. Fortunately, most
Wi-Fi access points allow the SSID broadcast
feature to be disabled by the network administrator.
F. Do Not Auto-Connect to Open Wi-
Fi Networks
Connecting to an open Wi-Fi network such as a
free wireless hotspot or your neighbor's router
exposes your computer to security risks. Although
not normally enabled, most computers have a
setting available allowing these connections to
happen automatically without notifying you (the
user). This setting should not be enabled except in
temporary situations.
G. Assign Static IP Addresses to
Devices
Most home networkers gravitate toward using
dynamic IP addresses. DHCP technology is indeed
easy to set up. Unfortunately, this convenience also
works to the advantage of network attackers, who
can easily obtain valid IP addresses from your
network's DHCP pool. Turn off DHCP on the
router or access point, set a fixed IP address range
instead, then configure each connected device to
match. Use a private IP address range (like
10.0.0.x) to prevent computers from being directly
reached from the Internet.
H. Enable Firewalls On Each
Computer and the Router
Modern network routers contain built-in firewall
capability, but the option also exists to disable
them. Ensure that your router's firewall is turned
on. For extra protection, consider installing and
running personal firewall software on each
computer connected to the router.
I. Position the Router or Access
Point Safely
Wi-Fi signals normally reach to the exterior of a
home. A small amount of signal leakage outdoors
is not a problem, but the further this signal reaches,
the easier it is for others to detect and exploit. Wi-
Fi signals often reach through neighboring homes
and into streets, for example. When installing a
wireless home network, the position of the access
point or router determines its reach. Try to position
these devices near the center of the home rather
than near windows to minimize leakage.
J. Turn Off the Network During
Extended Periods of Non-Use
The ultimate in wireless security measures, shutting
down your network will most certainly prevent
outside hackers from breaking in! While
impractical to turn off and on the devices
frequently, at least consider doing so during travel
or extended periods offline. Computer disk drives
have been known to suffer from power cycle wear-
and-tear, but this is a secondary concern for
broadband modems and routers.
IX. CONCLUSION
Wireless networks like Wi-Fi being the most
spread technology over the world is vulnerable to
the threats of Hacking. It is very important to
protect a network from the hackers in order to
prevent exploitation of confidential data. The better
way to do this is, just think like a hacker. At a
glance, we've talked about the whole process of
Ethical Hacking in this paper. All this is made only
to figure out the necessity in getting touch with
some of the scanning tools like NetStumbler, Cain,
Kismet, MiniStumbler etc to survey the Wireless
locality. The tools that have been stated will give
us the ability to break our own Wireless protection
and this may be the time to go to the next rank of
security, the WPA. Let us try to hack all the
standards of Wireless networks ethically in order to
make a system very protected.

REFERENCES
[1] Liza phifer, “List of wireless networks attacks”,
available at
http://searchsecurity.techtarget.com/generic/0,2955
82,sid14_gci1167611,00.html
[2] Bradley Mitchell,”10 tips for wireless network
security”, available at,
http://compnetworking.about.com/od/wirelesssecur
ity/tp/wifisecurity.htm
[3] S Vinjosh Reddy, K Rijutha, K SaiRamani, Sk
Mohammad Ali, CR. Pradeep Reddy, " Wireless
Hacking A Wi-Fi Hack By Cracking WEP”, 201O
-
2nd International Conference on Education
Technology and Computer (ICETC)
[4] Ankit Fadia, "The Ethical Hacking Guide To
Corporate Security," January 2005.
[5] Stuart Mcclure, Joel Scambray, George Kurtz,
"Hacking Exposed™ 6: Network Security Secrets
& Solutions," 2009.
[6] Michael Roche ,"Wireless Hacking Tools,"
available at
http://www.cse.wustl.edul-jain/cse571-
07/ftp/wireless_hackingl
[7] IEEE 802 standards,
http://standards.ieee.org/getieeeS02
[8] WiFi -Windows,
http://www.oxid.it (Cain & Able)
http://www.NetStumbler.com