8.2.2: Wireless Local Area Network (WLAN) attacks

Last updated
Save as PDF

Page ID: 89764

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

In 1997, IEEE (Institute of Electrical and Electronics Engineers) introduced the concept of WLAN under the project 802.11 and the term Wi-Fi was adapted in August 1999. This newly introduced way of connecting devices with Internet got a lot of attention and appreciation. Since, Wi-Fi involves wireless channels for communication information security was the only concern at that time, which IEEE tried to resolve with the integration of WEP (Wired Equivalent Privacy) security protocol with IEEE 802.11 standard. In 2003, several security analysts and researchers highlighted many vulnerabilities of the WEP protocol and raised the need of new security protocol. In 2003, IEEE proposed a new security protocol named; Wi-Fi Protected Access (WPA). In addition to encryption, WPA also introduced the key (password) based access control of the Wi-Fi routers which avoided the piggy backers to access the bandwidth. The WPA uses Temporal Key Integrity Protocol (TKIP) and validates the integrity of the exchanged messages which was better as compared to a CRC (Cyclic Redundancy Check) used in WEP. However, within six (6) months of its introduction, security analysts reported many pitfalls of the encryption scheme used in WPA which makes it even worse than WEP. Then in 2004, WPA2 was introduced which involves keybased router accessing mechanism and AES based encryption mode. In 2018, WPA3 was introduced as a replacement of WPA2. WPA3 mainly involves Simultaneous Authentication of Equals, offers forward secrecy and also ensures the protection of management frames. One of the inherent vulnerabilities of WLAN is the “undefined boundary” of the wireless network which allows the attackers to do multiple malicious activities e.g.

Unauthorized scanning of the networks
Interception
Desynchronization attacks

To avoid most of the WLAN security threats, following two (2) recommendations are suggested:

Disable broadcasting of SSID, once all legitimate devices are connected with WLAN.
Use WPA2 or WPA3 to configure the WLAN.

In the following pages we discuss six main (6) security attacks of WLAN:

Rogue Access Points
Evil Twins
Intercepting the wireless data
Replay attacks
Denial of Service attacks
War Driving and Chalking