Most Common Wireless Network Attacks

Discover how to protect your network and end users from the most common wireless network attacks with WebTitan's advanced security features. Ideal for MSPs, businesses, and educational institutions.

Jennifer Marsh

Many Businesses are Neglecting WiFi Security

Many businesses have moved from wired to wireless technologies, which has hurt their security posture. Wired networks are generally much easier to secure than wireless networks, and poor implementation often introduces vulnerabilities in WiFi networks. Many businesses also fail to perform a thorough risk analysis, meaning those vulnerabilities are not identified and addressed. Because of these security flaws and the ease of exploiting them, wireless network attacks are common.

The Importance of WiFi Security

Wi-Fi access used to be something you had to pay for, but now, free WiFi is something many people take for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be free. The decision to use a particular establishment is often influenced by whether free WiFi is available, but the connection quality is increasingly a factor in the decision process.

The quality of the WiFi on offer is not just a question of whether there is enough bandwidth and fast internet speeds. Parents often visit establishments that provide secure WiFi with content control, such as businesses verified under the Friendly WiFi scheme. To be accredited under the scheme, companies must implement appropriate filtering controls to prevent minors from accessing age-inappropriate material.

The massive rise in cyberattacks via public WiFi networks coupled with warnings about WiFi risks in the mainstream media has seen many consumers favor establishments that offer secure WiFi access.

If you run a business and are providing WiFi to customers or considering adding a WiFi hotspot to attract more customers, be sure to consider the network's security. The past couple of years have seen many attacks on WiFi networks and customers who use those wireless services. The increase in WLAN attacks means WiFi security has never been so important.

Before covering some of the most common wireless attacks, exploring some of the standard wireless network vulnerabilities that can be exploited to eavesdrop on traffic, infect users with malware, and steal sensitive information is worthwhile.

Understanding Wireless Networks

Wireless networks are computer networks that use wireless communication to connect devices. They are commonly used in homes, businesses, and public spaces to provide internet access and network connectivity. Unlike wired networks, which rely on physical cables, wireless networks use radio waves to transmit data between devices. This flexibility makes them an attractive option for many environments, allowing users to connect to the internet and other network resources without cumbersome wiring.

How Wireless Networks Operate

Wireless networks operate by transmitting data through radio waves. When a device, such as a laptop or smartphone, sends data, it transmits the information to a wireless access point. This access point, typically connected to a wired network, relays the data to the intended recipient. The recipient can be another device on the same network or a different one. The seamless process allows for efficient communication between devices, making wireless networks a convenient and versatile solution for connectivity.

Common Wireless Vulnerabilities

Listed below are some of the most common wireless network vulnerabilities and steps that can be taken to prevent the vulnerabilities from being exploited. These wireless network vulnerabilities could easily be exploited in real-world attacks on wireless networks to steal sensitive data, take control of a router or connected device, or install malware or ransomware.

Use of Default SSIDs and Passwords

Wifi access points are shipped with a default SSID and password, which need to be changed, but all too often, those default passwords are left in place. That makes it easy for an attacker to log in and take control of the router, change settings or firmware, load malicious scripts, or even change the DNS server so that all traffic is directed to an IP owned by the attacker. Default passwords must be changed to prevent anyone within range of the signal from connecting and sniffing traffic.

If wireless controllers are used to manage WiFi access points via web interfaces, make sure the default passwords are also changed. These default passwords can be easily found online and used to attack wireless networks.

Placing an Access Point Where Tampering Can Occur

If the access point is placed in a location where it can be physically accessed, tampering can occur. It takes just seconds to revert the access point to factory default settings. Make sure the access point is secure, such as a locked closet.

Use of Vulnerable WEP Protocol

The Wired Equivalent Privacy (WEP) protocol was the first to encrypt Wi-Fi networks. WEP, as the name suggests, was intended to make wireless networks as secure as their wired counterparts, but that does not make WEP wireless networks secure.

WEP is based on the RC4 cypher, which is secure. The problem is how RC4 is implemented in WEP. WEP allows an initialization vector to be re-used, and the reuse of keys is never a good idea. That allows an attacker to crack the encryption with ease. Several other vulnerabilities have been identified in WEP, which make it far from secure.

Even though WEP has been depreciated and there are much more secure wireless encryption protocols to use, many businesses continue to use WEP in the mistaken belief that it is secure. WEP is more secure than no encryption at all – bad security is better than no security – but there are much more secure options for encrypting WiFi traffic. If you want to improve security and prevent WLAN attacks, upgrade to WPA2 or WPA3, which use the much more secure Advanced Encryption Standard (AES) and lack the vulnerabilities of WEP.

Weak Security Settings

One of the main vulnerabilities of wireless networks is weak security settings. Many wireless networks are set up with default passwords and encryption settings, which hackers can easily exploit. Additionally, some wireless networks may not have any security settings at all, making them easily accessible to anyone within range. This lack of security can lead to unauthorized access, data theft, and other malicious activities. Implementing strong security measures to protect wireless networks from potential threats is crucial.

WPA2 Krack Vulnerability

WPA may be more secure than WEP, but it is not without its own wireless vulnerabilities. Two Belgian researchers – Mathy Vanhoef and Frank Piessens of the University of Leuven – identified a serious flaw in the WPA security protocol. The flaw was named KRACK, short for Key Reinstallation Attack. The flaw can be exploited in a man-in-the-middle attack to steal sensitive data sent via the WPA encrypted WiFi connection. If the WPA flaw is exploited, an attacker could eavesdrop on traffic and obtain banking credentials, passwords, and credit card information.

The vulnerability exists in the four-way handshake. An encrypted WPA2 connection starts with a four-way handshake, but not all parts of that handshake are required. To speed up re-connections, the third part is retransmitted. That third part of the handshake may be repeated several times, and it is this step that could be used in a wireless network attack.

By repeatedly resetting the nonce transmitted in the third step of the handshake, an attacker can gradually match encrypted packets and discover the full keychain used to encrypt traffic.

A threat actor could set up a clone of a WiFi access point that a user has previously connected to – an evil twin. To the user, nothing would appear untoward as Internet access would be provided via that evil twin. An attacker can force a user to connect to the cloned WiFi network and all information sent via that evil twin WiFi network can be intercepted. While the attack will not work on sites with SSL/TLS encryption, tools can be used that make this possible by forcing a user to visit an HTTP version of the website.

In order to execute a KRACK WiFi attack, the WiFi network must be using WPA2-PSK or WPA-Enterprise and the attacker needs to be within range of the WiFi signal. Virtually all routers currently in use are vulnerable to KRACK WiFi attacks. The best defense is to keep routers up to date and for users to only connect to wireless networks using a paid-for, up-to-date VPN. The issue has been addressed in WPA3, which is supported by the latest wireless access points. However, even with this exceptionally common wireless network vulnerability, WPA2 is still far more secure than WEP.

NetSpectre – Remote Spectre Exploit

Spectre is a vulnerability that affects microprocessors that perform branch prediction. The vulnerability can be exploited to allow an attacker to access chosen virtual memory locations and thus obtain sensitive data. In order for the flaw to be exploited, an attacker would first need to convince a user to download and run malicious code or to visit a website where JavaScript is run in the browser. Researchers at Graz University of Technology have developed a new type of attack that can be performed via network connections, including WiFi networks. The attack – termed NetSpectre – is fortunately complex so there are far easier ways to attack an organization. The risk of exploitation is therefore low.

What are the Most Common Wireless Network Attacks?

Many of the most common wireless network attacks are opportunistic in nature. WiFi hackers look for wireless networks that are easy to attack.

Hackers are more than happy to take advantage of poor security controls to gain access to sensitive information and distribute malware. Why waste time attacking well-secured WiFi networks when there are plenty with scant or no security?

Poorly secured WiFi networks are also targeted by more sophisticated cybercriminals and organized crime groups to gain a foothold in the network. The attacks can be extremely lucrative. Access to a business network can allow ransomware to be installed and if malware can be installed on POS systems, the credit/debit card numbers of tens or hundreds of thousands of customers can be stolen.

WiFi hackers look for wireless networks that are easy to attack. Hackers are more than happy to take advantage of poor security controls to gain access to sensitive information and distribute malware

Types of Wireless Network Attacks

Hackers use several different types of WiFi attacks to eavesdrop on wireless network connections to obtain passwords and banking credentials and spread malware. The main types of WiFi attacks are detailed below.

Fake WiFi Access Points, Evil Twins, and Man in the Middle Attacks

Visitors to hotels, coffee shops, and malls often connect to the free WiFi, but various studies have shown that care is not always taken when connecting. Customers frequently choose the WiFi access point based on the SSID without checking if the wireless network is a legitimate access point set up by a particular establishment for customer use.

Criminals can easily set up fake WiFi access points, often using the establishment's name in the SSID. An SSID called ‘Free Airport WiFi’ would be enough to get many people to connect. Customers can still access the Internet when they connect to these rogue WiFi networks, so they are unlikely to realize anything is wrong. However, once connected to that network, everything they do online will be monitored by cybercriminals. Sensitive information entered online, such as email addresses and passwords, credit card numbers, or banking credentials, can and will be stolen.

How is this done? The attacker creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in a coffee shop drinking a latte while monitoring the traffic of everyone who connects. Alternatively, they can use a router with the same name and password as the one currently in use. This may also have a stronger WiFi signal, seeing more people connect. Through the “evil twin,” all traffic will be visible to the attacker, and all data sent over the network can be captured.

Fake access points and evil twins are the most common wireless network attacks. They are easy to conduct, require little technical skill, and are very effective. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.

Packet Sniffing: Interception of Unencrypted Traffic

Research by Kaspersky Lab in 2016 showed that more than a quarter of public Wi-Fi hotspots in malls were insecure and lacked even basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the ten busiest malls in the USA had risky WiFi networks.

One mall in Las Vegas was discovered to operate 14 risky WiFi access points. Hackers can use packet sniffers to intercept traffic on unencrypted WiFi networks. Packet sniffing is one of the most common wireless attacks.

These common wireless network attacks are easy on older routers, such as those using WEP encryption. WPA offers better security, WPA2 is better still, or ideally, the new WPA3 encryption protocol should be used if your access point supports it.

Wardriving

Wardriving is a technique used to identify and map vulnerable access points. The name comes from the fact that attackers drive around a neighborhood and use a laptop with a GPS device and antenna to identify and record the location of wireless networks. This technique is effective since many WiFi networks used by businesses extend beyond the confines of the building, and poor security controls are applied to secure those networks. Attackers can use wardriving to find and mimic a legitimate network, tricking users into connecting to a malicious alternative and compromising their sensitive information.

Warshipping

Warshipping is a more efficient method of attacking WiFi networks as it allows attacks to be conducted remotely, even if the attacker is not within range of a WiFi network. The tactic was explained by IBM X-Force Red researchers at Black Hat USA. They used cheap (under $100) and easy-to-obtain components to create a single-board computer with WiFi and 3G capabilities that runs on a cell phone battery. The device can be used to locally connect to the WiFi network and send information back to the attackers via the 3G cellular connection.

Since the device is small, it can easily be hidden inside a small package, and getting that package into a building is easy. It can just be mailed. Since the package may be addressed to someone not working it the company, it could sit in the mailroom for a while before opening it. Since the package can be tracked, the attackers will know when it is in the building. Alternatively, it could be hidden in any number of items, from plant pots to teddy bears. If the device is within range of WiFi networks, it could be used to attack those networks.

Hashed network access codes can be sent back to the attackers to crack, and the device can then connect to WiFi networks in the building and harvest data. The device could be used in a man-in-the-middle attack by impersonating an internal WiFi network. Additionally, it can act as a rogue access point, setting up an Evil Twin Attack to deceive users into connecting to it and harvesting their data.

MAC Spoofing

Many businesses use MAC filtering to prevent specific devices from connecting to WiFi networks. While this is useful for preventing individuals from taking advantage of free WiFi for customers, blocking users can be easily bypassed. It is easy to spoof a MAC address and bypass this filtering control.

Examples of WiFi Network Attacks

Attacks on wireless networks are not just theoretical. Listed below are some examples of common wireless network attacks that have resulted in the installation of malware or theft of sensitive information. These latest wireless security attacks could easily have been prevented had appropriate security controls been implemented.

Tel Aviv Free WiFi Network Hacking Incident

One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, incorporating basic security controls to keep users secure. However, it was not as secure as city officials thought.

While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point. The city provided the FREE_TLV access point, and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.

While he found no significant vulnerabilities, he identified a buffer overflow vulnerability after extensive analysis, which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.

Toasters Used to Hack Unsecured WiFi Networks

Perhaps not one of the most common WiFi network attacks, but notable nonetheless due to the rise in the use of IoT devices. IoT capability has been incorporated into all devices, from toasters to washing machines. These devices can be vulnerable to supply chain attacks – Where hardware is altered to allow the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.

In-Flight WiFi Network Hacking from the Ground

Cybersecurity expert Ruben Santamarta has demonstrated it is possible to hack into airline WiFi networks from the ground, view the internet activity of passengers, and intercept their information. More worryingly, he also gained access to the cockpit network and SATCOM equipment. He claims the same technique could be used for ships, industrial facilities, and military installations. He explained how he did it in his “Last Call for SATCOM Security” presentation at the 2018 black hat hacker conference.

Orange Modems Leaking Wi-Fi Passwords

A vulnerability has been identified in Orange LiveBox ADSL modems that causes them to leak the SSID and WiFi passwords in plaintext. The flaw was identified by Bad Packets researchers who observed their honeypots being actively attacked. A search on Shodan showed nearly 20,000 vulnerable Orange modems leak Wi-Fi passwords and SSIDs in plaintext. In many cases, the default credentials of admin/admin were still being used! The flaw means the WiFi networks could easily be attacked remotely. Attackers could change device settings, alter firmware, obtain the phone number, and conduct a range of other attacks.

WeWork WiFi Security Flaws

WeWork, a provider of custom workspaces, private offices, and on-demand workspaces equipped with high-bandwidth WiFi, has made an error in implementing those WiFi networks, which makes them far from secure.

WeWork used the same WiFi password at many shared offices for several years. To make matters worse, that password was weak and regularly featured in the top 25 lists of extremely poor passwords. However, there was no need to guess it as it was available through the WeWork app in plaintext. Such a simple yet severe error placed all users of those workspaces at risk for several years. The researchers investigated several locations in San Francisco and found the same weak password used at multiple locations. Further, the WiFi network was only protected with WPA2 Personal security.

Teemu Airamo checked the security of the workspace he had just moved into and found hundreds of other companies’ devices exposed. Subsequent scans on the WeWork network revealed an enormous amount of sensitive data had been exposed. Password reuse is never a good idea, and neither is using dictionary words or, heaven forbid, any of the top 25 lists of shockingly awful passwords.

WiFi Networks Can be Used to Gain Access to Business Data

Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network or customers requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers. Poor WiFi security will likely be exploited sooner or later. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.

Hear from our Customers

Best in class for cloud based email protection

What do you like best about WebTitan Web Filter? We tested several cloud based email protection services and found WebTitan by far the best service. Excellent product backed by excellent technical support technicians across the globe. What problems is WebTitan Web Filter solving and how is that benefiting you? Spam and virus protection.

Kurt J.

CTO

Great product at a fraction of competitors price.

What do you like best about WebTitan Web Filter? It's very easy to use and configure from the web interface. WebTitan is a fraction of the cost of other products like Cisco Cloud, and yet provides much the same protection. I can manage users network wide. Filter Website by category and custom lists. WebTitan is blocking most if not all of our spam and malware. Recommendations to others considering WebTitan Web Filter: If you are looking for a product to filter your entire network both on and off site and you don't have the budget to waste on products 10 times the price, WebTitan is for you. What problems is WebTitan Web Filter solving and how is that benefiting you? We have our mail server blacklist and we're dealing with a rash of botnet style attacks. WebTitan solved the issue within minutes of enabling it network wide.

Dave M.

Director of Technical Arts

Fast Reliable Consistent

What do you like best about WebTitan Web Filter? The platform is fast and I can adjust the filters as I like them. Recommendations to others considering WebTitan Web Filter: Great product at a fraction of the cost of some of their competitors. What problems is WebTitan Web Filter solving and how is that benefiting you? Protecting end points from phishing sites and infected URL’s.

Andre Z.

Small-Business

Safe surfing for companies

What do you like best about WebTitan Web Filter? The security of our network. If a virus or other malware tries to fool a user, we get an error message and not a virus in our computer. We can choose which web sites and category we want to stop for our users. What do you dislike about WebTitan Web Filter? There is not much to dislike. Some users want to see pages which WebTitan has banned. Then if this is something we want to whitelist I need to log in to fix this. It is easy, but sometimes there are a lot of questions regarding this. What problems is WebTitan Web Filter solving and how is that benefiting you? Safer company network, and ease of mind for me.

Vidar L.

Assistant Director

The best program that provides a layer of protection without equal.

What do you like best about WebTitan Web Filter? I really like this system because it provides one of the best layers of protection for the servers and computers of my business, bringing almost zero spam emails in my mail tray. This system is very simple to configure however, I could do it under the tutelage of the technical support team, in order to make an optimal configuration. I also congratulate the team of designers of this system for its friendly and versatile interface with a range of options and filters in each function, which allow me to be able to perform a better management on the web, I can also perform more detailed searches in order to obtain excellent information. This system has a simple and very useful reporting. If we start talking about the price, I can say it is crazy, compared to other systems that do much less than WebTitan and are extremely expensive. I really like the attention provided by your customer service team, they are very attentive, they are always on the lookout to correct any problem that may arise with the system. Recommendations to others considering WebTitan Web Filter: I definitely recommend this system a lot and I think it is necessary to say that this system is vital for all businesses. If you want to know more about it you can have your trial version for a limited time and so you can evaluate it. What problems is WebTitan Web Filter solving and how is that benefiting you? Thanks to this system I can to manage access to the web of my work team, based on the scale or pyramid of hierarchy, I do this so the base members of my team do not lose focus on the performance of their tasks and my managers, as they need more information on the web, I grant them a broader access to the execution of their tasks.

Harold A.

Project Control Manager

How Can Businesses Prevent the Most Common Wireless Network Attacks?

How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks and keep the WiFi network secure.

Isolate the Guest Network

If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and place your POS at risk of compromise. Use a router with multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or a separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature preventing WiFi users from accessing your internal network and other client devices. Suppose you require multiple access points throughout your establishment. In that case, you will likely need a VLAN or EoIP tunnel configuration – A more complicated setup requiring you to seek professional security advice.

Encrypt WiFi Traffic with WPA2 or WPA3

If you have an old router that does not support WPA2 encryption, it’s time to upgrade. WPA2 is the minimum standard for WiFi security, and while it can still be cracked, it is time-consuming and difficult. WPA3 has now been released, and an upgrade should be considered. It would be best if you also ensured that WPS is turned off.

Update Firmware Promptly

All software and devices contain vulnerabilities and require updating. Software should be patched, and devices such as routers must upgrade their firmware when new versions are released. Check your device manufacturer’s website periodically for details of firmware updates and ensure your device is updated.

Create a Secure SSID

Your router will have a default SSID name, which should be changed to personalize it to your business. Making it easily identifiable will reduce the potential for rogue access points to be confused with your own. Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers and your SSID in a prominent place where they can see it.

Restrict WiFi Access

If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal, and you can ensure only your customers will use your connection. Also, ensure your WiFi access point is only available during business hours. If your access points are left unsupervised when your business is closed, it increases the risk of an attack.

Secure Your Infrastructure

Administrator access can be abused, so ensure your login name and password are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ to any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least eight characters, although more is better. Alternatively, use a 14-character+ passphrase.

Use a Web Filter

A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and web pages known to have been compromised or confirmed as malicious. This will protect your customers from web-based threats like drive-by downloads, exploit kits, and phishing. A web filter will also prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.

TitanHQ offers a scalable, easy-to-deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases or software downloads. It is 100% cloud-based, can be managed and monitored from any location, and can help protect you against the most common wireless network attacks.

Countermeasures and Best Practices

To protect against wireless network attacks, it is essential to implement strong security measures and best practices. By taking proactive steps, organizations can safeguard their networks and ensure the security and integrity of their data.

Regular Security Audits and Penetration Testing

Regular security audits and penetration testing can help identify vulnerabilities in a wireless network. Security audits involve reviewing the network’s security settings and configurations to ensure they are up-to-date and secure. Penetration testing involves simulating a cyber attack on the network to test its defenses and identify any weaknesses. These practices are critical for maintaining a secure network environment and preventing potential breaches.

By implementing these countermeasures and best practices, organizations can help protect their wireless networks from attacks and ensure the security and integrity of their data. Here are some additional tips to help secure your wireless network:

Use strong passwords and encryption settings
Enable MAC address filtering to block unauthorized devices from accessing the network
Use a firewall to block incoming and outgoing traffic
Regularly update your router’s firmware and software
Use a virtual private network (VPN) to encrypt data transmitted over the network
Limit access to the network to only authorized devices and users
Monitor the network for suspicious activity and take action if necessary

By following these tips and implementing strong security measures, you can help protect your wireless network from attacks and ensure the security and integrity of your data.

Contact our Sales Team today . Our friendly team will be able to answer any questions you may have about our products and advise you on the most suitable option to suit your organization’s needs.