Photo by Dede Erwanto on Unsplash
Wireless transmissions are inherently vulnerable to several attack vectors:
- Data Emanation: Electronic signals radiating from devices can be intercepted and reconstructed into readable data, potentially exposing sensitive information.
- Jamming/Interference: Devices such as cordless phones can disrupt wireless signals, compromising network availability through radio-frequency interference.
- Packet Sniffing: Using only a wireless network adapter and packet-sniffing software, attackers can easily intercept Wi-Fi traffic. To safeguard sensitive data, organizations must implement strong encryption for all wireless communications.
War Driving and War Chalking
One of the most well-known wireless vulnerabilities is war driving, where attackers drive through areas with wireless-enabled devices to detect and map available wireless networks.
War chalking is a related practice where individuals use chalk to draw symbols on exterior building walls or sidewalks, marking the locations and details of discovered wireless networks. These symbols communicate different network characteristics to others in the war-driving community – for example, different markings might identify an open network (available to anyone), a closed network (with a visible SSID but requiring authentication), or a WEP-secured network.
SSID Broadcasting
A common security weakness in wireless networks is SSID broadcasting. When enabled, this feature makes your network easily discoverable by any nearby wireless device. To strengthen your security posture, you should always change the default SSID to something non-descriptive and disable SSID broadcasting on your wireless router.
WPS and Replay Attacks
There are two additional attack methods that pose significant risks to wireless networks:
- WPS Attack: Wi-Fi Protected Setup (WPS) is designed to simplify connecting to a wireless network by using a PIN on the router. Once the PIN is entered, the SSID and WPA2 encryption key are configured automatically. However, a 2011 vulnerability allows attackers to brute-force the WPS PIN, compromising network security.
- Replay Attack: A replay attack involves capturing legitimate network traffic and retransmitting it later to bypass authentication or crack encryption. Rather than attempting to decrypt captured packets, attackers simply replay previously recorded authentication sequences to gain access.
Rogue Access Points and Evil Twins
Rogue access points represent one of the most serious security threats to organizational networks, and are particularly important to understand for the Security+ exam. These unauthorized wireless access points are typically connected to the network without the IT department’s knowledge or approval – for example, when an employee installs a personal wireless router in their office to get better WiFi coverage.
Such rogue devices create dangerous security gaps because they often lack proper security configurations, allowing attackers to bypass the organization’s perimeter defenses. Network administrators must implement continuous monitoring to detect and remove any unauthorized access points.
For exam preparation, remember that regular wireless scanning with tools such as Acrylic WiFi, Cain & Abel, or Kismet is essential for identifying rogue access points in your environment.
Weak Encryption
The use of weak or outdated encryption protocols remains one of the most critical vulnerabilities in wireless security. WEP encryption is especially dangerous because its 24-bit Initialization Vector (IV) repeats frequently, enabling attackers to crack the encryption key in minutes using readily available tools.
While WPA and WPA2 offer stronger protection than WEP, they have also been compromised through various attacks. Currently, WPA3 provides the most robust security, but it should still be supplemented with additional protections.
For the Security+ exam, it’s crucial to remember that all wireless clients should be treated as potentially untrusted. Implementing a VPN solution provides an essential additional layer of security by encrypting all communications between wireless devices and the corporate network.