Wifi Hacking
The Art of casual WiFi hacking
Jeremy Martin, CISSP-ISSAP, NSA-IAM/IEM, CEH – jeremy@infosecwriter.com It is a cloudy Friday night and I am in the listening to another episode of 2600’s “Off the hook” radio when the interruption of the phone catches my attention. I had been expecting the call from my colleague, because I needed help with some new proof-ofconcept ideas for a penetration test I have the following week. During the conversation, we eagerly decided to head out for the night to Wardrive in the area. Wardriving is always a good excuse to test new programs and ideas. We position both laptops for optimal WiFi signal, easy access to the GPS devices, and secure them for the least amount of movement while driving. Right before we leave, we make sure the power converter is turned on, and the systems are plugged in. To cover all our bases, one laptop runs Windows XP Pro, NetStumbler, and Cain&Able while the second system has Suse 9.2 Linux with Kismet, Airsnort, Aircrack, and Void11. Using two devices with such different environments improves success while surveying WiFi in an area or “footprinting” them. Here is where the fun begins. After driving for a few miles, we enter a well lit street in the business section of town, and hear the ping of live access points every few seconds. Even though we have been doing this for years, we are both amazed at the percentage of companies that employ WiFi that do not implement any sort of encryption. This allows us to park and let Kismet do what it does best... passively listen to network traffic running over the 802.11 signal. We are able to map several subnets and gather other interesting information being broadcast to the public. At the end of the night, we were able to gather over 127 WiFi hotspots after only driving seventeen miles round trip. With this type of information gathered, playtime for hackers begins.
Wardriving
Also referred to as “Geek’s catch and release fishing”, is the act of driving around and
Jeremy Martin, CISSP-ISSAP, NSA-IAM/IEM, CEH – jeremy@infosecwriter.com It is a cloudy Friday night and I am in the listening to another episode of 2600’s “Off the hook” radio when the interruption of the phone catches my attention. I had been expecting the call from my colleague, because I needed help with some new proof-ofconcept ideas for a penetration test I have the following week. During the conversation, we eagerly decided to head out for the night to Wardrive in the area. Wardriving is always a good excuse to test new programs and ideas. We position both laptops for optimal WiFi signal, easy access to the GPS devices, and secure them for the least amount of movement while driving. Right before we leave, we make sure the power converter is turned on, and the systems are plugged in. To cover all our bases, one laptop runs Windows XP Pro, NetStumbler, and Cain&Able while the second system has Suse 9.2 Linux with Kismet, Airsnort, Aircrack, and Void11. Using two devices with such different environments improves success while surveying WiFi in an area or “footprinting” them. Here is where the fun begins. After driving for a few miles, we enter a well lit street in the business section of town, and hear the ping of live access points every few seconds. Even though we have been doing this for years, we are both amazed at the percentage of companies that employ WiFi that do not implement any sort of encryption. This allows us to park and let Kismet do what it does best... passively listen to network traffic running over the 802.11 signal. We are able to map several subnets and gather other interesting information being broadcast to the public. At the end of the night, we were able to gather over 127 WiFi hotspots after only driving seventeen miles round trip. With this type of information gathered, playtime for hackers begins.
Wardriving
Also referred to as “Geek’s catch and release fishing”, is the act of driving around and