Here’s how easy it is to hack into your Wi-Fi network
A few months ago, the internet was buzzing with news reports about a new Wi-Fi protocol called WPA3.
This new system, agreed upon by a panel of experts and luminaries, will have several advantages, primary amongst them the ability to make an average Wi-Fi network more secure, or hardened.
Until the widespread rollout of WPA3, it may be alarming to learn that the Wi-Fi networks on which you rely (and indeed may be using to read these words) are far from secure. In fact, not only are they easy to gain access to, but also any unencrypted traffic flowing over the Wi-Fi network can be captured.
Of course, there are degrees of how insecure a Wi-Fi network might be, but even but the most carefully configured network can be compromised in under 15 minutes by anyone who knows what they’re doing.
And, of course, many networks out there don’t even utilize the relatively simplistic security levels which are available from even enterprise-grade Wi-Fi access points. Have you even rebooted your router, recently?
The nefarious set of tools required to breach your paltry defenses include such heinous devices as a web browser, the ability to view YouTube videos, an internet connection, and around $40-worth of old hardware.
Now I’m scared
Armed with these tools, and all the technical ability currently possessed by an average 17-year-old, it is highly probable that the secure Wi-Fi network on which you do your business banking, can be penetrated.
While there are literally thousands of how-to guides out there (on the web, and via YouTube) on hacking, the purposes of this article are not to help you become a master cyber criminal, but simply to make you more aware of the potential threat posed by Wi-Fi networks.
Here’s the science part
1. Acquire a laptop with the ability to run Linux (that’s just about every laptop made in the last 20 years).
Cost: $20 (or $50 if it needs some kind of Wi-Fi dongle).
Level of difficulty: 1/10.
2. Find a disk image of pretty much any version of Linux. Ubuntu is popular.
Level of difficulty: 1/10.
3. Following instructions on the web, “create a bootable Linux distro” (quotes included here for ease of pasting into Google).
Cost: $5 for the USB stick or $0.30 for a writable CDR.
Level of difficulty: 3/10.
4. Install Linux on your laptop. Or, you needn’t even install it permanently — it can run from the USB stick or CDR “live”.
Level of difficulty: (following the on-screen prompts) 2/10.
(Hint: when choosing a Linux distribution, look for Kali or BackBox. Both of these, and several like them, come preloaded with all the tools you’ll need, allowing you to skip steps 5 & 6.)
5. Download and install some tools. Aircrack-ng, Wifite, Metasploit – there are lots of helpful applications.
Level of difficulty: 3/10 (or 0/10 if you follow the hint given above).
6. Download password lists onto your new laptop. These consist of literally gigabytes of commonly used words and phrases used to “protect” WiFi networks.
Level of difficulty: 1/10.
7. Follow handy guides online to help you find nearby Wi-Fi networks, put your Wi-Fi dongle in monitor mode, wait for Wi-Fi network user to connect, use injection tools and password lists to gain access to a newly-breached “secure and protected” Wi-Fi network. Some apps will do all this for you, like Wifite. Others need you to read the manual.
Level of difficulty: 1/10 – 9/10 depending on your choice of weaponry and levels of security in place.
It's our birthday, and we want all the shells: New wrap-up featuring SOCKS5 improvements, a fresh Impacket-based module, MultiDrop mania, and the ability to put Meterpreter on 64-bit iOS devices (<= 9.3.4) thanks to Trident and contributor @timwr. https://t.co/OQvTGjrNiT
— Metasploit Project (@metasploit) June 9, 2018
But seriously, folks…
Okay, you’ve rumbled me! It’s perhaps not quite as easy as that, but in the grand scheme of things, not very much more difficult.
The take-home point here is that one doesn’t need to be one of those figures depicted in stock photography whenever hacking is represented — hooded, hunched over a keyboard — nor indeed be up to speed with the absolute latest goings-on on the so-called “dark web.”
All the hardware, software, and tools needed to gain access to a private Wi-Fi network are freely (or cheaply) available. (It’s illegal, by the way. Don’t do it.)
It doesn’t necessarily mean that you should turn off your Wi-Fi access point and start trailing cat 6 ethernet cables across the office.
Rather, every Wi-Fi user — and to a certain extent wired user — needs to be aware that privacy and security are not guaranteed. It is up to every user to protect their own data if it is precious to them.
The oft-quoted advice is usually good. Here’s some of it: encrypt web traffic from your network to outside financial concerns, use two-factor authentication, use biometric security methods, and always take more than a modicum of care and attention when online.
When, finally, WPA3 appears in the mainstream market, it won’t spell the end to worry.
Humans like a challenge – that’s why people become mountaineers. And hackers. Or pen-testers (the good guys, the “white hats”, aka penetration testers). Therefore, any new security protocol is only safe until it is cracked.
And as sure as night follows day, the knowledge and methods of breaching the new protocol will be made widely available for free on those dens of iniquity, the World Wide Web, YouTube, and maybe even here.