Securing Wireless Networks: Understanding and Mitigating Encryption Vulnerabilities
We know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used by hackers to crack these encryptions.
Exploring Encryption Methods
1. WEP Encryption
WEP is an old encryption, and it’s really weak. Several methods can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network. These attacks are possible because of the way WEP works. We discussed the weakness of WEP and how it can be used to crack it. Some of these methods even allow you to crack the key in a few minutes.
2. WPA/WPA2 Encryption
WPA and WPA2 are very similar; the only difference between them is the algorithm used to encrypt the information, but both encryptions work in the same way.
Cracking WPA/WPA2 Encryption
2.1 Exploiting WPS Feature
If the WPS feature is enabled, there is a high chance of obtaining the key regardless of its complexity. This can be done by exploiting a weakness in the WPS feature. WPS is used to allow users to connect to their wireless network without entering the key. This is done by pressing a WPS button on both the router and the device they want to connect to. The authentication works using an eight-digit PIN. Hackers can brute force this PIN in a relatively short time (an average of 10 hours). Once they get the right PIN, they can use a tool called Reaver to reverse engineer the PIN and get the key. This is all possible because the WPS feature uses an easy pin (only 8 characters and only contains digits). So it’s not a weakness in WPA/WPA2; it’s a weakness in a feature that can be enabled on routers that use WPA/WPA2, which can be exploited to get the actual WPA/WPA2 key.
2.2 Dictionary Attack
If WPS is not enabled, then the only way to crack WPA/WPA2 is by using a dictionary attack. In this attack, a list of passwords (dictionary) is compared against a file (handshake file) to check if any of the passwords is the actual key for the network. So if the password does not exist in the wordlist, then the attacker will not be able to find the password.
Mitigation
Do not use WEP encryption, as we saw how easy it is to crack it regardless of the complexity of the password and even if there is nobody connected to the network. Use WPA2 with a complex password. Make sure the password contains lowercase letters, uppercase letters, symbols, and numbers. Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS PIN.