Security.com

12 types of wireless network attacks and how to prevent them

By Karen Scarfone

It's time to get serious about wireless network security.

The temptation is real. Most of us have at least considered using an open wireless network when we're traveling or at a local store or restaurant, despite knowing that "open wireless network" means "not secured." We know the risks, but we consider connecting -- or connect -- nonetheless. The risks of being attacked may seem hypothetical, but they're real.

Network, IT and security admins involved in managing wireless networks have to secure those networks to protect the users, devices and services using them. One of the best ways to do this is to make users aware of the different types of wireless network attacks they may encounter, as well as putting the appropriate safeguards in place.

Let's take a look at the most common forms of wireless network attacks and specific types within each category, and then talk about how to prevent them.

3 categories of wireless network attacks

Wireless network attacks can be bucketed into three categories: passive attacks, active attacks and attacks against wireless network components:

12 common types of wireless network attacks

Each category can be broken down into more specific attacks. The most common types of wireless network attacks are the following:

  1. packet sniffing
  2. rogue access points
  3. Wi-Fi phishing and evil twins
  4. spoofing attacks
  5. encryption cracking
  6. MitM attacks
  7. DoS attacks
  8. Wi-Fi jamming
  9. war driving attacks
  10. war shipping attacks
  11. theft and tampering
  12. default passwords and service set identifiers (SSIDs)

1. Packet sniffing

Packet sniffing is the act of gaining access to raw network traffic. Packet sniffers, such as Wireshark, detect, monitor and gather network packets. While packet sniffing is a legitimate activity, packet sniffers can also be used by attackers to spy on network traffic.

2. Rogue access points

A rogue access point is any unauthorized access point connected to a network. If an attacker successfully places a rogue access point, the attacker can then access the network it connects to.

3. Wi-Fi phishing and evil twins

Wi-Fi phishing is when malicious actors create access points that imitate legitimate Wi-Fi access points.

An evil twin is a type of rogue access point used for Wi-Fi phishing. It advertises itself as an existing, authorized access point. It uses the SSID of an authorized access point to trick users into connecting to it. Sometimes, attackers disable the authorized access point to subvert the entire network. Even if the authorized access point isn't disabled, the evil twin still often gets access to some network traffic.

4. Spoofing attacks

Spoofing attacks involve malicious actors pretending to be legitimate users or services. Types of spoofing attacks include the following:

5. Encryption cracking -- WEP/WPA attacks

Many older, outdated security protocols, including Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), are vulnerable to attack. WEP, introduced in the 1990s, encrypts data transmitted over a LAN. It is flawed, however, and should never be used in enterprise networks.

WPA, introduced in 2003, was created to be more effective than WEP. It uses stronger encryption and better authentication than WEP. WPA is also vulnerable to attacks, however, and should also never be used. WPA2 was introduced in 2004 to formally replace WEP. It includes AES encryption. WPA3, introduced in 2018, offers even stronger encryption than WPA2.

6. MitM attacks

MitM attacks occur when cybercriminals eavesdrop on communications between two parties -- for example, two users communicating with each other or a user communicating with an application or service. Attackers can intercept sensitive information and relay information by pretending to be one of the legitimate parties.

7. DoS attacks

DoS attacks occur when malicious actors flood a network with traffic, thus overwhelming the network and making it impossible for legitimate users to access it.

8. Wi-Fi jamming

Like DoS attacks, Wi-Fi jamming attacks overwhelm a network and prevent legitimate users from connecting to it. An example of a Wi-Fi jamming attack is flooding access points to "jam" the connection.

9. War driving attacks

War driving occurs when attackers search for open or vulnerable wireless networks to exploit. Also known as access point mapping, attacks involve nefarious actors driving around with wireless devices -- usually, computers or mobile devices -- searching for open networks to connect to.

10. War shipping attacks

War shipping attacks involve attackers sending physical spying devices to companies, which, once within the company's building, connect to the target network to exfiltrate data. An example of this attack could be an attacker sending a wireless-enabled device to a mailroom. Once it arrives, the device scans for networks to connect to and attack.

11. Theft and tampering

Attackers can conduct physical attacks on wireless networks by stealing or damaging wireless access points and routers. These attacks not only prevent users from accessing networks and cause network downtime -- and, therefore, business disruption and potential revenue loss -- but also can be costly for the companies replacing the stolen or damaged devices.

12. Default passwords and SSIDs

Corporate networks should never use default passwords and SSIDs. Employees who work from home should also be advised to change default passwords and SSIDs. Default SSIDs enable attackers to find out which router an employee is using and, in turn, find potential vulnerabilities specific to that router. Default and manufacturer-provided passwords, which are often printed on the side of consumer routers, should be changed to prevent unauthorized users from seeing and using them. Password security best practices -- such as not using easy-to-guess passwords -- should be followed.

How to safeguard wireless networks and network usage

Home and workplace routers should be protected with the following basic steps:

  1. Use WPA3, the latest standard for wireless network security, if your access points and client devices support it. WPA2 is still a decent alternative, but move to WPA3 as support for it increases.
  2. Set a unique, hard-to-guess password for each wireless network.
  3. Keep all network components up to date, patched and properly configured to minimize their exploitable vulnerabilities.
  4. Minimize or prohibit remote access to your access points, and always change default access point passwords to unique, hard-to-guess ones. This prevents arbitrary attackers from reaching your access points over the internet and easily gaining control over them.

In addition to those safeguards, implement the following security controls for corporate networks:

Last but not least, tell employees about wireless network attacks and security best practices during regularly scheduled security awareness trainings. Advise them to avoid using open networks. It's often much more secure to set up a hotspot for your laptop through your smartphone -- with a unique, hard-to-guess password for hotspot access -- than it is to use an open Wi-Fi network.

13 Dec 2022

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement