Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What are some of the common wireless hacking tools and techniques?

I'm researching for a film script that is based on a group of info thieves that hack into corporation's Wi-Fi systems to obtain intellectual assets. I heard of an incident in California where some guys did this, but only to show the company that they were vulnerable. What are some of the common wireless hacking tools and techniques?
Vendors that sell wireless LAN security products and services love to demonstrate hacking techniques on sales calls to prospective customers. In addition, some vendors sell commercial penetration testing and vulnerability assessment services, where they will do just what you describe -- hack into the customer's network to find and document vulnerabilities, along with remediation advice and recommendations. However, unlike a real attack, a penetration tester does not exploit found vulnerabilities to harm the victim.

There are many attack methods used to prey upon common wireless LAN vulnerabilities. Perhaps the most well-known of these is WEPcrack. WEPcrack and similar key-cracking tools take advantage of weaknesses in the Wired Equivalent Privacy (WEP) protocol that was originally used to encrypt traffic over 802.11 connections. By capturing and analyzing WEP-encrypted traffic, WEPcrack creates a list of keystreams that can be used to decrypt future traffic encrypted with those same keystreams. Once enough traffic is captured, the actual WEP key can be derived, letting the attacker decrypt all future traffic. Some weaknesses leveraged by WEPcrack have since been fixed in most products, increasing the time required to "brute force" crack WEP keys. For better protection, most WLAN products now offer safer alternatives to WEP, like TKIP (WPA) or AES (WPA2). For a primer on WLAN security, read the Wi-Fi Alliance security page.

Some of the other tools and techniques used to attack wireless LANs include denial-of-service tools like AirJack, password dictionary attack tools like Asleap, and rogue wireless access point tools like Airsnarf. You can find literally hundreds of white papers about WLAN Security at the CWNP Learning Center. Many of those papers describe WLAN attack methods and tools (free registration required to view most papers). If you browse around the Internet a bit, you'll easily find several websites dedicated to listing WLAN attack tools and describing what they do.

This was last published in September 2004

Dig Deeper on WLAN Security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.