hands-on with wifi security v2 - owasp · wifi overview authentication and encryption attacks...

Report

Post on 14-Jul-2020

3 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Hands-onwith wifi securityOWASPGöteborgSecurity Tapas

2015-10-20AndersRosdahl

#whoami

Avarage security enthusiastNobleedingedge research,nowall of fames,nocve'sActually,this isme...

@rosdahl

Agenda

Wifi overview

Authentication andencryption

Attacks

Defence

Demo/lab

Wifi overview

Accesspointscontinuouslysendbeacons toannouncethemselvesClients continouslyprobe foraccesspointsAuthenticationAssociation

Bands,channels andfrequencies

802.11 Releaseyear Frequency(GHz)

Maxdatatransferrate(Mbit/s)

Bandwidth(MHz)

a 1999 5/(3.7) 54 20

b 1999 2.4 11 22

g 2003 2.4 54 20

n 2009 2.4/572/150

(perMIMOstream)

20/40

ac 2013 596/200/433/866(perMIMOstream)

20/40/80/160

there’s more...

Wireless Modes

Each wireless device/inteface can beinone of thefollowingmodes.Definitionsvary.

Station– also referred toasClientmodeorManaged modeMaster– also referred toasAccessPointorInfrastructuremodeAdhoc– formesh wifi networksMonitor – also referred toasRFMON(RadioFrequencyMONitor).Usedtosilently listentowifi traffic.Aninterfaceinthis modecan capturetraffic without connecting toany network.

Notallcombinationof wifi cards/drivers/OSsupportallmodes..

Authentication andencryption

• BasedontheRC4streamcipher,whichiseffectivelybrokenWEP

• WPA – intermediatesolutionwhilewaitingforWPA2,whichwouldfixallthatwasbrokenwithWEP.Designedbycrytographers.

• PSKorasymmetrickeypairs/certificates• TKIP-RC4(WPA)/CCMP-AES(WPA2)

WPA/WPA2

• ProvidesWPA/WPA2passwordtoclientrequiringonlyaPINcode• Twomodes:• Push-Button-Connect• 4/8digitPINcode

WPS

Attacks

WPA/WPA21. Deauthenticate connected client(s)with traffic injection2. Capture re-authenticationhandshake3. Offline word-listorrule-based brute forceattackonrecorded handshake

WPSBrute forceWPSPIN.In2012several deficiencies inWPSwere disclosed.E.g.onlymax11kvs10Mtries isneeded since APacks/nacks first 4digits.WPSbackoff/timeouttimeoutpreventsbruteforcing.Was notubiquitous 2012.

WEPRC4...Offline brute forceattacksimilar toWPAabove

Defence – hotsecurity tipsforhotspots

Use longandstrongWPA2passwords!Disable WPSonyour routerDon’t useWEP– obviously...Use VPNwhen connected topublicaccesspoints – anyone canlistenBecareful about auto-connectfeaturesof devices toavoidconnecting torougeaccesspoints

Demo/lab

Alfacards forloan!

top related

owasp broken web applications (owasp bwa): beyond 1.0
Documents
ng-owasp: owasp top 10 for angularjs applications
Software
owasp belgium chapter meeting - brussels - 8 may 2006 - 1...
Documents
the owasp foundation owasp top 10 2010 kuai hinojosa...
Documents
the owasp foundation owasp xml external entity attacks (xxe)
Documents
owasp top-10 2013 tobias gondrom (owasp project leader)
Documents
proactive web application defenses. jim manico @manicode –...
Documents
application security awareness - owasp foundation ·...
Documents
802 - arubawifi 802.11ax wifi pc . wifi 1a: wifi alliance 19...
Documents
owasp belux 2007-05-10 owasp update · 2020-06-13 · owasp...
Documents
owasp day - owasp day - lets secure!
Internet
owasp testing guide - owasp summit 2011
Documents
owasp cornucopia€¦ · owasp netherlands 13th march 2013...
Documents
what is owasp owasp live cd live demo
Documents
the owasp foundation owasp chennai 2007 phishing
Documents
the owasp foundation owasp global update seba deleersnyder...
Documents
the owasp foundation owasp automatic vs. manual code...
Documents
owasp (membership) and new owasp projects · owasp 7 owasp
Documents
owasp top 10 - owasp pune chapter - january 2008
Technology
owasp belux 2008-03-04 owasp update · 2020-05-18 · owasp...
Documents