Upload File

hands-on with wifi security v2 - owasp · wifi overview authentication and encryption attacks...

  • Home
  • Documents
  • Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves
10
Hands-on with wifi security OWASP Göteborg Security Tapas 2015-10-20 Anders Rosdahl

Upload: others

Post on 14-Jul-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Hands-onwith wifi securityOWASPGöteborgSecurity Tapas

2015-10-20AndersRosdahl

Page 2: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

#whoami

Avarage security enthusiastNobleedingedge research,nowall of fames,nocve'sActually,this isme...

@rosdahl

Page 3: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Agenda

Wifi overview

Authentication andencryption

Attacks

Defence

Demo/lab

Page 4: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Wifi overview

Accesspointscontinuouslysendbeacons toannouncethemselvesClients continouslyprobe foraccesspointsAuthenticationAssociation

Page 5: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Bands,channels andfrequencies

802.11 Releaseyear Frequency(GHz)

Maxdatatransferrate(Mbit/s)

Bandwidth(MHz)

a 1999 5/(3.7) 54 20

b 1999 2.4 11 22

g 2003 2.4 54 20

n 2009 2.4/572/150

(perMIMOstream)

20/40

ac 2013 596/200/433/866(perMIMOstream)

20/40/80/160

there’s more...

Page 6: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Wireless Modes

Each wireless device/inteface can beinone of thefollowingmodes.Definitionsvary.

Station– also referred toasClientmodeorManaged modeMaster– also referred toasAccessPointorInfrastructuremodeAdhoc– formesh wifi networksMonitor – also referred toasRFMON(RadioFrequencyMONitor).Usedtosilently listentowifi traffic.Aninterfaceinthis modecan capturetraffic without connecting toany network.

Notallcombinationof wifi cards/drivers/OSsupportallmodes..

Page 7: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Authentication andencryption

• BasedontheRC4streamcipher,whichiseffectivelybrokenWEP

• WPA – intermediatesolutionwhilewaitingforWPA2,whichwouldfixallthatwasbrokenwithWEP.Designedbycrytographers.

• PSKorasymmetrickeypairs/certificates• TKIP-RC4(WPA)/CCMP-AES(WPA2)

WPA/WPA2

• ProvidesWPA/WPA2passwordtoclientrequiringonlyaPINcode• Twomodes:• Push-Button-Connect• 4/8digitPINcode

WPS

Page 8: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Attacks

WPA/WPA21. Deauthenticate connected client(s)with traffic injection2. Capture re-authenticationhandshake3. Offline word-listorrule-based brute forceattackonrecorded handshake

WPSBrute forceWPSPIN.In2012several deficiencies inWPSwere disclosed.E.g.onlymax11kvs10Mtries isneeded since APacks/nacks first 4digits.WPSbackoff/timeouttimeoutpreventsbruteforcing.Was notubiquitous 2012.

WEPRC4...Offline brute forceattacksimilar toWPAabove

Page 9: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Defence – hotsecurity tipsforhotspots

Use longandstrongWPA2passwords!Disable WPSonyour routerDon’t useWEP– obviously...Use VPNwhen connected topublicaccesspoints – anyone canlistenBecareful about auto-connectfeaturesof devices toavoidconnecting torougeaccesspoints

Page 10: Hands-on with wifi security v2 - OWASP · Wifi overview Authentication and encryption Attacks Defence Demo / lab. Wifioverview Access points continuously send beaconsto announce themselves

Demo/lab

Alfacards forloan!


OWASP Education OWASP Global Summit Portugal 2011

The OWASP Foundation OWASP Summit 2011 ¿A donde vamos…?

What is OWASP OWASP Live CD Live Demo

The OWASP Foundation OWASP Cross-site Request Forgery (CSRF)

OWASP 2013 APPSEC USA Talk - OWASP ZAP

OWASP OTG-configuration (OWASP Thailand chapter november 2015)

OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt

Review OWASP 2014 - OWASP Perú

The OWASP Foundation OWASP Chennai 2007 Phishing

802 - ArubaWiFi 802.11ax WiFi PC . WiFi 1a: WiFi Alliance 19 2018 , WiFi 50% . 1b: WiFi 180 WiFi 80 WiFi , 30 WiFi WiFi IEEE(Institute of . LTE , WiFi Alliance WiFi . WiFi . 2014 2:

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member

ng-owasp: OWASP Top 10 for AngularJS Applications

OWASP Testing Guide - OWASP Summit 2011

The OWASP Foundation OWASP Belgium Chapter OWASP Update Sebastien Deleersnyder Foundation Board, Zenitel Belgium [email protected]

OWASP Day - OWASP Day - Lets secure!

Application Security Awareness - OWASP Foundation · 2020-01-17 · Short Description Promote OWASP projects, events, education material and OWASP mission. Related Projects OWASP

The OWASP Foundation OWASP Cross Site Scripting (XSS) Exploits

OWASP The OWASP Foundation

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit

OWASP Joomla! Vulnerability Scanner - OWASP-MY

OWASP Top-10 2013 Tobias Gondrom (OWASP Project Leader)

OWASP BeLux 2008-03-04 OWASP Update · 2020-05-18 · OWASP 5 Program for this evening:

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

The OWASP Foundation OWASP Technology and Business Risk Management

Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid

OWASP Cornucopia€¦ · OWASP Netherlands 13th March 2013 OWASP Cornucopia Ecommerce Website Edition ... Guide Colin Watson Watson Hall Ltd London, United Kingdom . 2 OWASP Cornucopia

OWASP Cornucopia Ecommerce Website Edition · Web viewAuthentication Cheat Sheet OWASP SCP 47, 52 OWASP ASVS 2.12, 8.4, 8.10 OWASP AppSensor UT1 CAPEC-SAFECode 28 OWASP Cornucopia

Owasp Top 10 - Owasp Pune Chapter - January 2008

Owasp tools - OWASP Serbia

The OWASP Foundation OWASP Busting Frame Busting

OWASP BeLux 2007-05-10 OWASP Update · 2020-06-13 · OWASP 5 Program for this evening: