Wireless Hacking


Wireless Hacking


The popularity in Wireless technology is driven by two major factors: Convenience and Cost. A 
Wireless Local Area Network (WLAN) allows workers to access Digital Resources without being 
locked to their desks. Mobile users can connect to a Local Area Network (LAN) through a 
Wireless (radio) connection. 



Basic Terminologies in Wireless connection 
• Access Point: Device which is transmitting the Wireless Network. 
• SSID: Name of the Wireless Connection. It is also known as the ESSID. 
• BSSID: MAC Address of the Wireless Device Access Point. 
• Channel: Frequency of the Wireless Network. 
• Power: Strength of the Wireless Network Signals 
Wireless Security Overview  
• Two methods exist for authenticating wireless LAN clients to an access point: Open 
system or Shared key authentication.  
• Open system does not provide any security mechanisms but is simply a request to make a 
connection to the network.  
• Shared key authentication has the wireless client hash a string of challenge text with the 
WEP key to authenticate to the network. 

War Driving  
• War Driving is detecting the Wireless Networks and checking out their properties. 
• WAR Driving is of two types: 
o Active War Driving 
o Passive War Driving 


Active War Driving  
• Active War Driving is detecting the Wireless Networks whose SSIDs are broadcasted or 
the Wireless Networks which are shown to all the Wireless Adapters. 
• It can be done through any Wireless Card. 
Passive War Driving  
• Passive War Driving is detecting the Wireless Networks whose SSIDs are not 
Broadcasted or the Hidden Wireless Networks. 
• The Wireless card should support the Monitor Mode. 



WEP Key Cracking 
 • Wired Equivalent Privacy (WEP) was the first security option for 802.11 WLANs. WEP 
is used to encrypt data on the WLAN and can optionally be paired with shared key 
authentication to authenticate WLAN clients. WEP uses an RC4 64-bit or 128-bit 
encryption key. 
• The process by which RC4 uses IVs is the real weakness of WEP: It allows a hacker to 
crack the WEP key. 
Applying the Wireless Security 

Hide the Wireless Network: Do not broadcast the SSID of the Wireless Network. This will 
help you in protecting your Wireless being invisible to the people who do not know about 
Passive War Driving. 
Use a WEP Key: You can use the WEP Key protection on your Wireless Network to protect 
your Wireless Network Connection. Although this is not the ultimate security measure but will help you a lot against

the Script Kiddies who do not know how to break into the WEP 
WPA: Wi-Fi Protected Access: WPA employs the Temporal Key Integrity Protocol (TKIP)—
which is a safer RC4 implementation—for data encryption and either WPA Personal or WPA 
Enterprise for authentication.  
WPA Enterprise is a more secure robust security option but relies on the creation and more 
complex setup of a RADIUS server. TKIP rotates the data encryption key to prevent the 
vulnerabilities of WEP and, consequently, cracking attacks. 
Mac Filtering: An early security solution in WLAN technology used MAC address filters: A 
network administrator entered a list of valid MAC addresses for the systems allowed to associate 
with the Wireless Access Point. 
Choosing the Best Key: Always use a long WPA Key with lower as well as upper case letters 
including numbers and special characters. 
A Sample Key: 12345@abcde&FGHI