Kali Linux Wash is a tool to find WPS enabled routers in your area. A lot of routers support Wifi Protected Setup (WPS) and it’s likely enabled by default by your internet service provider or by the router manufacturer. Like UPnP, it is an insecure feature that makes your wireless network more vulnerable to certain attacks. Pixie dust vulnerable routers with WPS turned on for example, can be cracked in a matter of seconds. Make sure to disable it in your router settings to avoid attacks like these. In this tutorial we’re going to use Kali Linux Wash to scan for WPS enabled networks in the area. Wash can also be used to determine whether an access point is locked or not. A lot of routers tend to lock WPS when the PIN is being brute forced with a tool like Reaver, usually after 5 or 6 attempts. Unlocking WPS has to be done manually in the administrator interface of the router.
Windows 10 has a new feature called Wi-Fi Sense that will share your Wifi password automatically with your contacts (Outlook, Skype and Facebook). This way your friends and family do not have to manually enter a password to use your wireless network. If you chose the Express installation of Windows 10, the Wi-Fi Sense feature is turned on by default. Assuming you do not want to share your wireless network with every Outlook, Skype and Facebook contacts, it is suggested to turn off Wi-Fi Sense and avoid potential (future) security and privacy issues.
By Jean-Michel Picod, Jonathan-Christofer Demay, Arnaud Lebrun
The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.). The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed. In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.
In this new hacking tutorial we will be Piping Crunch with Aircrack-ng so we can get rid of the constantly increasing dictionary files used to retrieve WiFi passwords from cap files. When we pipe the output from Crunch with Aircrack-ng the data will be fed directly into Aircrack-ng instead of a text file. Aircrack-ng will be using the input from Crunch for brute forcing the password. This method will safe us a lot of time and valuable drive space since effective wordlists for brute forcing purposes tend to grow very fast in a short time.
By Don Parker
I think we all agree that having the option of wireless connectivity is great. It certainly helps to have it in a corporate setting as well. The freedom to roam about the office with your laptop helps worker efficiency, and is simply nice to have at home as well. No longer are we constrained by cables and such. Heck, I remember having a 100 foot length of CAT-5 in my home that I used to connect my laptop to my router. That was a pain in the butt believe me.
By Scott Christie
Wardriving requires a computer system with the proper tools installed and a WiFi receiver. Locating Wi-Fi access points has evolved from lugging large computers around in cars, to wardriving apps on smartphones such as WiGLE Wi-Fi Service for Android devices (WiGLE, 2013). However, power and configurability are sometimes lost with the increase of portability and smaller size. With the configurability of a laptop, and the portability of smartphone, the Raspberry Pi platform is a powerful wireless sniffing device in a small package (Upton, Halfacree, 2012).
By Dan Virgillito
Acceptable Use Policies (AUPs) are an essential component to all organizations, companies, and other establishments offering Internet or Intranet access. According to network security provider GFI, an Acceptable Use Policy should successfully define which network systems the policy covers; explicitly prohibit illicit behavior, distribution, and communications; establish privacy guidelines; and provide a clear description of the risks associated with noncompliance. Private Internet AUPs include corporations setting the standards for their employees, educational institutions enforcing appropriate behavior among students, and governmental organizations ensuring security and confidentiality. A public Acceptable Use Policy template, however, offers a unique set of challenges due to the open and accessible nature of public Internet, such as open-access WiFi Networks.
By Don Parker
In Part I of this article series on WiFi security we looked at a couple of settings as seen via the web interface of your wireless router. The proper configuration of your wireless router is crucial to the security of your WiFi network. The absolutely worst thing that you could do is simply plug it in and start surfing the Internet wireless style. You would be wide open to having your network connection hijacked by someone of malicious intent. This is why it is so important to take the time to properly configure your wireless router. Well on that note let’s pick up where we left off in Part I. We can see in the screenshot below that we are now at the “Wireless” section.
By X -CIO
Got a smart thermostat? That may not be a good thing. At DEF CON earlier this month, hackers demonstrated how incredibly easy it is to hack a WiFi thermostat, taking advantage of heating, ventilation, and cooling systems in return for ransom. No longer a hypothetical “what if,” someone with the knowledge could quite literally break into these systems and melt or freeze the occupants until a ransom is paid to obtain a PIN to unlock it. If your thermostat runs a modified version of Linux, has a large LCD screen, and also an SD card, you’re up. The various hacks are pretty brutal — consider this: your heater set to 99 degrees until you pay up. Or — even worse, blasting heat and cold air at the same time so that you “bleed money for the utility bill” until you give them what they want so that they give up (but will they?).
By Anthony Gerkis
This paper will summarize the technologies and challenges related to wireless mesh networks. With the latest technologies in wireless LAN with WPA and 802.11i, enterprise deployments have finally begun to embrace wireless access networks. Wireless LAN technology has often been approached cautiously in enterprise deployments, partly due to well-known and easily exploitable attacks on early 802.11 security technology and partly due to the lack of physical control of the access medium (e.g., the often cited “equivalent of Ethernet in the parking lot” concern). Often the past several years, early adoption of some 802.11i security features by the WiFi Alliance in the WiFi Protected Access (WPA) interoperability forums, as well as the standardization of the 802.11i security amendment, has greatly improved the authentication, encryption and integrity security capabilities.