Today most of us wireless network at home, it's very convenient to get rid of all the cables and we are more mobile with tablets, phones and laptops that we do not want to have cables all the time.
We would lie in bed or on the couch and surfing or watching movies, it has become part of our everyday life
When we order broadband today, we often get a modem with built in router mode with WiFi enabled, and it is extremely easy to connect their devices today.
Wi-Fi has matured
The market and users have matured some, gone are the days when you could find unprotected networks in all the houses and the uncertain WEP authentication will soon be a thing of the past.
For us to get a glimpse of it all, I will take a quick workout of the history behind the crack Wireless Networks, but first some general background knowledge.
To crack Wi-Fi
As we know, all wireless data traffic based on radio waves and they are posted on different frequencies or as it is called in Wi-Fi, channels. All of us, each in a Wi-Fi dense area have had problems with this sometimes, if too many networks broadcast on the same frequency, but today, many access points automatic channel change to find the least congested frequency.
As the technology based on radio waves, anyone with a radio receiver sniffing or "listen" traffic sent there.
We can catch up on all devices via MAC addresses and isolate network via access points or bssid and thus isolate the traffic we want to listen to, or catch up, and this information can be used to read your traffic, and eventually, crack your network.
WEP was probably the first generation of authentication for Wi-Fi and it had a flaw in its encryption that made it relatively easy to obtain your key.
WEP is a relatively short IV (initsierings vector) only 24-bit and it has caught up 2 Each IV, one can then calculate the keyword.
Broadly, the attack an attempt to lead the network to throw out a sufficient number IV to the same IV is used 2 times and then you have a limited number of combinations (24-bitar ger c:a 16 million combinations) , and this was done through the creation of a large number of fake authentications on the access point and save the traffic in a so-called cap file.
This file could later use to calculate the key is pretty simple.
The FBI did a demonstration where they cracked a WEP-protected when the c:a 3 minutes.
The only way to protect themselves was basically to tunnel all of its traffic through SSH or ipsec.
WPA / WPA2
Today WEP almost gone to the grave, and we use almost exclusively WPA or WPA2, which will in 2 various implementations, oh WPA-PSK WPA-802.1x.
wpa-802.1x is designed for corporate environments and is quite difficult to set up, I will be honest I do not think I have ever come in contact with a wpa-802.1x sometime, so I dare not comment on security there.
WPA-PSK, however, the most common authentication today, psk stands for "private shared key".
This is based on a password must be between 8 and 64 characters, and wpa-psk considered safe.
However, it has emerged 2 Each problem and I will list both, I begin with the most vulnerable part.
Wps som står för ”Wi-Fi Protected Setup” togs fram 2007 to simplify for home users to connect their wireless devices, these methods is to connect via button, connect with pin code or by physical close contact.
According to the standards, all routers that support WPS also support connection via pin code and it is this that is vulnerable.
Pin code is 8 digit of which the last is a check digit calculated from the other 7 figures. This gives 10 ⁷ combinations = 10 000 000 pieces.
However, the code is verified with 4 character at, which simplifies the whole considerably.
The first part (first 4 figures) ger 10 ⁴ = 10.000 opportunities, and the other 10 ³ = 1.000 (remember that the last digit is just a check digit) and this gives 11.000 combinations, something that a computer can test in a few hours.
Some manufacturers have taken this to heart and built in some safety features, such as automatic shutdown pin code after a certain number of attempts within a certain time.
On the other routers can not even disable the pin code and the network is completely open to attack.
A lockdown or shutdown the service can deter the most clumsy attacks, but an experienced systemknäckare always do their homework before and find out which router he is working against and seeking information on what obstacles he might face on the road.
Throughout fiddling with pauses between attacks and the number of seconds you have to wait between the router stopped responding, you can prevent the system from going into deadlock.
A seasoned cracker can easily find out what brand your router is through its unique hardware address, or MAC - addresses to devices.
Brute force against the password
This technique requires a password list and we have passwords between 8 to 64 characters gives us a great many combinations and a good password can take a calculator several years to crack.
The uncertainty here lies in a seemingly safe password is extremely easy guess for a password generator and that most of us are too lazy or lack the knowledge to create your own password, without using the preconfigured that comes with the router we get from our ISP (which in itself already has the vulnerability with WPS enabled by default).
The password we get from our ISP tends to be on 8 character and alphanumeric characters, lowercase and from English alphabet, which which should provide 26+10 signs 8 "Bits" which gives 36 ⁸ combinations.
For those who make their own passwords so they tend to often be ordinary dictionary words like "summer" or personal, the name of the dog, cats, boat yes usual things that often appear early in most password lists.
Further, you mix upper and lowercase letters, we have today a great tool that brings out variations on the words we enter in the password list so that "SoMMarEn123" will be generated in any case.
Then we have those who try with regular exchanges of characters, ”13374Ax0R” (leetHAXOR) and I can promise that even these early generated by the tools available today.
Hur is a brute force till the WPA/WPA2?
First, you should know that this is often the last resort to get into as it can take much longer than a WPS attack.
The technique is simple and done in a few simple steps.
First, we listen to the traffic and looking for a suitable victim, ie a router with a strong signal.
We insulate our eavesdropping on this router (via MAC adress or bssid) and look for the clients that are connected to this router.
The next step is to capture a "handshake" that occurs during authentication, this handshake is used to encrypt the password and is necessary if we are to attack the router.
We can either wait for a client to connect to or, impatient as you are so you force a client to emit an authentication, ie, they send or inject a signal that disconnects the client, which then automatically connects again, whereby we can catch up "handshake" and begin our attack. This happens so quickly that the client / user / victim did not have a chance to see that this happens.
Develop a strong password list, There are many mediocre on the Internet, then you just have to put together, run through password generators to produce variations, then clear the list on slush (Duplicate, password of fewer than 8 or more characters than 64 characters) and then it's ready to go the next step.
Before creating their list, it may be helpful to know a little about his victims.
Former. If the victim has the good taste to switch away from the password to it by its supplier, as iofs is unusual, it is smart to find out what language they speak, pet? Barn? Make/maka? Their names? Then add to the most likely terms early in the list, all this goes fairly quickly if you're familiar with the command line and its utilities in * NIX systems.
Here, you can go several ways, depending on the situation.
If you can not have a unit near his victim can förkryptera keys in a very powerful calculator and then just get back to their pre-encrypted password response then only takes a few minutes to go through 1000 's password.
If you sit near his victim can test their response while it decodes.
Some prefer to pay someone sitting on a giant supercomputer and powerful password lists to calculate the final answer, after they sent in the handshake.
IN ANY CASE, Do you have a weak password it's cracked in a few weeks.
These are not the right attack types
There are other techniques to get in, some of which is to manipulate users through call or to trick them passwords through simulating an error, as t.ex onda twin (evil twin) where you lure a user on a “false” Web page that tricks them the password on wi fi.
I komer not go further into details, but google and you will find
How to protect yourself?
We shall discuss a bit about how to protect themselves, but before I have to dispel a few myths that I run into every now and then.
Read some tips that are published online, and yes found one article written by binero 2012 that addresses the most common myths that I new thought to dispel the. (obs, read their article first if you do not understand what I'm referring to)
Use encryption (they aim at wpa / 2 over wep)
This I am prepared to agree, However, use wep today rarely, and will almost never preconfigured on new routers.
Make your network invisible
Here, they are aimed at hiding their bssid.
This just makes it harder for users to connect, a systemknäckare will find you anyway and isolate you from your MAC address.
Restrict access to your MAC address
They aim at that one can restrict via hardware address who can connect to the network.
This discouraged, however, only the newest amateurs, one can s.k spoof their mac address, ie, you can mask or change their hardware address to one that has access to the network, once you are inside, it is a simple matter to get into the router and add their own hardware (However spoofat with a fictional address) the list of permitted clients.
Turn on your firewall
This is a good tip, However, it does not protect against someone who wants to crack your router.
To Binero defense I can say that the article has a year old, and that it can protect against a lazy beginner, but a beginner with a little patience and who can think a little self and read instructions will overcome these barriers in a few hours.
(Note that I only took Binero entry to the single most common myths on the same page, Netfirms will probably do a good job at what they must do, to administer and provide web servers.)
So.. What to Do?
Disable pin / WPS
To begin with, you will disable the PIN on WPS, and one can not completely disable WPS.
On some routers may use a different name, but there is functionality to connect with a button / pin / or bringing the unit near.
Can not disable so look for an official firmware update for your router.
If this does not work then there are open source firmware.. but this I recommend only advanced users, and these have probably not even read this article
Turn off DHCP and use static IP addresses / apartment subn
This may hinder some of the invader, then once they have entered, they must guess which subnet to use.
The downside to this is that all your devices must be assigned an address before, and also the client must be configured.
Get a Good Password
In humor series http://xkcd.com/936/ they also take up this issue and there is a great deal of truth in this.
The Dock, you should have a secure password that is easy to remember so throw in a couple of special characters and digits, but still easy to remember.
matpåburk // not ok
MatPåBurk // more
MatPåBurk??? // even better
4Mat!På5Burk?? // Good and easy to remember
Remember that a good systemknäckare takes the most probable password combinations are first on their list in order to hit the target as quickly as possible so no passwords that are based on real words is really secure, so compromise is to find something that you can remember but that is not based on real words or names, then you throw in a few numbers and special characters, which you can remember them.
Look up some nonsense words as you can remember, throw in a few numbers and a special character, this increases the buckling time with several years!
Please come with suggestions in the comments on how to develop secure passwords.
Never give your password to a web page that says you have to authenticate whether due to dropped connectivity, Even if you do not come out online.