From Paul's Security Weekly
Secure Digital Life #39
Recorded on October 31, 2017 at G-Unit Studios in Rhode Island!
What Does WiFi Encryption Actually Mean?
- How do signals go between your device and WIFI?
- RF -- Radio Frequency
- All of this is defined in 802.11
- Various 802.11 subparts (a-n) use various frequencies in the 2.4 - 5GHz
- Frequences can HOP or be static
- A WAP is used to listen for connects
- You must have a WIFI NIC installed
- What is an SSID?
- Service Set Identifier
- Talk about SSID Spoofing
- What is a channel?
- These are different sub frequencies which are available to lower interference
- Does it have a MAC address?
- Yep, a layer 2 address is required
- So, why is there a problem?
- The bits are sent "in the clear"
- Anyone with a listening device can "snort"/"snarf" the packets using wireshark and airsnort.scmoo.com
- Remember, this can be illegal
- All these signals can be seen
- So, when you connect to a wifi wap that has no encryption, all traffic can be intercepted easily
- Does this mean my password may be grabbed?
- Yes, also any information you are sending and receiving
- But what about HTTPS?'
- Well if the data is encrypted then they will only grab encrypted information.
- So, what to do?
- If the wifi is using encryptionusually a password indicates
- Your data in the air is encrypted
- Use a VPN on ALL WIFI, all the time
- How can I tell?
- Use the properties on the connection to see if a type of encryption is in use
- What types of encryption is there?
- WEP: Wired Equivalent Privacy
- Uses NONE, 64, or 128 bit encryption (RC4)
- May use a single shared key "bobscoffee"
- 'WPA2: WIFI Protected Access'
- 256 bit shared key
- CCMP with AES
- How does WPA2 work?
- Each packet is encrypted with a separate key
- Can you break the passwords?
- Yes, aircrack suite and the SSID can be used to crack it
- What other security problems exist?
- Hole 196 is a man in the middle can be used to usurp your connection and act like you
- Foreward Secrecy Attack
- Get the preshared key
- Decrypt all the packets
- Basically you can "learn" the pattern of the keys by "resetting the nonce" until you match the encryption
- That will let you learn the full chain of keys
- A nonce is a random number used to seed the keys
- This is a flaw in the nonce of some systems where the same seed key is used in the hardware.
- So, what to do?
- USE A VPN!