Wireless Penetration Testing | Wireless Security
Since the inception of WiFi in 1999, wireless networks have been plagued with a history of security vulnerabilities and common misconfigurations that have allowed hackers to gain full access to corporate networks. The main obstable for security is that of the shared media - the air around us. In traditional wired networks, an attacker would have to be physically inside a building to mount an attack on the network. Furthermore, wired networks often have access controls that can prevent network traffic from being accessible to eavesdroppers on the same network. In wireless networks however, network transmissions can be 'sniffed' out of the air, often from long distances using powerful antennae. This means that the critical stages of connecting to the wireless network can be intercepted and this opens up opportunities for several types of attack.
Reaction's wireless network security consultants are experts at identifying security vulnerabilities in wireless networks and helping clients to protect their wireless systems from cyber-attack and reduce their risk of compromise.
An estimated 25% of the wireless networks in the UK have no encryption enabled and anonymous users are free to join the network and access other devices on the network. Hackers are known to exploit this fact by driving around cities or other built-up areas capturing wireless signals and looking for open wifi networks or wifi networks with weak security in a process known as wardriving. Often the traffic is logged and GPS signals are used to capture the locations of the networks with security weaknesses for future reference.
Even when encryption is enabled, design vulnerabilities exist in several common wireless protocols which could allow an attacker to break the network encryption key or decrypt network traffic in a matter of minutes. Vulnerabilities have also been identified with the implementations of wireless client drivers and the way that wireless clients remember wireless network connections which can be exploited using evil twin attacks.
Wireless Security Case Study - TJX
In 2007, TJX (a company that owns T.K. Maxx, Marshalls, HomeGoods and A.J. Wright) admitted that hackers had been stealing data via wireless networks for at least 18 months before they were discovered. The attackers had obtained access by cracking the wireless network security key in two retail facilities in Miami. The attackers stole information including over 45 million credit and debit card details. Analysts have estimated the cost of the breach to be over $8.6 billion in fines, legal costs and brand reputational damage.
The real truth is that wireless networks were being exploited long before this very public case and still remain a threat to many organisations today. Being aware of the risks and implementing secure protocols and clients is the key to safeguarding your network assets.
Reaction can help to ensure that your wireless installations are secure from attack. Please get in touch for more details.