Is Your WiFi Network Secure?

A Few Simple Steps Can Help Protect You and Your Family

WiFi networks have come a long way in the past decade. 802.11g wireless networks are obsolete, and 802.11ac networks have already surpassed 802.11n. Our routers can handle more devices and higher speeds than ever.

More and more people have home wireless networks today than ever before. Unfortunately, many of these people have no idea what settings are correct for their routers, or they just leave it up to the installation tech. This is a bad idea. Until recently, Internet service providers set up their customer’s WiFi networks using their home phone numbers as the security key. If you wanted free internet, all you had to do was look them up in the phone book. This fact alone is reason enough to take matters into your own hands, even if they have made changes to their setup procedures.

The most important thing to remember about wireless network security is that your password is the only thing stopping someone from intercepting or manipulating your data. In this article, I’m going to walk through how a hacker might go about finding a WiFi password using a brute force wordlist attack. Then I will illustrate how they could use this to do bad things.

These tools are readily available online for anyone to download. Using these programs, it becomes relatively easy to compromise the security of any network with a weak password.

“So what if they can use my WiFi! I don’t use it all the time, and I probably wouldn’t even notice if anybody else was using it anyway!”

If you want to share your WiFi, set up your guest network. Most routers will include a separate guest network that can be activated in the settings. The system is structured to isolate the guest clients and prevent them from communicating with the rest of your network.

Anyone can learn to use these simple tools to compromise your insecure WiFi password

Humans are Bad at Creating Passwords

We are about as good at coming up with secure passwords as Donald Trump is good at maintaining healthy diplomatic relations with foreign countries. Some of the worst passwords of all time include:

qwerty

loveyou

123456789

123123

123456

Secure passwords, on the other hand, are best when generated randomly by a computer. Below, I have created a link that will create a solid random eight character password you can use for your wireless network. This should be fine for our purposes.

These ease of the attacks I’m going to talk about demonstrate the need for all of us to take home network security seriously. There’s even a massive wordlist called “rockyou.txt” available on the Internet, and it contains over ten million unique passwords hacked from all sorts of different websites. It has a total unzipped size of around 130MB! The file is so big; when I tried to open it with Windows Notepad, it crashed the program!

Hacking a Wifi Password

Imagine I’m a hacker. I would start by booting up an operating system known as “Kali Linux” off of a USB thumb drive. Kali Linux is a Linux distribution that is made specifically for penetration testing, also known as “ethical hacking.” It used to be called Backtrack a long time ago, but there were a lot of things that didn’t work the greatest in Backtrack, so the entire project was redone from the top down under the name Kali Linux.

Kali is based on Debian, a well known and widespread Linux distribution with a vast repository of software available. It contains a well-stocked library full of useful tools for testing digital security robustness within organizations, as well as home networks and local machines if one so desires.

Note: This is not meant to be a comprehensive guide, and there are a few things I left out for readability purposes. The primary purpose of this article is to educate people about the risks of insecure passwords on their home Wifi networks. Hacking a network that is not yours is illegal. Don’t be an idiot.

Once Kali boots up, the first thing I would do is open a console window and run a few commands:

airmon-ng check kill

airmon-ng start wlan0

airodump-ng wlan0mon

These commands put my wireless card into monitor mode, which is a special mode that turns my wifi card into a sponge, soaking up all the wireless data packets it can. The airodump-ng command will then dump every wireless network it sees to my console window in real time as it hops from channel to channel, along with some information like what channel the network is on, the MAC address of the network card, and if there are any clients connected to the router. Now I need to look for my target network, stop the program from running with ctl+c, and then start another capture. But this time I specify the MAC address of the router, the channel, and the name of the capture file I want the program to dump the information to:

Airodump-ng — bssid {MAC address} — channel {channel of network} -w {name of capture file} wlan0mon

This time I made sure to save the capture to a file. This data is necessary to crack the password because when it is done, it will contain a valid handshake between a legitimate network client as it talks to the router and establishes a connection.

Unfortunately, if there are no clients already connected to the target network, there’s not too much we can do but wait for a client. Yawn. I make some ramen noodles and let it run until I get back.

You may be wondering why they need to be connected to their network. They need to be connected to get them to reauthenticate by kicking them off of the network for a brief moment. All we need to do is inject de-authentication packets into the network, and we will see the client disconnect. This is the command I use to do that:

Aireplay-ng -0 4 -a {mac address of router} -c {mac address of client} wlan0mon

What happens then? The same thing that your phone would do if you turn your WiFi off and back on again, it reconnects! Once it does, we will see a message at the top of the capture window that says “WPA Handshake AA:BB:FF:AA:BB:CC.” Once a hacker has your WPA handshake, that is all they need to hack your encryption key. Well, that, and a wordlist with your password in it.

Aircrack-ng

This program was initially used for cracking WEP(wired equivalent privacy)networks, but it also works for running brute-force dictionary attacks against WPA handshake captures.

WEP is the predecessor of WPA, but there were many flaws discovered that rendered WEP completely vulnerable to attack. You could crack a WEP key in about five to ten minutes. This was not very secure at all.

Regardless, I still see WEP networks from time to time in random places. If I know who it is, I will usually try and contact them somehow and let them know they should either change the name of their network to “Hackers Welcome” or change the encryption to WPA.

Once the message confirming the handshake shows up, I hit ctrl+c and type

aircrack-ng -w /usr/share/wordlists/rockyou.txt /root/home/dumpfile.cap

And we see this:

Aircrack-ng Wifi Cracking Program

Now, depending on how fast the computer is, this can take anywhere from a few hours to as little as 20 or 30 minutes or so. If successful, we see this:

I simplified it all somewhat, but that’s pretty much all there is to it.

How Wireless Network Security Works

Encryption works by running data through a bunch of really complicated math functions called algorithms, changing the data into a completely unintelligible and otherwise useless set of data. These algorithms are designed so the data can only be reconstructed by the receiver if the other end holds the correct digital “keys” to “decrypt” the data. When a wireless client connects to an access point or router, a “handshake” is established between the two nodes. Each handshake is unique and contains data agreed upon by both the access point and the client. Each client generates its handshake, but for the data to be successfully decrypted, it still needs the private key. Therefore, if an attacker happens to intercept the handshake passively, we apparently have an enormous problem.

“But, aren’t most websites encrypted end to end, resulting in encrypted data being encrypted a second time once it reaches my network?”

Yes, this is true. Most sites these days use SSL(https), which provides very good end to end security. Unfortunately, some very clever people figured out that if you do a little bit of spoofing and ARP poisoning, it was very easy to fool the other devices on the network and redirect all of the SSL authentications to them instead of you. This is called a man-in-the-middle attack.

Man-in-the-middle attacks can cause you to think you are safe when in reality they are intercepting every single website you visit and silently storing the information you think you are sending privately.

Don’t Ever Use Your Phone Number For Your Wifi Password!

I mentioned this earlier, but using a phone number for your Internet password is a huge mistake that was common 10 to 15 years ago, and some people might even still using the same password they have had since their internet was first set up if they still have old network equipment.

Luckily, in the last five years or so, significant upgrades to bandwidth and technology meant that the old 802.11g and 802.11n networks were not fast enough to reliably and consistently handle the demanding speeds and low latency required by our increasingly sophisticated devices. Many people are upgrading their routers to deal with the increased need for performance.

When I saw the new routers the cable company was handing out had preset passwords, I was impressed. An example would be something like “franticseagull487” or “carefulmoose372.” Not the safest passwords in the world but still a million times better than using your phone number! (Keep your eye out for my upcoming article on this I’m working on. My goal is to see if those passwords can be cracked by generating a custom word list.) In any case, passwords should not have any logical pattern or make any sense at all. The more random they are, the less chance they could be compromised.

Accessing Your Wireless Internet Settings

Don’t worry. You got this. You have a modem, and you also have a router. Your router might be built-in to the modem, or it might be separate. The easiest way to access your router settings is to open your windows command prompt and type “ipconfig.” It should print a few lines. One of these is your “default gateway.” On a Mac, just go to system preferences. Then open the network icon, click advanced in the lower right corner, and click the TCP/IP tab at the top of the window. It should say “Router” a little way down.

That IP address is what we will use to access your router settings. It will probably be something like “192.168.1.1” or “172.16.1.1”. Occasionally it will be “192.168.0.1, or “192.168.1.254”, or something very similar. Most of the time it will be “192.168.1.1”.

You can also access more specific instructions online for your equipment if you are having trouble. If you got your modem/router directly from your ISP, then their website should have information on how to access the administrator settings. Sometimes the login information is located on the bottom of the router. Often, it is just “admin” for both the username and the password. I have also seen “admin” for the username with no password. Or “admin” and “password.” Many Netgear routers use the latter.

Once you log in, the page will be set up differently depending on who manufactured the equipment. You want to find the wireless settings. This should be easy to find. For the network encryption, you want to make sure you select WPA2-AES, and not mixed or WPA-TKIP. WPA2-AES is the standard now.

At this time you can also set a new password using the link I provided above. You can then write it down and put it somewhere convenient for your family and friends to access. Don’t forget to click save changes when you are done. After that, the router may reboot. This is normal.

I would also recommend power cycling your router about once every couple weeks or so, depending on how it runs. Sometimes routers act wonky and need a fresh reboot. This is highly dependent on the firmware. Some are better than others.