How To Prevent Wireless Attacks
+ (15 Types Of Attacks Explained)

Learn how PurpleSec can help mitigate the latest cyber attacks and improve security ROI.

Authors: Michael Swanagan, CISSP, CISA, CISM / Last updated: 10/18/22

Reviewed By: Rich Selvidge, CISSP, Seth Kimmel, OSCP

View Our: Editorial Process

Wireless attacks can be prevented by Turning off unused networking features, Not broadcasting your SSID, Changing the default password and secure it with a strong password, Encrypting your wireless communication, Filtering the MAC addresses that are allowed to connect to your router. and more.

Types Of Wireless Attacks & How To Prevent Them

A wireless attack involves identifying and examining the connections between all devices connected to the business’s wifi. These devices include laptops, tablets, smartphones, and any other internet of things (IoT) devices.

Common types of wireless attacks include:

1. Data Emanation
2. Jamming
3. Bluetooth Vulnerabilities
4. Near-Field Communication
5. War Driving
6. Evil Twin
7. Deauthentication and Disassociation
8. War Chalking
9. Packet Sniffing and Eavesdropping
10. Replay Attacks (Wireless)
11. WPS Attacks
12. WEP/WPA Attacks
13. IV Attack
14. TKIP Attack
15. WPA2 Attacks

Data Emanation

Data emanation is a form of an attack whereby data is compromised by receiving the analog output from a device and transferring the by-product to another resource. The source of the attack can derive from emanations from the sound of keyboard clicks, light from LEDs, and reflected light.

The electromagnetic field generated by a network cable or device can also be manipulated to eavesdrop on a conversation or to steal data.

You can prevent Data Emanation Attacks by:

• Not placing access points near outside walls.
• Conducting a site survey to identify the coverage area and optimal placement for wireless access points to prevent signals from going beyond identified boundaries.
• Implement a Faraday cage or Faraday shield to mitigate data emanation.
• Encrypting all data transmitted through your access point.
• Using firewalls on each network access point.

Jamming

Jamming is a type of Denial of Service (DoS) attack targeted to wireless networks. The attack happens when RF frequencies interfere with the operation of the wireless network. Normally jamming is not malicious and is caused by the presence of other wireless devices that operate in the same frequency as the wireless network.

Hackers can perform Denial of Service (DoS) jamming attacks by analyzing the spectrum used by wireless networks and then transmitting a powerful signal to interfere with communication on the discovered frequencies.

The main aim of a DoS attack is to direct malicious signals towards the sensor nodes’ communication channels to deplete their resources such as the battery life, bandwidth, and storage in order to prevent transmitted sensor data from reaching its destination, thereby affecting its long-term availability.

You can prevent Jamming Attacks by:

• Implementing steganography.
• Implementing Cryptographic Puzzle Hiding Scheme.
• Implementing Triple DES encryption.
• Installing honeypots.

Bluetooth Vulnerabilities

Several attack methods target Bluetooth devices specifically.

These include:

• Bluejacking Bluetooth attacks – This is the practice of sending unsolicited messages to nearby Bluetooth devices. Bluejacking messages are typically text, but can also be images or sounds. Bluejacking is relatively harmless but does cause some confusion when users start receiving messages.
• Bluesnarfing Bluetooth attacks – Any unauthorized access to or theft of information from a Bluetooth connection is bluesnarfing. A bluesnarfing attack can access information, such as email, contact lists, calendars, and text messages.
• Bluebugging Bluetooth attacks – Bluebugging attacks allow an attacker to take over a mobile phone. Attackers can listen in on phone conversations, enable call forwarding, send messages, and more.

You can prevent Bluetooth Vulnerability Attacks by:

• Enabling the “find my device” service on your phone through a trustworthy entity like Apple or Google so you have a way of using their technologies to find and remotely lock your phone if you lose it.
• Avoiding the use of Bluetooth to communicate sensitive information like passwords.
• Not leaving your Bluetooth in “discoverable” mode when you’re pairing a new peripheral with your phone or laptop.
• Turning Bluetooth off when you’re not using it.

Near-Field Communication

Near Field Communication (NFC) technology allows two devices placed within a few centimeters of each other to exchange data. In order for the technology to work, both devices must be equipped with an NFC chip. This technology is usually embedded in commuter cards, smart cards, and smartphones.

The security attacks and risks that could occur in NFC are due to the physical nature of the NFC sensors and its operating mechanism which uses the insecure communication channel.

NFC communication is susceptible to eavesdropping, ticket cloning, data corruption, data modification, data insertion, and Denial of Service (DoS) attacks.

You can prevent Near Field Communication Attacks by:

• Turning off unused networking features.
• Monitoring NFC updates and patch your device promptly.
• Limiting maximum latency.
• Paying attention to the terminal when making a transaction

War Driving

War Driving is defined as the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computing device. The term War Driving is derived from the 1980s phone hacking method known as war dialing.

War dialing involves dialing all the phone numbers in a given sequence to search for modems. The War Driving gained popularity in 2001, because that time wireless network scanning tools became widely available.

The initial war driving tools included simple software coupled with the WNIC (Wide-area Network Interface Coprocessor).

Recent wireless technology developments enable a network to extend far beyond the parking space of an office building. In some cases, a wireless network has the ability to span several miles.

Now an attacker can stay far away from the building and still catch a strong signal from the network. A good war driving software package is NetStumbler.

You can prevent War Driving Attacks by:

• Not broadcasting your SSID.
• Changing the default factory SSID.
• Changing the default password and secure it with a strong password.
• Encrypting your wireless communication.
• Filtering the MAC addresses that are allowed to connect to your router.

Evil Twin

An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims’ sensitive details. The attack can be performed as a man-in-the-middle (MITM) attack.

The fake Wi-Fi access point is used to eavesdrop on users and steal their login credentials or other sensitive information. Because the hacker owns the equipment being used, the victim will have no idea that the hacker might be intercepting things like bank transactions.

An evil twin access point can also be used in a phishing scam. In this type of attack, victims will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent straight to the hacker. Once the hacker gets them, they might simply disconnect the victim and show that the server is temporarily unavailable.

You can prevent Evil Twin Attacks by:

• Not logging into any accounts on public Wi-Fi.
• Avoiding connecting to Wi-Fi hotspots that say ‘Unsecure,’ even if it has a familiar name.
• Using 2-factor-authentication for all your sensitive accounts. Learn to recognize social engineering attacks, phishing, and spoofed URLs.
• Only visiting HTTPs websites, especially when on open networks.
• Using a VPN whenever you connect to a public hotspot.

Deauthentication & Disassociation

A Deauthentication attack is a type of denial of service attack that targets communication between a user and a Wi-Fi access point.

Deauthentication frames fall under the category of the management frames. When a client wishes to disconnect from the AP, the client sends the deauthentication or disassociation frame. The AP also sends the deauthentication frame in the form of a reply. This is the normal process, but an attacker can take advantage of this process.

The attacker can spoof the MAC address of the victim and send the deauth frame to the AP on behalf of the victim; because of this, the connection to the client is dropped. The aireplay-ng program is the best tool to accomplish a deauth attack.

You can prevent Deauthentication and Disassociation attacks by:

• Ensuring your network is using WPA2 encryption.
• Creating a strong Wi-Fi passphrase.
• By recalling that once you have been disconnected from your network, make sure that you connect back to a WPA2 secure network and not an open one with the same name as yours.
• Changing the default admin account of router that has Wi-Fi enabled.

War Chalking

Warchalking is when someone draws symbols or markings in an area to indicate open Wi-Fi. This type of attack is relatively harmless.

The practice of creating symbols that could demonstrate the open wireless network and they were documented for standardization. So whenever they would come across an open Wi-Fi, they would draw these symbols on nearby walls or pavement or even on the lamps so as to advertise it.

Importance of it was to make other people were aware that open wireless network exists at a particular location for other to use it as well. They would draw specific symbols to state whether there was an open node, closed node or even the encrypted one.

You can prevent Warchalking attacks by:

• Disabling WPS on your wireless router.
• Refraining from doing work related activity on public Wi-Fi.
• Implementing software that detects rogue access points.
• Preventing the broadcast of your SSID.

Packet Sniffing & Eavesdropping

An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device.
The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user.

An eavesdropping attack can be difficult to detect because the network transmissions will appear to be operating normally.

To be successful, an eavesdropping attack requires a weakened connection between a client and a server that the attacker can exploit to reroute network traffic. The attacker installs network monitoring software, the “packet sniffer,” on a computer or a server to intercept data as it is transmitted.

You can prevent Packet Sniffing and Eavesdropping by:

• Using a personal firewall.
• Keeping antivirus software updated.
• Using a virtual private network (VPN).
• Using a strong password and changing it frequently.
• Ensure smartphone is running the most up to date version.

Replay Attacks (Wireless)

A simple, yet effective strategy for wireless DoS is to replay locally overheard data packets. These packets are then carried by other forwarding nodes resulting in increased levels of congestion on a wider scale. There are variations of the attack, where either control or data packets are replayed.

The objective of the attacker is to make the packet to look like a legitimate unit avoiding at the same time detection. The intelligence of such an attack lies in convincing the MAC level recipient(s) of a packet to accept and forward it and, the final destination into believing that this was a legitimately retransmitted packet and that no attack is being launched.

You can prevent Replay Attacks (Wireless) by:

• Placing the access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access.
• Encrypting all data transmitted through your access point.
• Setting the access point to accept only Media Access Control (MAC) addresses.
• Using firewalls on each network access point.
• Disabling the broadcasting of the SSID from all access points.
• Implementing EAP-TLS to use different keys for encryption and broadcast traffic.
• Setting up a RADIUS server and a certificate authority.

WPS Attacks

Wi-Fi Protected Setup (WPS) is a wireless standard that enables simple connectivity to “secure” wireless APs. The problem with WPS is that its implementation of registrar PINs make it easy to connect to wireless and can facilitate attacks on the very WPA/WPA2 pre-shared keys used to lock down the overall system.

The WPS attack is relatively straightforward using an open source tool called Reaver. Reaver works by executing a brute-force attack against the WPS PIN.

You can prevent WPS Attacks by:

• Implementing tools to detect rogue Wireless Access Points (WAPs).
• Disabling WPS.
• Setting up MAC address controls on your Access Points.
• Ensure wireless router is capable of WPS intruder lockout for the WPS PIN.

WEP/WPA Attacks

WEP, or Wired Equivalent Privacy, was implemented in 1995 to provide the same expectation of privacy as on wired networks for users of Wi-Fi but had security problems that came to light shortly afterwards. It was deprecated in 2004, superseded by the WPA and WPA2 encryption that you see today.

The reason for this was a series of increasingly devastating attacks against the encryption used in WEP, resulting in the ability to recover the password in a matter of minutes.

WEP is a stream cipher which relies on never using the same key twice to provide security. Unfortunately, as demonstrated in several published attacks, an attacker is easily able to force the same key to be used twice by replaying network traffic in a way that forces a tremendous amount of packets to be generated.

This allows an attacker to collect the data needed to determine the encryption key and crack the network password outright. With good range and a powerful network adapter, anyone can expect to crack WEP networks in only a few minutes.

Unfortunately, WPA (Wi-Fi Protected Access) is susceptible to password-cracking attacks, especially when the network is using a weak PSK or passphrase.

You can prevent WEP/WPA Attacks by:

• Changing the default SSIDs and passwords.
• Updating the firmware of Wi-Fi-enabled devices, routers, and other hardware as soon as updates are available.
• Enabling the firewall for added security in devices, or using a virtual private network (VPN) especially when remotely accessing assets.
• Raising company awareness on the risks related to unsecure connections and the use of wireless networks at work as well as at home.
• Employing network monitoring to oversee connected devices and web traffic.
• Regularly reviewing device logs and monitoring results for any suspicious activity.
• Using authentication tools, such as two-factor authentication.

IV Attack

An IV attack is also known as an Initialization Vector attack. This is a kind of wireless network attack that can be quite a threat to one’s network. This is because it causes some modifications on the Initialization Vector of a wireless packet that is encrypted during transmission.

After such an attack, the attacker can obtain much information about the plaintext of a single packet and generate another encryption key which he or she can use to decrypt other packets using the same Initialization Vector. With that kind of decryption key, attackers can use it to come up with a decryption table which they and use to decrypt every packet being sent across the network.

You can prevent IV Attacks by:

• Getting rid of the encrypted nonce.
• Initializing a complete block sized 128 bit random value as IV for the packet data encryption.
• Encrypting IV separately as a single block.
• Adding a 16 bit field for the packet length before encrypting the packet.

TKIP Attack

TKIP was introduced in 2003, and amongst other enhancements, including a new per-packet hashing algorithm, the Message Integrity Check (MIC). MIC is based on a weak algorithm, designed to be accommodated on legacy WEP hardware.

TKIP uses MIC for guaranteeing the integrity of an encrypted frame. If more than two MIC failures are observed in a 60 second window, both the Access Point (AP) and client station shut down for 60 seconds. The new TKIP attack uses a mechanism similar to the “chopchop” WEP attack to decode one byte at a time by using multiple replays and observing the response over the air.

When a MIC failure occurs, the attacker can observe the response and waits for 60 seconds to avoid MIC countermeasures. Using the mechanism, the attacker can decode a packet at the rate of one byte per minute. Small packets like ARP frames can typically be decoded in about 15 minutes by leveraging this exploit.

You can prevent TKIP Attacks by:

• Changing the default Admin password on your Access Point.
• Updating the firmware for your Wireless Access Point and drivers for your Wireless Adapter.
• Using the highest level of WEP/WPA (WPA2/802.11i strongly preferred).
• Authenticating wireless users with protocols like 802.1X, RADIUS, EAP (including EAP-PAX, EAP-PSK, EAP-TLS, EAP-TTLS, PEAP, and EAP-SIM).
• Using strong encryption for all applications you use over the wireless network, e.g., use SSH and TLS/HTTPS.
• Encrypting wireless traffic using a VPN (Virtual Private Network), e.g. using IPSEC or other VPN solutions.

WPA2 Attacks

WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it.

Unfortunately, in 2017 an attack method called KRACK (Key Reinstallation AttaCK) was discovered to break WPA2 encryption, allowing a hacker to read information passing between a device and its wireless access point. This technique used a variation of a common – and usually highly detectable – man-in-the-middle attack.

The vulnerability could potentially allow a hacker to spy on your data as well as gain access to unsecured devices sharing the same Wi-Fi network.

In some instances, attackers could also have the ability to manipulate web pages, turning them into fake websites to collect your information or to install malware on your devices.

You can prevent WPA2 Attacks by:

• Ensuring that Wi-Fi-enabled devices are updated as soon as a software update is made available.
• Ensuring wireless router is running up to date firmware.
• Implementing a reputable VPN solution on all mobile and computers before connecting to Wi-Fi.
• Browsing to only HTTPS URLs when surfing the web over Wi-Fi connection.