WiFi or Welcome hackers!

Vulnerable networks

Most of the local Internet/Telephone/TV service providers offer a router and other media devices to customers. The security of the network is beared on the shoulders of the consumer. In most cases the consumer does not even know how to change the name of the wireless access point.

How it works?

Routers that act as wireless access points work mostly in 2.4 GHz range and are protected with a key. The key encryption is usually WPA,WPA-PSK , sometimes WEP. At the first glance it may seem that everything is fine and the network is protected with good key  aprox. 8 symbols, consisting of letters (mostly uppercase) and numbers. 

 About a hour and a half

At the first glance it may seems very robust and safe, but the problems only begin from here. False confidence of security is provided by the wireless access point key and "why me? i am not important" mindset. WEP key encryption is rare due to lack of protection. WEP encrypted key does not even have to be brute-forced. Some script kiddie could just listen to the traffic transmission and when he has required amount of the packets just compose the key from the repeated pattern. 

WPS can be easily exploited and also brute-forced by hackers in blink on older router models and up to few days depending on what router the target has.

WPA and WPA-PSK have no exploits. The only way to obtain the wireless access point key is to brute-force it. For the first part they deauthenticate the user from the wireless access point , forcing the user to resend the encrypted key. Hackers repeat it for 2 to 3 times , to make sure that the packet contains the key . For the second part they take the packet and brute-force the key out of it. People say , i have difficult password , but in most cases in example "Starman" uses Cisco router, where default password consists of 9 digits and can be cracked wit GTX 10th card within aprox. 1 hour and 30 mins.

Countermeasures

"The biggest security risk is always located between the keyboard and the chair“ - an IT maxim.

People who are not engaged in IT sphere does not bother about they privacy in the WEB. Education of the user is the best countermeasure for preventing security breaches, stealing personal data and other security issues. Even if you say clearly , that default password is bad and insecure, you have to explain why it is so.

Comments

Post a Comment

Popular posts from this blog

 Arch Linux VS Pop_OS When comparing Arch Linux vs Pop!_OS, the Slant community recommends Arch Linux for most people. In the question“What are the best Linux distributions for desktops?” Arch Linux is ranked 1st while Pop!_OS is ranked 29th. The most important reason people chose Arch Linux is: " Arch's goal of simplicity means there's usually one preferred way to get things done - through organized and well documented configuration files. This focus, combined with the community's recognition that configuration files can be intimidating, has resulted in excellent documentation that's accessible to newcomers, and very instructive about how Linux actually works. The documentation is often so thorough that, when searching for solutions to problems while using other distributions, such as with video card drivers, oftentimes you'll find the most effective solution in the [Arch Linux wiki](https://wiki.archlinux.org/) or on the forums." Pros of Arch L
Read more
  Open Source Copyleft Licenses Both copyleft and permissive licenses allow developers to copy, modify, and redistribute code (derivative or otherwise) freely. The most important difference between the two, however, lies in how each approaches copyright privileges. While permissive licenses allow developers to include their own copyright statements, copyleft licenses provide no such privilege. Instead, copyleft license rules require all derivative works to be subject to the original license. This means that developers cannot make patent or copyright claims on the original software. Public domain This is the most permissive type of software license. When software is in the public domain, anyone can modify and use the software without any restrictions. Important to mention that a code that has not been licensed or code snippets on the internet are not automatically in public domain license. Public domain is a true representation of free/open .When copyright expires, copyright r
Read more
 Don't abuse your power Knowledge is power and in case of human relations wielding sensitive knowledge can be very powerful. What is online blackmail? ‘Online blackmail’ is the act of threatening to share information about an individual (including images or video) to the public, their friends or family online, unless a demand is met. Online blackmail can take place in any online service, website or app. Blackmailers may be more likely to make threats on private messaging services where images and videos can be shared. However, they may threaten to share information or images in more public social media services - such as their favourite social media platform. Threats of defamation Defamation is the main tool of black mailers. Victims of black mailers are threated by defamation. Typically black mailer relies on victims ignorance on law and the fear of defamation.   Extortion Extortion and black mail are tightly bonded toghether. Acquired sensitive data by the black mailer
Read more