WEP/WPA2 WiFi Password Security & Exploiting IP Based Surveillance Cameras By Basiru Mohammed Rajkumar Ramadhin Alexander Martin
Introduction • With growing advancement in the "Internet of Things" we must take a look at the security of networks and their associated devices and determine the threats associated with this rapidly growing field of technology. • Surveillance cameras, baby monitors, household appliances, and other network devices are all connected through wireless networks. As these devices grow in popularity, so too does the threat they pose to privacy and security. • Hardening the security of networks and IOT devices is vital in ensuring the safe use of these convenient and helpful appliances.
Basic Password Definitions • Encryption- Scrambling information so that only someone with a corresponding key (cipher) can decrypt that information. The intent of Encryption is to protect data with the intent to later decrypt that data. • Hashing- Uses an algorithm to map data of any size to a fixed length known as a hash value. Different than encryption in that it is not meant to be decrypted and there is no cipher. Each hash value is unique. • Salting- Typically unique to password hashing. Salting adds extra data to the known data before it is hashed. This adds an extra layer of complexity from brute force decryption.
Salting
Increasing total Password Size and Character Types used makes a more secure password Total characters in alphabet = 26 characters • Every character makes it 26x stronger EX: a-z _ _ _ _ = 26 4 = 456,976 password possibilities • EX2: a-z _ _ _ _ _ = 26 5 = 11,881,376 password possibilities • Capital and Lower Cases = 52 characters • Combination of Upper and Lower case letters EX: _ _ _ _ of upper and lowers = 52 4 combination = 7,311,616 • Add Special Characters and Numbers (!@#$ etc.) = 75 characters • EX: _ _ _ _ of Numbers, Upper and Lower Letters, and Special Characters = 75^4 = 31,640,625
Different Ways to Attack Passwords • Password Guessing – Default passwords, common passwords, Sports teams, Cars. Sometimes will require research on user background. • Shoulder Surfing - Watching Password Input from behind user. • Social Engineering - Ask or demand employee to reveal password. Often attacker will pose as a technician or authority to pressure user into giving password. • Dictionary Attack - Attacker uses every word in dictionary in sequence to crack password. • Brute Force Attack – Attacker uses every letter/character in sequence to eventually crack password. • Reverse Engineer Password Hashes – Intercepting password hashes between system and server using a sniffer. Hash is reverse engineered to reveal password using precomputation. • Precomputation (rainbow table) – Uses a rainbow table – A rainbow table is a table of common passwords with their hash equivalent. Very time consuming to generate a rainbow table. Simply compare the target hash to your table of hashes to figure out password. Defeated by salting which adds additional hash info and defeats ability to match that information together.
What we want to accomplish • Research the encryption methods used in WEP and WPA2 • Distinguish what makes WPA2 more secured than WEP • Attempt to crack the password of WEP • Possible tool: Kali Linux Airmon-NG and AirCrack to crack the password • Attempt to crack the password of WPA2 • Possible tool : Kali Linux Airmon-NG and AirCrack to crack the password • Implement these attacks in a real world situation • Set up a test environment with WEP then WPA2 • Tools: IP camera and ALFA card(?)
What is WEP? • Wired Equivalent Privacy – meant to provide the security of wired LAN • Introduced in 1997, implemented as 1999 •Uses RC4 algorithm •Started with a 40 -bit long key with 24-bit initialization vector •Other failed attempts to fix WEP includes WEP2 and WEP+
What is WPA2? • Introduced in 2004 • Full implementation of 802.11i • Substituted WPA-TKIP with WPA2-AES • Backward compatibility with WPA • Utilizes AES-CCMP • Advanced Encryption Standard – Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
Pros and Cons of WPA2 • Not susceptible to the attacks of WEP • Becomes vulnerable due to backward compatibility • Vulnerability to Man-In-The-Middle attacks • Vulnerable to KRACK attack due to affected 802.11i standard
Goals of project • Our group will attempt to demonstrate four different exploits • 1. The cracking of WEP WiFi password protection. • 2. The cracking of WPA2 WiFi password protection. • 3. Performing a de-authentication attack to "kick" a device off of a desired network, thus disabling it. • 4. Demonstrating the importance in updating a IP based surveillance camera default username and password.
What we plan to do? • 1. Set up a test environment with WEP and WPA2 password protected wireless routers. • 2. Crack WEP security using Wifite, or Kali Linux tool suite AirCrack. • 3. Crack WPA2 security using Kali Linux tool suite AirCrack and perhaps using Hashcat for dictionary list attack. • 4. Attempt a de-authentication attack taking a device offline using a bash script.
Dropkick.sh
Cracking WPA using Aircrack suite of tools
1. Putting network adapter into "Monitor" mode.
Verify monitor mode using iwconfig command
2.Use airodump to begin monitoring for wifi networks and clients in vicinity.
3. Copy target networks bssid and begin capturing packets using airodump.
4. Begin Deauthentication attack to force new 4 way handshake
5. Cracking password using aircrack
Password cracked!
Cracking WPA using Wifite automated attack tool
Links to videos of attacks w/ narration • Link to Aircrack WPA attack • Aircrack Attack • Link to Wifite WPA attack • Wifite Attack
Citations • 1. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ • 2. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-hunting-down-cracking-wep-networks- 0183712/ • 3. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-passwords-using-new- pmkid-hashcat-attack-0189379/ • 4. https://hackernoon.com/forcing-a-device-to-disconnect-from-wifi-using-a-deauthentication- attack-f664b9940142 • 5. https://www.tomsguide.com/us/cheap-security-cameras-poor-passwords,news-27495.html • 6. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ • 7. https://julianoliver.com/output/log_2015-12-18_14-39 • 8. https://tools.kali.org/wireless-attacks/wifite • 9. http://www.ivanescobar.com/wep%20vs%20wpa.pdf
Recommend
More recommend
