Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

Wi-Fi Penetration Testing

  • Home
  • Wi-Fi Penetration Testing

Wi-Fi Penetration Testing

wifi

Wi-Fi is a preferred way for attackers to infiltrate into an organization’s internal network and gain control to your most invaluable assets. Penetration testing can help identify weaknesses in the wireless infrastructure.

Our penetration tests specific to Wi-Fi networks identifies those components related to the wireless infrastructure, whether they are hidden or not, as well as the security mechanisms that are applied and all the vulnerabilities and misconfigurations.
Our approach is to perform an analysis of the radio spectrum allocated to Wi-Fi networks, using special, high-gain equipment to locate AccessPoints. Following this analysis, we identify all the active wireless networks along with their configuration particularities, especially especially hunting the vulnerabilities and the insecure configuration that can allow the attackers to obtain remote access.
The next step is to exploit the identified vulnerabilities and probe their real impact on the organization’s assets.

Wireless penetration testing generally includes:

Identifying Wi-Fi networks, including wireless fingerprinting, signal coverage
Identifying configuration weaknesses, such as encryption misconfiguration, weak passwords, traffic sniffing
Determining the efficiency of Wi-Fi networks isolation from the internal business network
Execute specific attacks like deploying fake access points (evil-twin) and steal credentials from unsuspecting legitimate users

Is A Wireless Network Penetration Test Right For You?

If you are the owner of a Wi-Fi network, you should ask yourself:

Have you identified all your access points within your perimeter? How about rogue access points or user’s brought Wi-Fi routers?
Do you know how far from your premises your Wi-Fi network could be transmitting?
Is it possible that your IT department could misconfigure one or more of the AccessPoints?
If a hacker will manage to connect to your Wi-Fi network, do you know how far will be able to go inside your internal network?
Is the security configuration of your Access Points correctly enabled?
Are there any security controls that you could add to your Wi-Fi network to make it more secure?

The wireless infrastructure testing will be done in several phases:

Pre-engagement
we will work with the client to establish the rules of engagement as well as the scope and exchange contact information for both parties.
Information Gathering
Our approach first maps the accessible networks by finding responsive or alive access points by the usage of directional antennas. Once this list has been determined and approved by the client, targets (AP) are selected for attack. Clear-text transmissions can be sniffed and reassembled to discover useful information.
Attack Execution
During this process, we will execute several attacks, either bypassing or cracking security mechanisms in order to gain full access to the wireless access point. Some of these attacks can include: Man in the Middle – Perform an attack that routes all communications through our machine and then to the access point without user knowledge. Brute Force – Attack passwords utilizing a rainbow table database. Session Hijacking – Performing a Denial of Service attack on a client and steal his session allows access to the network and bypasses encryption standards. Mass De-Authentication – Performing a mass de-authentication of all associated clients forces re-association and transmission of usernames and passwords. As wireless infrastructures become more secure, attackers now are focusing their attention to wireless clients. To test if these attacks will be successful against your organization, SafeByte attempts a number of client-side attacks against the wireless configuration service used by your organization. If your network is using WPA or WPA2 Enterprise authentication, we will perform tests against the 802.1X supplicant. These tests will determine if the supplicant is properly configured. During the supplicant attacks, our team members will attempt to capture and crack the credentials used to access networks using Enterprise Authentication. Once unrestricted access has been gained, an assessment is performed on what networks the access point is connected through and explore the expoitation opportunities for a hacker. Another aspect in securing wireless networks is related to separating the traffic allowed through these networks from the rest of the network traffic inside the company and limiting access to most internal IT resources. Depending on the purpose of the penetration test and the specifics of the beneficiary’s infrastructure, our experts can test how your Wi-Fi network is separated from the business IT network, in accordance with the internal security policy.
Reporting
As part of the deliverable, we provide a report which contains a short, graphical summary aimed at senior management, a narrative body which details major findings, and a detailed findings section aimed at technical staff. Additionally, SafeByte will provide a report presentation call and a high-level executive presentation to summarize the penetration test; as well as provide an opportunity to ask questions about the engagement.

Wi-Fi Penetration Testing – The Benefits

Have a thorough understanding on the real risks your Wi-Fi networks brings to your organization
Detect default Wi-Fi routers
Identify rogue or open access points
Identify Wi-Fi misconfigurations
Strengthen your Wi-Fi security by having a prioritized list of risks mitigation