WiFi Audits

Often considered secure and robust, WiFi networks or implementations can have weaknesses inherent to the wireless world.

Despite this, attacks on the WiFi networks are not simple to implement because they often require cards capable of injecting frames, which is a necessary prerequisite for WiFi attacks and most PCs do not have this capability. As part of its security audit work, Synetis has set up a dedicated methodology to audit a WiFi network. The latter includes a Black Box approach as well as a Gray Box approach. For black box tests, the methodology consists in mapping the surrounding WiFi networks in order to detect the presence of possible hidden networks. An analysis of authentication methods is also carried out. By passive listening, the auditor verifies or denies various authentication weaknesses, analyzes EAP response/identity exchanges with the aim of finding information of particular interest. Lastly, the implementation of a malicious WiFi access point (Rogue AP) enables the verification of different control points such as authentication methods, the identity of the Radius server, etc. With Gray Box, the auditor verifies network access control (by MAC address for example) as well as the network partitioning. Another focus point is to check the administration interface(s) of the access point and whether they can be reached on the current network / VLAN. Finally, WiFi-open-guests often have a captive web portal. The auditor then tries to bypass the identification. Indeed, captive portals are often equipped with fixed size “slots” allowing X simultaneous connections. For example, by automating numerous connections to the WiFi guest with MAC addresses generated on the fly, the slots can become saturated, causing a denial-of-service of the guest access point.
Build your
Cybersecurity
with Synetis!