Wireless Security Testing

Wireless Penetration Testing | Wireless Security

Since the inception of WiFi in 1999, wireless networks have been plagued with a history of security vulnerabilities and common misconfigurations that have allowed hackers to gain full access to corporate networks. The main obstacle for security is that of the shared media - the air around us. In traditional wired networks, an attacker would have to be physically inside a building to mount an attack on the network. Furthermore, wired networks often have access controls that can prevent network traffic from being accessible to eavesdroppers on the same network. In wireless networks however, network transmissions can be "sniffed" out of the air, often from long distances using powerful antennas. This means that the critical stages of connecting to the wireless network can be intercepted and this opens up opportunities for several types of attack.

Reaction's wireless network security consultants are experts at identifying security vulnerabilities in wireless networks and helping clients to protect their wireless systems from cyber-attack and reduce their risk of compromise.

An estimated 25% of the wireless networks in the US have no encryption enabled and anonymous users are free to join the network and access other devices on the network. Hackers are known to exploit this fact by driving around cities or other built-up areas capturing wireless signals and looking for open wifi networks or wifi networks with weak security in a process known as wardriving. Often the traffic is logged and GPS signals are used to capture the locations of the networks with security weaknesses for future reference.

Even when encryption is enabled, design vulnerabilities exist in several common wireless protocols which could allow an attacker to break the network encrption key or decrypt network traffic in a matter of minutes. Vulnerabilities have also been identified with the implementations of wireless client drivers and the way that wireless clients remember wireless network connections which can be exploited using an evil twin attack.