Want to hear a funny joke? Your WiFi network is secure.

A little background information first. I'v been "professionally" fixing computers and generally working in IT since 2005, but my passion for cyber security in particular started around 2011 when I read about a new way to breach WPA2 protected networks with a free little piece of software called "Reaver". I knew the previous form of encryption (WEP) had been cracked wide open years earlier, but assuming a strong password was used, WPA/WPA2 was supposed to be virtually impenetrable.

The problem with passwords

Without a strong password, it doesn't matter how good the encryption is if your password is literally "password". A strong password should use at least 12-14 characters, no words, and some random symbols thrown in to really mix it up. Because passwords like that are virtually impossible to remember, people end up using weaker ones like phone numbers. In order to help fix this problem, the people in charge of things like that (the Wi-Fi Alliance) came up with a brilliant solution. In 2006 they introduced a new protocol called WPS that allowed people to use passwords as long or complex as they wanted without actually having to remember the password.

WPS enters the scene

In the simplest terms, WPS lets you push a button on your router when connecting a new device, and for a few seconds it broadcasts a passcode that your device grabs and uses to access the actual WiFi password. It was a great idea in theory, but they messed up the execution. The WPS passcode stored inside the router is made up of an 8 digit number, so there's a mere 100 thousand possibilities, and to make things worse, that 8 digit passcode is checked one half at a time. That means cracking it only requires guessing two groups of 4 numbers with a relatively minuscule 50 thousand possibilities each. This potential crack was realized with a brute force hack called "Reaver".

Game changer

When I read about this I was blown away. Someone actually found a hole in the WPA2 armor. Even if a network was secured with long complex password, it didn't matter. A chain is only as strong as the weakest link, and WPS was a link made from cardboard. I downloaded Reaver, tried it against my own router, and just under 3 hours later it had discovered my WiFi password. How was this possible? How was a mistake like that overlooked? Do people realize how dangerous this is? If somebody can just access your network, they can snoop on all your activity, grab your passwords, and if they do anything illegal while using your internet connection, that activity falls on you until you can prove it wasn't. I decided that night I wanted to be on the side defending people from exploits like this. I didn't have the technical knowledge at the time to actually design better systems, but I wanted to at least learn enough to inform others of the dangers and how to protect themselves. As easy as WPS was to exploit, it was even easier to fix with some basic changes to your routers settings. People just needed to be informed.

Reaver was just the beginning

Since then, the WiFi exploits have come a long way. WPA/WPA2 handshake capturing/cracking, improved versions of Reaver, Pixie, NULL PIN, Bully, Evil Twin, Hashcat, WiFite, Airgeddon, DoS, PMKID, etc... They've even found some critical issues with the newest WiFi security standard, WPA3, before it's been deployed in most routers. Even if you have a router that isn't susceptible to the traditional Reaver exploit, most WiFi extenders and many routers being sold right now are susceptible to an even scarier WPS attack known as Pixie that can grab your password in about 5 seconds.

Social engineering

Lets say you took security seriously when buying your router and you even paid to have it properly setup. Assuming the tech who set it up is up to date on every WiFi exploit (the vast majority aren't unless they specialize in cyber security) and they plugged all the holes, the most frightening attack in my opinion utilizes something called "social engineering". You can have the best security money can buy, but if the user is tricked into simply giving their password away, none of it matters. Social engineering is actually the form of attack responsible for a lot of the major database breaches you've read about recently, including the infamous Sony Pictures hack. Social engineering attacks like phishing are the boogie monsters that keep system admins and security professionals awake at night because the best defense is education, and it doesn't matter how good their system is unless the users are willing to take that education seriously and learn how to stay protected.

Lets go phishing, leave the worms at home

Some of you might be thinking to yourselves, "I'm not an idiot. Nobody could trick me into giving my passwords away". That's pretty close to what my neighbor said when I told them I wanted to test a new social engineering attack on their WiFi network. I don't blame him though, when most people think of phishing emails, hilariously bad examples of far away princes with large sums of money to give away if they only had your routing number written in bad English come to mind.

After waiting a couple weeks until their defenses dropped, I initiated something called an "Evil Twin with captive portal" attack while sitting in my car a couple houses up the street. This is where you create an "Evil Twin" network with the same name, MAC address and channel as the network you're attacking, kick all their devices off the real network by utilizing another weakness in WPA/WPA2, and setup a captive portal trap. Captive portals are those pages that automatically pop up when you connect to many public/hotel WiFI networks that ask you to agree to some terms before allowing you to proceed. The captive portal I setup was a page that looked like it was coming from the real router with a message that it needed to update, but couldn't do so until the WiFi password was entered. Most people know that keeping their software up to date is one of the best ways to keep themselves safe from new attacks and bugs, and this takes advantage of that fact. It's the "engineering" part of this social engineering attack. With his actual WiFi router now disabled, he unknowingly connected to my doppelgänger "Evil" network, the captive portal automatically popped up, and a few seconds later his password appeared on my screen. When I called and explained to him what he had just done, he couldn't believe it.

It's scary because it doesn't matter how good the victims security is. Social engineering attacks bypass all of that and "hack" the human being, not the computer or mobile device.

But nobody is coming after me

"I'm sure all of this is possible, but what are the chances someone capable of performing an attack like that is living next door or coming after my network?" You might be saying to yourself, and I wouldn't blame you for thinking that considering how "hacking" is typically portrayed on TV or in movies. If these attacks required complex technical abilities and/or expensive equipment, the vast majority of people wouldn't be at any real risk. In reality, anyone with a computer or smartphone and 5 minutes to watch a tutorial on YouTube can perform them. They require virtually zero technical skills because all the complicated stuff is done automatically by free software like WiFite, Airgeddon, Fern, Wifiphisher, Fluxion, Etc.

You don't need to become a Luddite

The typical response after people learn about all of these exploits and attacks is something like "That's it. I'm moving to the woods and never using my phone again." Luckily for everyone, you don't need to do anything that extreme to stay protected. You just need to take some basic precautions and stay informed.

An ounce of prevention is worth a pound of cure

Those basic precautions are as simple as having someone trained in cyber security check your system, then staying up to date on new threats and exploits. It just so happens we offer both services! We offer a full security audit, and all My Computer Help customers can take advantage of our helpful monthly security update newsletter filled with everything you need to know to stay secure. We also offer a comprehensive monthly maintenance plan for those who want the peace of mind in knowing their devices are always kept at their best and most secure by someone professionally trained in IT and cyber security.