Ready to Start Your Career?
July 13, 2019
Mobile Deauthentication Attacks
July 13, 2019
TL;DR: Deauthentication attacks have been around for a long time, and new techniques for altering wireless network connections have developed around new technologies. Mobile apps with working de-authentication protocols are easily accessible on the marketplace, and more devices and systems rely on internet connections to function. This section explores de-authentication attacks, their context in new technologies, and best practices for preventing de-authentication attacks.Deauthentication is a time-tested technique used by hackers and cybersecurity professionals to alter or disable wireless connections on a network. The ultimate goal of the attack is to remove users from a network and prevent any further connections, rendering the access point unusable. A de-authentication attack can be described as a DDoS (Distributed Denial of Service) attack. New wireless networks and internet-enabled devices have changed the landscape of de-authentication attacks. More methods and applications of de-authentication have developed, but the basic principle remains the same. This section will explore the inner workings of a de-authentication attack, the application of the attack through mobile devices, and methods for preventing de-authentication attacks.The attack begins with securing the MAC addresses of connected users on the wireless networks. The Wi-Fi protocol is designed to handle deauthentication frames, these are formal instructions for disconnecting a device, or station, from the network. The attacker spoofs their MAC address with the target’s MAC addresses and sends a de-authentication frame to the access point. The access point reads the de-authentication frame and disconnects the targeted user. This can be instantaneous and automated. For example, an attacker could disconnect all users from a nearby network and prevent any new users from connecting. Alternatively, an attacker could configure their de-authentication software to disable all networks within range of the device.Mobile devices present new opportunities and challenges for de-authentication attacks. Mobile software such as Wi-PWN and DeAutherDroid for Android are designed to carry out de-authentication attacks on networks within range. The final result of de-authentication can be likened to phone or radio jamming, but it is a far more complex process that differs distinctly from wireless jamming. Many systems rely on a continuous connection to the internet. Deauthentication attacks can disable these systems completely including public and private organizations that rely on the internet, events that rely on wireless connections, internet-enabled security systems, and server farms. Consider all systems and daily functions that rely on an internet connection, giving you an idea of an attacker’s targets for de-authentication attacks. Smartphones and other mobile devices can be hidden discreetly while silently running a de-authentication protocol.How can deauthentication attacks be prevented? In a practical sense, it is very difficult to prevent anyone from sending de-authentication packets on your network. The best defense is to use reliable encryption on your wireless access point. Public, unencrypted access points such as free Wi-Fi hotspots, are most vulnerable to de-authentication attacks and other malicious activity. A WPA-2 secured wireless access point with a strong password is a solid defense against de-authentication attacks. A de-authentication attack may just be one part of a larger, more complicated attack. For example, an attacker may set up an “evil twin” access point and de-authentication the target, forcing their device to connect to the attacker’s access point. In conclusion, the best defense against these types of attacks is a strong password with WPA-2 encryption.Deauthentication attacks are one part of a toolkit used by hackers and cybersecurity professionals. Being able to quickly and covertly disconnect a user from a wireless network is valuable for hackers, in fact de-authentication attacks are the most common method of doing this. There are other methods for disconnecting users from wireless networks, such as ARP spoofing, with these attacks designed with the same purpose in mind. This type of attack was once relegated to specialized tools and advanced hacking techniques, but mobile devices and mobile networking applications have made these attacks simple, widespread, and accessible. The best method for protecting against de-authentication attacks is to prevent unauthorized connections with good encryption and a strong password.