Security of 802.11 networks - WiPhishing

OData support
Supervisor:
Gódor Győző
Department of Networked Systems and Services

The main advantage of mobile communication is obviously that the users can reach the same necessary data as being part of a stationary wired network. The de facto standard for wireless communication is the 802.11 protocol, which subsequently was given numerous supplementary functions in relation to the physical layer, media access control, speed and security. In the last few years the 802.11 equipment has gone from being high-priced and rare to being an everyday tool used in people’s daily life. The dark side of 802.11 networks has always been the security. Nowadays almost everyone can set up such a network, however to make a system safe it requires some attention and skills. In my thesis I dissect the security problems while I try to provide insight into the background of the operation of wireless networks. In addition I present possible attack methodologies against different architectures. With my thesis I would like to draw attention to the 802.11 station, which can become the primary target of the attacks as the networks become more and more secure. The clients’ main problem is active scanning, which may allow successful attack against the stations. I have developed an application, which is useful for the vulnerability assessment of wireless clients and can provide the station’s desired security parameters for connecting to a certain network. The WiPhishing is a client-side attack, during which the attacker can obtain confidential data stored in the station, or can reveal the wireless network password stored in the device without having an access point. The open networks, hotspots can create a serious security risk to clients if they are stored, in addition to the well-known dangers. I show that a single connection which is stored may be sufficient to allow the attacker to get into a direct, network-level connection with the victim through his wireless network adapter, unconsciously and unintentionally.

Downloads

Please sign in to download the files of this thesis.