2

Problem Statment

I am trying to guard against the following scenario.

I have a laptop and it connects over wifi, at home as well as at workplace.

I am not familiar with the wifi protocol.

I however have some understanding on how it may happen - there is some sort of a device-identifier (i am guessing it looks like a mac-address 'AB:01:CD:23'....) and a user-identifer (Alice_and_Bob_Wifi) that is broadcast. I have configured the SSID's in my laptop.

The understanding is as follows -

As soon as my laptop comes within range, it matches (likely the machine identifier), recognizes it and initiates a protocol (wifi-authentication-protocol-version-x.y.z ??) to connect to the wifi router.

To do that it sends out a password.

Wifi verifies the passwords and lets the client (my-laptop) 'in' (establishes a connection).

My question is on the following lines -

a) Are both user-identifier (Alice_and_Bob_Wifi) and device-identifier (AB:01:CD:23) broadcast ?

b) Is there any secret (like ssh-certificate) that is exchanged during the first handshake that would help guard against an evil twin attack ? (by evil twin attack, I am referring to a scenario where a rogue router is also broadcasting the same user-identifier and device-identifer as the legitimate router).

c) When my laptop thinks that the rogue router is the legimate one, it would send out the password to authenticate itself. The rogue router may simply acknowledge it and gain knowledge of the password, is it not (or is only a hash of the password sent, to guard against the actual password being revealed in such cases)?

d) If the actual password is transmitted instead of a hash, then going forward, the hacker who owns the rogue router would now be able to login to the legitimate router and use the network masquerading as that router's owner (this would make wifi inherently secure). Is this the case?

e) Is there any equivalent to TLS handshake that happens during wifi connection handshake such that the transmitted password is over encrypted channel rather than broadcast in clear? (am assuming this is the case but it would help if the same is confirmed).

References

  1. How would you detect an Evil Twin attack, especially in a new environment?
  2. https://searchsecurity.techtarget.com/definition/evil-twin
  3. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/
  4. How to mitigate evil twin WIFI social engineering attack?
  5. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-capturing-wpa-passwords-by-targeting-users-with-fluxion-attack-0176134/
schroeder
  • 123,438
  • 55
  • 284
  • 319
Ravindra HV
  • 181
  • 1
  • 5

0 Answers0