With the ever-increasing requirement for having online access all the time, users are more often connecting to public WiFi networks or hotspots than before, such as in an airport, hotel or public place. Wifi networks are becoming more popular and powerful and devices can easily connect to them, but they do pose a high security risk.

Once a smartphone, laptop of other device is connected to a public network, hackers can very easily intercept a user’s online activity and even gain access to the device itself.

Users are particularly prone on open or public WiFi networks, however a hacker can, using simple brute forcing techniques force their way onto a private WiFi network, armed only with a laptop or a basic tablet device running the correct software and with the knowhow.

How does a hacker gain access to a wifi network, even if its secure?

Each WiFi network irrespective wither its public or private broadcasts its identity, a hacker can scan all networks within range and see which ones are Open, and those that are using weak Encryption and Ciphers, that are easily exploitable as seen in the image below.

Scanning for open wifi networks

Wifi encryption works on a number of different security protocols for example, WEP, WPS, WPA & WPA2 with WPA2 being the current highest standard protocol. Everything between the device and the wireless router is encrypted, but everyone on the same network can easily decode everyone else’s traffic!  

Once a hacker targets their intentions towards a network that is not already open, they can use basic brute force tools to gain access to that network. They can authenticate themselves using fake authentication techniques on the edge of the network waiting for another device to make a legitimate connection request or handshake with the network that they then intercept and then use as part of their brute forcing methods. They can even nudge users offline for a few milliseconds in order to make them re-connect and capture that handshake. A user wouldn’t even notice any drop in their connection if this were to happen.

You can see below an example of how a hacker can intercept the WiFi handshake and keys.

A hacker detects a wifi handshake during a brute force attach

Within a relatively short period of time, they will crack the password and then gain access to the network.

Once a hacker has made their way onto the wifi network they can use a Protocol Analyser Tool to scan a network in very great detail to see what’s happening. They can capture all traffic in real time, packet by packet and look out for user credentials such as passwords and other sensitive information.

You can see in the image below an example of a packet or frame of data captures using a protocol analyser tool, within the packet you can clearly see the user name and password.   In this case the user was accessing a website that was not using the https secure protocol.  (A hacker can further use https stripping attacks to decrypt https traffic as well)

When connecting to a Public WiFi network its best to consider your own personal online security, bearing in mind once you are connected you are exposed. At the very least consider using a VPN Service.   If you search online you can find a VPN Service that suits your needs.

When using your own secure WiFi network, consider checking what encryption protocol its using and implementing other security measures such as turning off weak protocols, adding mac address filters and settings.  Its advisable to use official sources when looking for help securing your network.

To learn more about keeping safe online, sign up to our OSINT course.