Today we are going to be discussing hacking your home Wi-Fi in 3 steps. When you think of hackers what do you imagine? (apart from the pulled up hoodies or Guy Fawkes masks)
You probably imagine a team of rogue tech geniuses typing furiously at their high-end computers. All of them pumped up on energy drinks, working hard to create new strategies to breach your home, bank account, or Wi-Fi. Covering their tracks with the latest AI’s, dodging FBI scans, etc.
What if I told you that is not what hackers do?
The Modern Hacking Process
What if I told you most modern hackers just leave a cheap $60 pc running overnight? And as they sleep soundly, the computer automatically attacks all the networks it can.
What if I told you the software running on their cheap pc is not only free but easy to use?
The only similarities between the movie hackers and their real-life counterparts are the fact that they both use computers.
Hacking is not only easier than you see on TV, but it is also a lot safer for the hacker. Besides, the modern hacking process also provides very high rewards for comparatively little effort.
For example, you scan one million IP addresses in an hour, you only need to hit one with a vulnerability to get paid.
Now, before we explain the Wi-Fi hacking process, it is valuable for you to at least understand how Wi-Fi works (at a high level).
How does Wi-Fi work? (A simple analogy)
The average person thinks with Wi-Fi, you shoot a beam of the internet directly from your device to the router and it shoots one back to you. This understanding is false. The way it actually works is, the router sends your info to every device in the range of it’s Wi-Fi signal. It is then up to the devices to decode that info signal. It is more accurate to think of it as someone shouting.
“Think of it like someone shouting”
Imagine this scenario, there are three people in a room, person-A, person-B, person-C. These people can only communicate by shouting at everyone else. How would person-A speak directly to person-C? As you already know, they can’t (for now anyway).
It is not possible to shout at one person without another person in earshot hearing what was said. This case is an example of a passwordless Wi-Fi network, devices shouting at each other with every other device able to hear.
To be fair, modern wireless devices are not like this. So let us upgrade our analogy a little bit.
Imagine everyone in the room could only shout at one another, however, they could shout code words. In this case could person-A speak directly to person-C? Yes, at least if we define direct communication as one where the participants are the only ones to understand what is being said.
If person-A told person-C the meaning of the code words, we would have direct communication.
But here comes a problem. How does person-A tell person-C the meaning of the code words without person-B hearing? Remember they can only shout at one another and everyone else is in earshot.
This is quite a dilemma. Here’s how it is currently solved.
The 4-way Handshake
The point of this process is for two devices, the wireless router, and another device, to be able to verify that each of them knows one other without needing to disclose any secret keys over the network.
The process is outlined below:
- The wireless router sends a random number to the device trying to connect.
- The device sends its random number with an integrity code back to the wireless router.
- The wireless router verifies the device’s message by checking the data received in step 2. It then sends it’s own integrity code and a decryption key to the device.
- The device receives verifies the data sent in step 3 and with the decryption key in hand, it tells the wireless router everything is all good.
Remember this process as we are going to be taking advantage of it during our Wi-Fi hack. Before that, let’s outline the goals of the attack we are going to be showing you.
Wi-Fi Attack Goals
We are going to be exploring a basic Wi-Fi attack. The goal of this attack is to be able to intercept all the data meant for other devices.
Example: If someone is browsing their mobile phone on the network, we should be able to intercept all the data they send and receive. This is all without them knowing we are spying.
Now that you understand what we are trying to do, let’s get into hacking your home’s Wi-Fi.
Hacking your home Wi-Fi in 3 steps
Forced Deactivation – Step 1
The first step in the hacking process is to overpower your router and force it to disconnect from everything else. You probably know this procedure as a DDoS attack.
Let’s explain this process a little bit more. We force the deactivation by sending a barrage of “DEAUTH” messages to the router. This causes the router (and all the devices connected to it) to forcefully disconnect from the router.
When these devices are forced to disconnect from one another, they have to reconnect back to each other. Remember the process above?
Now comes the time to be bad.
Credential Sniffing – Step 2
As these devices are trying to reconnect, they are all sending various packets of information to each other. These packets contain important things like hardware addresses, IP addresses etc.
While these devices are sending this info, we are simply vacuuming everything they are sending. There are various tools out there that make this process easy but since this isn’t a heavily technical post, I won’t be going into them. Don’t worry you can find them with a quick google search.
Device Impersonation – Step 3
Here is the fun part (at least for the hackers).
‘With all these packets and device information, we can spoof (impersonate) other devices. This is done by using packet spoofing programs.
You see, it is up to the devices themselves to tell the router what it is. To give a metaphor, imagine sending a letter, you have the destination address but you also have the sender’s address. It is this sender’s address that is used to decide who this letter (packet) came from.
If a malicious person (a hacker) has the details of other devices, they can lie on their sender’s address and cause the routers to do all sorts of dangerous things.
We’ll leave these things to your imagination.
In this article, we covered Wi-Fi networks and how they work. More importantly, we covered how easy it is to hack a home’s Wi-Fi and its network.
It is always a good idea to know about your home network and how to protect it. This is why we created some great resources that you can learn from. Make sure to read our “Must Reads” to get the information you need!
If you liked this post, you should join the Simius mailing list. We give you the latest information about smart homes, home network security and other great stuff you will want to know about while embarking on your home automation adventure.