Wireless Attacks: Wi-Fi and Bluetooth Attacks, Types, and Security

What are wireless attacks in cyber security? What are Wi-Fi attacks and their types? What are Bluetooth attacks and their types? These are the common questions that come to mind when we hear the term wireless security.

In this write-up (part of our comprehensive Ethical Hacking Tutorial for Beginners), we will answer all your questions related to wireless attacks, primarily focused on Wi-Fi and Bluetooth security.

So far, we have covered several types of hacking attacks, including:

• Malware attack 

• System hacking 

• Sniffing and spoofing attack 

• Social engineering attack 

• DoS and DDoS

• Session hijacking

and more. 

Now, it’s time to get started with Wi-Fi security attacks.

Wi-Fi stands for wireless fidelity, and it is the technology that enables internet connectivity with computers, mobile devices, and other devices like printers and cameras. 

Over a Wi-Fi network, users can also share information and communicate with each other. The internet connectivity is enabled using a Wi-Fi router.

There are several types of Wi-Fi that you must know while learning about wireless attacks or Wi-Fi security attacks.

1. WPAN

It stands for Wireless Personal Area Networks. WPAN connects devices over a Wi-Fi network in a small area. The range of WPAN is around 30 feet. 

2. WLAN

It stands for Wireless Local Area Network. WLAN uses radio waves to enable connectivity. Here, the router is usually connected to an external internet connection of the ISP with a cable. The router then broadcasts the internet connectivity to the devices on the network. Its range is generally meant for a single room, floor, etc. 

3. WWAN

It stands for Wireless Wide Area Network. WWAN networks are meant for large areas, like a city. The connectivity is enabled using antenna sites, signals, and satellites. 

4. WMAN

It stands for Wireless Metropolitan Area Network. WMAN is used to connect multiple WLANs in a metropolitan area

Wi-Fi has made the lives of IT admins and users easy by avoiding the installation of cables for internet connectivity. However, for a highly secure Wi-Fi environment, it should ask users for authentication with a single-shared SSID and password. 

Wi-Fi credentials are mostly common for all users on the network and are shared over emails, messages, or word of mouth. However, it can cause risks to the network if hackers get access to these credentials. If authentication is enabled, it will make the network more secure.

Three types of encryption protocols are there for Wi-Fi networks. All these protocols are used to secure the data on the network, but the difference is the level of security offered. 

1. WPA2

WiFi Protected Access Version 2 is the most advanced encryption protocol offering a high level of encryption. Utilizing Advanced Encryption Standard (AES), it is currently the most secure Wi-Fi encryption protocol.

2. WPA

Wi-Fi Protected Access was created to overcome the flaws in the Wired Equivalent Privacy (WEP). WPA has two types of protocols. First is the WPA-PSK (pre-shared key), and second is the WPA-TKIP (temporal key integrity protocol). WPA-PSK is more secure than WPA-TKIP. 

3. WEP

Wired Equivalent Privacy is now used very less because it possesses weak security points and deficiencies. WPA and WPA2 have now taken over this.

In this video, We are explaining about Complete Introduction to Hacking Wireless Networks. Please do watch the complete video for in-depth information.

Below is the list of different types of Wi-Fi attacks:

1. Evil Twin Attack

While connecting to a Wi-Fi network, the employees in an organization enter the authentication details. What hackers do is create a fake access point near the organization, which looks quite similar to the original access point. 

When the employees try to connect to the fake AP, they enter the original credentials, which allows the hacker to access the original connection. 

2. Jamming Signals

Hackers use certain tools to jam the signal and disrupt a Wi-Fi network. Such attacks are a subset of DoS attacks as it involves flooding the network to make it unavailable. 

3. Misconfiguration Attacks

Such attacks happen when a Wi-Fi network is set to the default configuration and uses weak passwords & encryption protocols. Hackers use these weaknesses to compromise the network. 

4. Honeyspot Attack

It is very similar to an evil twin attack where the malicious actors create a rogue access point and make the users share their credentials to connect to the network. When shared, they will use the credentials to gather information about the network and carry out further attacks. 

5. Ad-hoc Connection Attack

In an Ad-hoc Wi-Fi attack, the hackers use trusted users who use Ad-hoc connections to spread trojans and malware into the network. The Ad-hoc connections are not secure and have weak encryptions.

It is another wireless technology that came into existence before Wi-Fi. Bluetooth is used to connect devices, like smartphones, with headphones, speakers, and microphones, as well as to share files. 

To hack a Bluetooth-connected device, the hackers need to be within range of the device. Since Bluetooth devices have a small range, people think that they can’t be attacked. However, Bluetooth attacks also happen. 

An attack can enter the range of the device, find a vulnerability, and exploit it to eavesdrop on the device.

To find a Bluetooth device in range, you need to use some tools for scanning. Kali Linux comes with some built-in tools that allow the scanning of networks. You don’t need to install additional third-party tools. 

The in-built tools for Bluetooth scanning include hciconfig, hcitool, sdptool, btscanner, and l2ping. These can be used to detect active Bluetooth devices in range. 

Here are all types of Bluetooth attacks in cyber security:

1. Bluejacking

It is a common Bluetooth attack that people sometimes use for pranks. It is not a major attack, but hackers use it to send spam messages to compromised devices. With Bluejacking, hackers don’t get access to a Bluetooth-connected device and can’t access the data on it. 

2. Bluesnarfing

This is a serious Bluetooth attack that allows hackers to access the device and the data on it. Bluesnarfing can be carried out even if users have enabled the undiscoverable mode. 

By compromising a device with Bluesnarfing, hackers can copy the data on the device, including photos, phone numbers, emails, etc. However, if users keep their devices non-discoverable, it becomes a bit difficult for hackers to identify the model and name of the device. 

3. Bluebugging

Through Bluebugging, the hackers can access the compromised device and monitor the phone calls, emails, and messages, and browse the internet. They can also make phone calls without letting the users know about it. Such attacks happen mostly on outdated models of devices.