Wi-Fi deauthentication attack
Type of denial-of-service attack From Wikipedia, the free encyclopedia
A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.
Technical details
Unlike most radio jammers, deauthentication acts in a unique way. The IEEE 802.11 (Wi-Fi) protocol contains the provision for a deauthentication frame. Sending the frame from the access point to a station is called a "sanctioned technique to inform a rogue station that they have been disconnected from the network".[1]
An attacker can send a deauthentication frame at any time to a wireless access point, with a spoofed address for the victim. The protocol does not require any encryption for this frame, even when the session was established with Wired Equivalent Privacy (WEP), WPA or WPA2 for data privacy, and the attacker only needs to know the victim's MAC address, which is available in the clear through wireless network sniffing.[2][3]
Usage
Evil twin access points
One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an evil twin access point which then can be used to capture network packets transferred between the client and the access point.
The attacker conducts a deauthentication attack to the target client, disconnecting it from its current network, thus allowing the client to automatically connect to the evil twin access point.
Password attacks
In order to mount a brute-force or dictionary based WPA password cracking attack on a Wi‑Fi user with WPA or WPA2 enabled, a hacker must first sniff the WPA 4-way handshake. This sequence can be elicited by first forcing the user offline with the deauthentication attack.[4]
Attacks on hotel guests and convention attendees
The Federal Communications Commission has fined hotels and other companies for launching deauthentication attacks on their own guests; the purpose being to drive them off their own personal hotspots and force them to pay for on-site Wi-Fi services.[5][6][7][8][9]
Toolsets
There are a number of software toolsets that can mount a Wi‑Fi deauthentication attack, including: Aircrack-ng suite, MDK3, Void11, Scapy, and Zulu.[10]
A Pineapple rogue access point can also issue a deauth attack.[11][12]
See also
- Radio jamming
- IEEE 802.11w – offers increased security of its management frames including authentication/deauthentication
References
Further reading
Wikiwand - on
Seamless Wikipedia browsing. On steroids.