WIRELESS PENETRATION TESTING

Know your unknowns to assess, quantify the wireless security vulnerabilities and prepare a risk mitigation approach meant to reduce attack surface.

Get In Touch

No salesy newsletters. View our privacy policy.

What is a wireless penetration test?

The term ‘penetration test’ is used to describe the process of hacking into a wireless network in order to discover vulnerabilities. The aim is to find weaknesses (vulnerabilities) and fix them before an attacker takes advantage of those weaknesses.

Wireless penetration testing (or wireless assessment) is an important element for businesses. This could be securing a corporate network, production or guest networks. Businesses need to be aware of the vulnerabilities in their wireless networks and take steps to protect themselves from malicious invaders that may want access to their company’s network or steal data from a corporate network or related assets such as databases.

 

wireless penetration testing

Wireless Pentesting Methodology

01. Initial Scoping & Objectives

Our wifi security testing experts work with you to define the scope with target assets and threat scenarios based on the security concerns of the customer. Specific assessments defined against certain targets are defined under ‘white box’, ‘black box’ or ‘grey box’ methodologies to define test cases before starting the assessment.

04. Exploitation & lateral movement

Initial foothold is gained by exploiting weaknesses identified in the wireless implementations such as authentication, broken access control flaws, direct vulnerabilities or any other stepping stones. Privilege escalation attempts and lateral movement actions are carried out to infiltrate into the internal network(s) that would open doors towards internal assets such as file servers, domain controllers, web servers. 

Unauthorised access attempts to the wifi networks attacking WEP/WPA/WPA2 networks especially includes password attacks, deauth/dissociation attacks, evil twin attacks, etc. Tools include Aircrack, Reaver, coWPAtty and general pen test tools such as john the ripper/hashcat, nmap, nessus. 

02. reconnaissance & IDENTIFYING NETWORKS

The reconnaissance phase works with the single objective – information gathering and analysis to provide relevant information for later stages.

Wireless pentesting combines computer hacking with site surveys. Site surveys conducted using tools such as Wireshark/Ethereal, NetSumbler, Kismet, Airomon, Airodump,etc. 

It includes finding information related to individual networks and their connected clients, traffic information such as protocols, authentication, channels and related network architecture/protocol information.

05. data analysis & reporting

Our reports are written for a technical audience, but also provide business-focused information to help your company reach its goals. We take into account the risks of an attack and work with you on strategies that will not only improve security posture but make it more accessible from any device at home or in remote locations as well.

The point is we want to do everything possible than being ‘report and run’ consultancy!

03. vulnerability analysis & investigation

This phase concentrates on identifying stepping stones to attack the wireless networks. It involves a detailed analysis of wireless networks using relevant tools and techniques, finding any flaws that can be exploited to gain access. For instance, finalising the information about scanned networks, access points information, confirming the use of insecure authentication mechanisms such as WPA2, WEP or finding connected clients/systems information.

06. debrief & support

Our engagement process includes delivering a free of charge debrief to management and technical teams. This session involves help to prepare a remediation plan and Q&A to ensure that customer contacts are up to date. Cyphere also provide a remediation consultancy where we define and execute the risk mitigation plan.

Your trusted penetration testing provider

Common Wi-Fi Security Testing Vulnerabilities

Benefits of Wireless Penetration Test

A secure infrastructure provides safe, secure environment

Wifi Security Testing Methodology

Our wifi pen testing methodology is based on the following industry standards that helps businesses improve Wi-Fi network security controls from unauthorised access:

penetration testing methodology

Wireless Assessment Scenarios

Wireless penetration testing is not the same as wardriving, although the process of wardriving can be used in order to find potential targets.

War Driving (sometimes referred to as wardriving) is a search for open wireless access points by using a portable computer connected to an antenna and a radio receiver connected to an antenna. WiFi networks are detected and their location can be mapped using a database that stores the details of wireless network names and locations mapped against latitude/longitude. Social engineering techniques are not part of standard wireless assessments. To include human elements into black box assessment, wider scopes such as red teaming operations include social engineering techniques. 

The best way to find points of weakness is to physically go out there into public places such as parks, hotels, restaurants, cafes etc and look for unsecured wireless access points that are broadcasting without a security key. However, the use of WEP or WPA2 (pre-shared key) based on insecure authentication mechanisms are decreasing in corporate wireless network security usage. More and more companies are adopting certificate-based authentication, therefore, verifying and proving the identity of the client connecting to the wireless network. Therefore, white box wireless testing that involves authenticated scenarios is important to know about issues that may otherwise go undetected. It includes rogue access point identification, secure configuration issues such as client isolation, unauthorised network acess and data leakage, security found during penetration tests, endpoint security controls and RADIUS/integrated authentication modules.

Wireless penetration testing is like hacking, and the attacker’s goal is to find weaknesses in passwords, encryption or other security features, access databases and steal information or install malware. Penetration testers have been known to use exploits (known vulnerabilities) as well as using cracking tools such as air crack to access wireless networks. It’s important that penetration testers aren’t ethical hackers so they are not trying to protect the company from evil invaders but instead, their job is to hack into every possible weak point in order to find them and fix them before a cybercriminal does it for them.

Wireless Pen Test Approach

Customer Business Insight

The very first step remains our quest to gain insight into drivers, business, pain points and relevant nuances. As part of this process, we understand the assets that are part of the scope.

Services Proposal

It is important to gain grips with the reality, therefore, we always stress on walkthroughs or technical documentation of the assets. After asset walkthroughs, a tailored proposal is designed to meet your business’ specific requirements.

Execution and Delivery

Cyphere’s approach to wireless network security test involves excellent communication before and during the execution phase. Customer communication medium and frequency are mutually agreed, and relevant parties are kept updated throughout the engagement duration.

Data Analysis & Reporting

Execution phase is followed by data analysis and reporting phase. Cyphere performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels

Debrief & Support

As part of the wireless network testing process, customers schedule a free of charge debrief with management and technical teams. This session involves remediation plan, assessment QA to ensure that customer contacts are up to date in the language they understand.

Recent Blog Entries

BOOK A CALL