Penetration Testing for Wireless Systems
Wireless Penetration allows you to replicate multistaged attacks that leverage compromised wireless networks to target backend resources, revealing how chains of exploitable vulnerabilities can open paths to your organization’s mission-critical systems and data.
Gauge Your Exposure to Wi-Fi Threats
As evidenced in high-profile attacks carried out against major enterprise organizations, unmanaged or improperly secured wireless networks can serve as an initial point of entry for criminals seeking access to protected backend databases and other critical resources.
Our Wireless Penetration capabilities enable you to assess your organization’s readiness against real-world attacks originating over Wi-Fi networks. With Wireless Penetration, you proactively replicate the actions of a would-be attacker to reveal exploitable weaknesses in your wireless and backend networks – gaining actionable data at each step for efficient and effective risk mitigation.
Wireless penetration testing capabilities include:
- Discovery of both known and unauthorized Wi-Fi networks and access points
- Information gathering on network strength, security protocols and connected devices
- Attack and penetration of networks encrypted with WEP, WPA-PSK and WPA2-PSK
- Automated traffic sniffing for finding streams of sensitive data
- Capabilities for joining cracked networks and testing backend systems
- Comprehensive reporting of wireless testing activities and findings
- Seamless pivoting between wireless, network, web application and endpoint tests, replicating multi-staged attacks that trace chains of vulnerabilities to sensitive backend data
With Wireless Penetration, you can conduct testing across the widest array of threat vectors and gauge your organization’s exposure to advanced hacking and malware assaults in the most realistic, comprehensive manner.
Identify and Profile Known and Unauthorized Wireless Networks
Many organizations have policies against unauthorized Wi-Fi networks. iNet|Detect’s discovery capabilities allow users to identify both authorized networks and unauthorized points of access. We then profile any networks discovered by analyzing signal and packet data to measure network strength, determine security protocols, and identify devices interacting with the involved network.
Crack WPA, WPA2 and WEP Wireless Encryption
Wireless Penetration determines keys by taking advantage of known vulnerabilities in WEP-secured networks. The solution also assesses networks secured by WPA and WPA2 (using a Pre-Shared Key) via dictionary attacks that leverage information from sniffed authentication attempts.
Man-in-the-Middle (MiTM) Attack Replication
Wireless Penetration can demonstrate how an attacker can take advantage of weaknesses in a WiFi network or the configuration of WiFi-enabled clients. Even if they are not connected to the target network, an attacker can sniff for client requests and attempt to send their own replies which the victim won’t recognize to be malicious. If the attacker is connected to the network however, they can easily insert themselves into an ongoing transmission over that network. This type of attack is typically referred to as a Man-in-The-Middle (MiTM) attack because the attacker discretely intercepts transmissions from one or more users and then acts as a relay, often inserting their own, malicious content as a way to gain sensitive information. Wireless Penetration can simulate these types of attack, providing rich functionality that illustrates the dangers of a WiFi breach.
Beaconing Machine Detection
Wireless Penetration can scan a wireless environment for end-user machines whose wireless NICs are powered on but not in use. If left at their default configurations, wireless cards on certain operating systems scan for, or beacon, default SSIDs that the machine had previously been connected to and will connect to an access point without the user’s involvement. If we locate any such machine, we will attempt to learn its MAC address and the SSID (network name) for which it is probing.
SSID Impersonation
Building off of the ability to detect beaconing machines, Wireless Penetration can impersonate a valid access point and attempt to have the machine connect to it. Once a machine is connected to our imposter access point, the testing potential broadens considerably and users are able to:
- Fingerprint connected machines
- Attempt infrastructure attacks on the machine
- Attempt to harvest usernames and passwords
- Insert exploits into traffic sent and received by the connected machines
- Manipulate the user’s network traffic
- Execute any tests available in iNet|Detect’s Network System Penetration
Trace Attack Paths from Wireless Networks to Backend Data
Our Wireless Penetration offers true multistaged penetration testing capabilities, allowing users to replicate attacks that can occur after the initial Wi-Fi network compromise. By integrating wireless assessments with web application, network and endpoint testing, we can reveal and documents paths of exposure to sensitive data residing on backend systems.
Share Actionable Data for Efficient Remediation
iNet|Detect generates reports of wireless networks discovered, client-to-access point relationships, and access point profile information. Reports also include information about which networks were tested against attacks, which where successfully compromised, and which weaknesses allowed the compromise.
