Wireless Penetration Testing

Securing Your Wireless Network with a Simulated Attack

What is Wireless Penetration Testing?

During a wireless penetration test, expert white hat hackers step into the role of would-be attackers and attempt to breach your system. Unlike other types of penetration tests, they focus only on exploiting wireless services available to anyone in the physical vicinity of your network. This can include:

  • WiFi networks
  • Wireless devices, such as keyboards and mice
  • Cellular networks
  • Wireless printers and scanners
  • Bluetooth devices
  • Other RF technologies, like RFID

By putting the security of your wireless footprint to the test, penetration testers can evaluate your security and propose solutions to strengthen it. These can include addressing vulnerabilities, deploying new technology or architecture, and implementing new security policies or procedures.

what-is-wireless-penetration-testing

Why Your Easiest Entry Point Demands the Best Security

Wireless networks, WiFi, Wireless Local Area Networks (WLAN), IEEE 802.11 signals, and other wireless access points can be easy ways for a cybercriminal to breach your system. There are no locks to pick, no people to deceive, and you can perform the whole operation from the parking lot. It can also sometimes give attackers direct access to an internal network without having to breach a firewall.

In fact, many cybercriminals are known for searching for targets through a tactic known as war driving. This strategy entails driving in search of a WiFi network from a moving vehicle, using laptops, smartphones, and mobile devices.  

Because wireless networks are such big targets for cybercriminals, compliance with most security standards (including PCI DSS, SOC2 and HIPAA) requires wireless penetration testing. This comprehensive and thorough investigation of your wireless network’s risks helps organizations to understand what’s vulnerable, what’s at stake, and how to target resources for remediation.

The Strategies and Tools of Wireless Penetration Testing

Wireless penetration testers perform a variety of tests against the wireless local area network (WLAN) and wireless access points (WAP).

The goal of wireless penetration testing is four-fold:

  • Grade the effectiveness of wireless security programs
  • Fully understand the risk presented by each wireless access point
  • Discover and assess vulnerabilities
  • Generate a data-driven action plan to correct vulnerabilities and remediate risk

Major Security Risks

In addition to vulnerabilities within the network itself, a wireless pentest could discover major security risks, any of which might represent a breach already in progress. The three major types of threats include rogue access points, pineapples and evil twin networks.

Rogue Access Points

A rogue access point, or an unauthorized point of access on a secured wireless network, may not have been set up with criminal intent. It could exist by accident or have been created by an authorized employee or contractor. Regardless, any rogue access point is a significant security threat to the whole network.

Whereas other wireless access points are authorized, a rogue access point is an unauthorized (and, therefore, probably unguarded) access point. It could give criminals a backdoor into the WLAN to install malware, steal money and data, or alter systems on the network.

Rogue access points typically arise under one of three circumstances:

Accident
It is more common than you think. Many security systems don’t account for the WiFi connection from printers that can leave an open door into your whole network. Massive data breaches can begin with the back door provided by a printer or other unsuspected wireless access point.
 
Convenience 
A rogue access point of convenience arises when an employee or contractor, authorized for access to the network, creates an access point he or she is not authorized to create. The expectation of "WiFi" and lack of education on security threats play a big role in the creation of these rogue access points. 
 
For example, an employee may bring his own wireless router or hub from home and connect to the organization’s network without anyone knowing. Essentially, this hotspot creates an unguarded access point and leaves a gaping hole in wireless cybersecurity. Worst of all, the employee that does this normally thinks that they are helping out by fixing a problem without bothering IT.
 
Malice
Through trespassing, social engineering, or employee fraud, a cybercriminal might also establish a rogue access point intentionally.

Pineapple

A pineapple is a pocket-sized device that mimics the wireless local area network while inserting itself between the user and the WLAN to intercept data.

Evil Twins 

An "evil twin" network is a wireless network set up to look like a secure, trusted network. In reality, it’s a cybercriminal’s network, compromising the user’s device, data, and any systems they access. These dangerous doorways into your system can be created for any WLAN and are often an indicator of an incident or breach in progress.

Your Wireless Penetration Testing with Truvantis®

Our accredited penetration testers are highly-skilled specialists who have mastered the same skills used by cybercriminals in order to help others defend against them. The Truvantis team of only senior-level security engineers can use wireless penetration testing to help your company to achieve compliance, understand the real threats to your system, and most importantly, create a realistic, actionable plan to mitigate those risks within your budget. There’s more to real security than checking off boxes and it’s more attainable than you think. 

The Truvantis Wireless Penetration Process

We’ll begin your wireless penetration testing on a call with your team to discuss the details and the rules of engagement. Then, we’ll send you a test device to connect to your network, providing us with the same wireless access available to those on-site. Throughout our thorough, manual, and automated testing of your entire wireless network’s security system, your security team will be notified immediately if we find critical issues. 

Our approach may vary based on the size and complexity of the system, but the simplified steps of a wireless penetration test typically include:

  1. Gathering wireless security info
  2. Collecting data on the wireless network
  3. Analyzing wireless implementation
  4. Analyzing internal wireless security procedures
  5. Attempting to break wireless passwords, elevate unauthorized access, elevate permissions, and capture sensitive data

Upon completion, everything we’ve discovered will be compiled into an easy-to-understand report. The valuable information it contains can be used to prioritize vulnerabilities by risk-level and take immediate action to protect your organization.

We’ll outline:

  • What we did
  • What we found and where
  • Proof of any issues or threats
  • A thorough explanation of each issue or vulnerability, ranked by severity as measured using CVSS
  • Expert recommendations for remediation and system hardening

Choose Truvantis for Your Wireless Penetration Testing 

Our wireless penetration testing provides you with the data and guidance to protect your data and strengthen your comprehensive security strategy. Whether wireless penetration testing is all you need, or just a small piece of the puzzle, we’ll help you to shape the solutions that fit your business, your budget, and your goals. 

Our hands-on team of senior-level security engineers can create the solutions you need to improve your security. That may mean thinking outside of the compliance checkbox to find what really works for you — and that’s what we do best.