 So we're going to talk about Wi-Fi deauthorization attacks, and these are a, so to speak, preamble to some of the other Wi-Fi attacks that have gone out there, such as if you want to Google it like the Wi-Fi Panample device. What you're doing is sending a deauthorization packet that will cause Wi-Fi to drop. Now a lot of people call these Wi-Fi jammers because they work in a similar manner as and they deny you access to your Wi-Fi, so they're a denial of service attack directly against the Wi-Fi, but they don't do it by sending out just a massive amount of interference. That's a common way. So if we spread the spectrum with radio and RF noise in the spectrum that the Wi-Fi operates on, we would effectively cancel out the Wi-Fi. This is a more targeted, more focused and very specific attack. Now we all know that we should be connecting to an encrypted Wi-Fi device that's using something like WPA2, which is the current standard here in 2017 for most of your connections, and that means that the traffic passing between your device and the access point will be encrypted at the level so you can't be easily sniffed. Now that being said, what's not sent encrypted, for example, the fact that you can see the name of an SSID tells you it's not encrypted, you can read the name. Also the management packet is not encrypted. Now that management packet is what we're specifically going to talk about the attack for, and that's what these devices do. This is a AlphaALFA, and I'm going to throw a link in Amazon in here, a pretty neat little device and pretty handy for doing this type of attack. Now I'm showing you this as educational, I'm only going to attack my own network. It would be illegal to attack other networks, so please be careful using this, but this is something if you're planning out Wi-Fi, you have to think about the implementations of and I'm going to talk a little bit of how it works and what we can do to defend against it, which is unfortunately not a lot. So this is the Alpha device that I'm using for this, I have it connected to my desktop. Things you need is that device, Python and Linux for the description we're doing here, which is a Git repository by Dan McKinnery, I think I'm bad with names. Anyways, I'll leave a link to all these things I'm talking about right in the description. Now this Wi-Fi jammer is a really simple Python script, you just need to have downloaded the single script, and there's a tool that you have to load called Python-SCAPY. So in the Debian environment, it's apt-get install Python-SCAPY, it's the only dependency that this has besides Python itself. So once we have this set up, we get it downloaded, I've got the Alpha plugged in. Now the Wi-Fi jammer tool as it's called will automatically detect Wi-Fi as it's plugged in, it will work with other Wi-Fi devices, this one's just kind of handy because it's powerful, plenty of milliwatts, has a great antenna, and it's actually really nice to use this device not just for this nefarious act, but also because if you have trouble getting Wi-Fi somewhere and when I travel, I bring that with me as I plug it into my laptop, the antenna is directional and has great range, so if you're unlucky enough to have a hotel that did not provide you wonderful Wi-Fi because it's a little too far and it didn't do enough access points, this is actually a great little device for that and fairly inexpensive. Anyways, so this is all the descriptions of all the things that it can do, it will by default out of the box just by running it, it just attacks all the SSID's it finds and sends out these de-authorization packets, that's probably definitely illegal. Alright, so let's get right into how this works. So it does need to run as root and the yes theme of my Wi-Fi network is notice me some pie, so I'm going to go ahead and initiate attack against it, like I said if I default it will scan and attack all the networks, we definitely don't want to do that, we want to specifically attack my network and so that's what we're going to do here. Wi-Fi jammer dash A, now I can specify this by MAC address, so I can attack a specific access point, but if you attack an SSID and for example in our network character office, it's attacks all the access points that use that SSID, so if you're doing a large-scale network attack, they would probably use something like this and they attack a specific SID to knock it out. So we're here, so we run the attack and we run the root password in for pseudo access and it's going to run a scan here and I'm switching over to my laptop as you're going to see that my laptop was pinging right along and nicely connected and it's a wave-mon as a tool that's showing the connection and after a few seconds it's going to drop the connection and there it goes. So now the connection's dropped, it wants to password because it's been de-authorized and kicked off of the network. This is obviously really a pain because now you're like why am I disconnecting? I'm not sure, it doesn't really give me much information here, but what this is doing is running along all the channels that it finds notice me Senpai on and just broadcasting that back out. Now please note you see over here on the Wi-Fi jammer two SSIDs and the reason for that is I have two of them running, so it's de-authoring both of the ones it finds and this is such a simple script, you've seen how easy this was to do, I know it's very as a way term script kitty-ish, but it's also a serious attack if you see all these devices that some of my businesses run on here you're talking about someone who just gets within range of your parking lot and starts just blanketing your network with this and next thing you know nothing on your Wi-Fi is working you have to do some sorting out on this. So let's now jump into I'm gonna go ahead and stop de-authoring my network and we're gonna go jump into how do we protect against this. Now Unify, settings here, this is how Unify does it. Now other brands do support this as well, just happen to have Unify in the office, so I'm gonna show you how they do it. They moved it to an on spot, but they did update the function in here and you go here to wireless networks, you click the little at the top if you see that it's the, let's go back, so you go over here to the Wlang group, edit the group here and this is where they have it turned on and it's called PMF's protected management frames. Now may cause a performance drop, I don't have the right hardware to test protected management frames, so let's talk about a little bit of that. So the 802.11, I believe it's the W, is the standard which means encrypt those management frames. Seems like a great idea, unfortunately there's very low adoption rate in this matter of fact even with Unify, if you click here like to learn more, it says that PMF only applies to generation three APs. That's correct, a lot of access points themselves don't support it and a lot of the devices don't support it. So right here is their first gen, second gen and I only have some second gen devices on here. It isn't until you get to their latest third gen devices that it supported, so they've added it to the software and I know this is the case for a lot of devices, for example I looked up my Nexus phone just to see if it had support for it, it doesn't and I was like wow my Nexus phone's not that old, old in the phone years because it's from 2016 or no I'm sorry 2015's when they released it, so it's old in phone years but that's really, this is a protocol it's been around for a little while I know it's supposed to be superseded by another one, but it's kind of fuzzy and not clear and I think it's because you know we've moving everything to Wi-Fi but no one's really pushing these attacks out, therefore there hasn't been a big market push to really adopt this. So the protected management frames, this is the Unify AP that supports it's one of the really high-end models at 349. We just have a standard UAP-ACLR and one of the other older ones that we have that don't support this so because they don't support this I can't do anything about it so it's kind of an annoyance if you do get attacked it's something you should be aware of it's a really tricky thing to defend against because you're not just blanketing interference you can have a very small device I believe there's some of them that are even smaller and they may sell them as Wi-Fi jammers but they can come in a Raspberry Pi kit they don't take a lot of interference so they're very hard to triangulate on and very hard to block this attack it's a very tricky problem but it's just something I want to bring you some awareness of and talk about I've you know knock on wood we haven't really seen this attack against any of our clients but it's something that I like to keep in the back of my mind in case there's a major Wi-Fi interference that we have to troubleshoot like oh man do we have some kids sitting in a parking lot just you know sending deauthorization packets out there there are some sniffing tools you can use I believe if you do a full dump p-cap with wire shark you can start to understand where the broadcast is coming from but it also requires you get a Wi-Fi unit in full promiscuous modes you have to see at the link level the actual packets being sent but even then you have to then try and triangulate and find this device even if you identified it then you have to find it and they're so small this can present a really big challenge so that's my thoughts on this and wanted to share it with you guys to show you one it's it's overly simple to do it's kind of a scary attack factor and why I don't think wired is going away for anything critical anytime soon because you gotta have a backup plan a backup plan plug it in a wire shut off the Wi-Fi until we sort this out and so if you like to count in here like and subscribe thanks for watching oh and I'll leave links below it's all the different tools I use and talked about