A Wi-Fi deauthentication attack is a type of

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

that targets communication between a user and a

Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio w ...

wireless access point In computer networking, a wireless access point (WAP), or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired co ...

Technical details

Unlike most radio jammers, deauthentication acts in a unique way. The IEEE 802.11 (Wi-Fi) protocol contains the provision for a deauthentication frame. Sending the frame from the access point to a station is called a "sanctioned technique to inform a rogue station that they have been disconnected from the network". An attacker can send a deauthentication frame at any time to a wireless access point, with a spoofed address for the victim. The protocol does not require any encryption for this frame, even when the session was established with

Wired Equivalent Privacy Wired Equivalent Privacy (WEP) was a security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional ...

(WEP) for

data privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data ...

, and the attacker only needs to know the victim's MAC address, which is available in the clear through wireless network sniffing.

Usage

Evil twin access points

One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an evil twin access point which then can be used to capture

network packet In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the '' payload''. Control infor ...

s transferred between the client and the access point. The attacker conducts a deauthentication attack to the target client, disconnecting it from its current network, thus allowing the client to automatically connect to the evil twin access point.

Password attacks

In order to mount a brute-force or dictionary based WPA password cracking attack on a WiFi user with WPA or WPA2 enabled, a hacker must first sniff the WPA 4-way handshake. The user can be elicited to provide this sequence by first forcing them offline with the deauthentication attack. In a similar

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

style attack without password cracking, Wifiphisher starts with a deauthentication attack to disconnect the user from their legitimate base station, then mounts a

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

to collect passwords supplied by an unwitting user.

Attacks on hotel guests and convention attendees

The

Federal Communications Commission The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States. The FCC maintains jurisd ...

has fined hotels and other companies for launching deauthentication attacks on their own guests; the purpose being to drive them off their own personal hotspots and force them to pay for on-site Wi-Fi services.

Toolsets

Aircrack-ng Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/ WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw mon ...

suite, MDK3, Void11, Scapy, and Zulu software can mount a WiFi deauthentication attack. Aireplay-ng, an aircrack-ng suite tool, can run a deauthentication attack by executing a one-line command: aireplay-ng -0 1 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy wlan0 # arms deauthentication attack mode # is the number of deauths to send; use 0 for infinite deauths # is the AP (access point) MAC (Media Access Control) address # is the target client MAC address; omit to deauthenticate all clients on AP # is the NIC (Network Interface Card) Pineapple rogue access point can issue a deauth attack.

Technical details

Usage

Evil twin access points

Password attacks

Attacks on hotel guests and convention attendees

Toolsets

See also

References

Further reading