Having fun with WI-FI Deauthentication

What is a deauthentication attack?

A deauth attack is a type of DOS attack that will repeatedly knock a user off a specific WI-FI network. The attack can occur even if you are on a hidden network. This post is going to quickly cover how the attack works, protection, and tools.

How does it work?

The vulnerability which means the attack can be carried out lies within the IEEE 802.11 management frames. These frames control different aspects of a WI-FI network such as probe requests, association etc. The keyframes that cause the deauth are called de-authentication (no surprise there) and disassociation. However, the protocol does not require any encryption for this frame, meaning an attacker can send out these packets to any target they like, at any time. The attacker only needs to know the victims MAC address that is freely available through network sniffing.

Showing deauth packets through Wireshark
Showing deauth packets through Wireshark

How to protect yourself?

Update your routers firmware. This attack abuses a build that is embedded into many home grade routers. There is, however a build that makes these frames encrypted and therefore the attack can not be launched, this build is named IEEE 802.11w-2009.  The issue is, this does not really exist on most home routers. If you’re suffering from this attack on a constant basis, you would need to upgrade your router to one that has this new standard. Also hiding your SSID will not help, as a lot of the tools used can gather all the information needed to launch the attack, without requiring your SSID.

Tools

All of the above can be performed with simple tools such as Aircrack and Zulu, or you can just as easily write your own script.

The whole reason behind this post is because I picked up a little device I thought I could have a play around with.  This is a little handheld deauther you can find on tindie. Its an open source project that was made to raise awareness for the vulnerability.  It comes with a nice LED screen to easily navigate the menu and an aerial to increase the range. It’s a fun tool to see if your network is vulnerable to attacks, it can also be re-flashed for different purposes, such as a packet monitor.

deauther
Deauther

Conclusion

Overall the risk factor to this attack is becoming a lot less than it was 5 years ago. Not only do attackers need to be within reach of the network, but more powerful alternatives are natural to come by such as cheap botnets. More people are also upgrading home routers, and with industry starting to pay more attention to cybersecurity related issues, it won’t be long until the problem is fizzled out altogether.