You are on page 1of 1

So, there's a lot of ways you can attack a WiFi without knowing any passwords:

Physical layer attacks: Simply jam the frequency spectrum with your own sign
al. That signal might just be noise, but it might also be a WiFi of your own und
er heavy load, with the nodes in that WiFi being configured not to play nice wit
h others. (depending on the WiFi chipset, that can be extremely easy) Spectrum c
an only be used once!
Tool: noise source (e.g. Gunn Diode, SDR device), or normal AP.
Electromagnetic sledgehammer: EMI gun. Take microwave oven oscillator, attac
h directive antenna, pray you don't cook someone's (your) brain, and point in th
e rough direction of the access point. Poof! Microwave ovens operate in the 2.4
GHz band, and thus, antennas of Access Points are picking up exactly that energy
.
Tool: Microwave oven, some sheet metal, lack of regard for other people's pr
operty and own health, or extended RF knowledge
MAC and Network layer attacks: Especially for networks using WEP (noone shou
ld be using this anymore, but sadly...) it's easy to forge what is called deauth
entication packets
and thus, to throw out stations from your WiFi
Tool: Aircrack-NG's aireplay
Targetted jamming: As opposed to simply occupying the channel with noise or
your own WiFi, you can also build a device that listens for typical WiFi packet'
s beginnings (preambles), and then, just shortly, interferes. Or just sends fake
preambles periodically, or especially when it's silent. That way, you can corru
pt selected packets, or fake channel occupancy.
Tool: Commodity off-the shelf SDR
authentication attacks: at some point, even "proper" clients for your WiFi n
eed to register with the WiFi. That mechanism can of course be forced to its kne
es by simply sending hundreds of authentication requests every second, from rand
omly generated MAC addresses, or even from MAC addresses of clients you know (by
observation) exist. There's no solution to the problem for the AP
either it succu
mbs to the overload of auth packets, or it starts blocking out legitimate users.
Tool: your network card, 10 lines of bash scripting.
Man-in-the-Middling / access point spoofing: With anything short of WPA(2)-E
nterprise, nothing proves that the access point calling itself "Toduas AP" is ac
tually your Access Point. Simply operating a slightly higher-powered access poin
t with the same ID string and, if necessary at all, a faked AP MAC address (triv
ial, since just a setting), will "pull" clients away from your access point. Of
course, if the spoofing Access Point doesn't know the password, users might quic
kly notice (or they don't); however, noticing things don't work is nice, but doe
sn't help them.
Tool: a random normal access point
You have to realize that it's a privilege, not a right, to have your WiFi use a
channel. WiFi happens in the so-called ISM bands (Industrial, Scientific, Medica
l usage), where operators of transmitters don't have to have an explicit license
. That means it's OK for everyone to use that spectrum, as long as they don't in
tentionally harm other devices and are not easily damaged by interference.
So, it's absolutely legal for someone to e.g. operate a high-definition digital
camera stream that occupies the whole WiFi channel. That will effectively shut d
own your WiFi.
If you need something that no-one can mess with, wireless is, by definition, not
the way to go.