# Hacking Exposed™ Wireless: Wireless Security Secrets & Solutions

INTRODUCTION

Since the first edition of Hacking Exposed Wireless, the technologies and the threats
facing these communications have grown in number and sophistication. Combined
with the rapidly increasing number of deployments the risk of implementing
wireless technologies has been compounded. Nevertheless, the risk is often surpassed
by the benefits and convenience of wireless technologies, which have been a large factor
in the spread of these devices within homes, offices, and enterprises spanning the
globe.

The story of wireless security can no longer be told with a narrow focus on 802.11
technology. The popularity of wireless technologies has created an intense interest in
other popular wireless protocols such as ZigBee and DECT—interest that has manifested
itself into research into attacks and vulnerabilities within the protocols and the
implementation of those protocols in devices. With this growth in wireless technologies,
these networks have become increasingly attractive to attackers looking to steal data or
compromise functionality. While traditional security measures can be implemented in an
effort to help mitigate some of these threats, a wireless attack surface presents a unique
and difficult challenge that must first be understood before it can be secured in its own
unique fashion.

This book serves as your humble guide through the world of wireless security. For
this edition, we have completely rewritten core sections on how to defend and attack
802.11 networks and clients. We also cover rapidly growing technologies such as ZigBee
and DECT, which are widely deployed in today’s wireless environments.
As with any significant undertaking, this second edition of Hacking Exposed Wireless
was a result of the efforts of several principals over an extended period of time. When we
first returned to this book, we took great care in reviewing all the feedback and comments
to figure out where we needed to do better for our readers. We also revisited all the
technologies included in the previous volume and researched the interesting technologies
that have emerged since the previous edition.

We have a new co-author this time around, Joshua Wright. Josh is one of the most
well-respected minds in wireless security, and we are confident that you will immediately
notice his contributions in the additional breadth and depth of knowledge found on
these pages.

AT A GLANCE

Part I Hacking 802.11 Wireless Technology
▼ 1 Introduction to 802.11 Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . 7
▼ 2 Scanning and Enumerating 802.11 Networks . . . . . . . . . . . . . . 41
▼ 3 Attacking 802.11 Wireless Networks . . . . . . . . . . . . . . . . . . . . . . 79
▼ 4 Attacking WPA-Protected 802.11 Networks . . . . . . . . . . . . . . . 115
Part II Hacking 802.11 Clients
▼ 5 Attack 802.11 Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
▼ 6 Taking It All The Way: Bridging the Airgap from OS X . . . . . . 203
▼ 7 Taking It All the Way: Bridging the Airgap from Windows . . 239
Part III Hacking Additional Wireless Technologies
▼ 8 Bluetooth Scanning and Reconnaissance . . . . . . . . . . . . . . . . . . 273
▼ 9 Bluetooth Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
▼ 10 Attacking and Exploiting Bluetooth . . . . . . . . . . . . . . . . . . . . . . 345
▼ 11 Hack ZigBee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
▼ 12 Hack DECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
▼ A Scoping and Information Gathering . . . . . . . . . . . . . . . . . . . . . . 459
▼ Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471