IEEE 802.11ac hacking overview. What’s the latest?


By | Information Security Blogger | Concise Courses


By Henry Dalziel
Information Security Blogger

We have an active interest in Wireless technologies, especially with regards to security. We offer a wireless hacking course called “How To Exploit, Crack, And Secure Wireless Networks” which is a 90-minute live online instructor-led course for beginners who need to learn how to exploit vulnerabilities in IEEE 802.11 (WiFi) standards. The purpose of the course, like all ethical hacking courses and training, is to be able to defend networks and computer systems by knowing how hackers behave and think. Understanding the tools and methodologies that a hacker uses, especially with regards to wireless security will facilitate a better defense from the point of view of a penetration tester.

Related Post: Read our list of Wireless Linux Pentesting Distro’s, used specifically for wireless hacking, cracking, pentesting, auditing and of course defending!

802.11ac is fast, very fast. The latest 802.11ac standard is now finalized and manufacturers are scrambling and jockeying for market share. As always, 802.11ac router and device prices will start expensive and then plateau as the standard becomes accepted into the marketplace. The wireless frequency and technology has been, and is developed by the Institute of Electrical and Electronics Engineers (IEEE). Owing to the speed increase within this wireless technology, the media has dubbed 820.11ac “5G WiFi.”

802.11ac-large-compressed

IEEE have developed the technology to facilitate fast down/upload speed, improving ranges that send packets in a more efficient manner, improved reliability, better (greener) power consumption – but what about the security aspect, i.e. how hackable is 802.11ac? How will programs like the airmon-ng suite or Wireshark fit into the picture? Will Reaver be able to spin its’ magic like it did with WPA and WPA2?

Hacking 802.11ac – what’s the deal?
Rather than repeat what has already been said by better 802.11ac experts than ourselves – check our April 3rd 2013 Hacker Hotshot web show titled: “802.11ac Packet Capture and RF Behavior for Client Device Analysis” (link is a video with an 802.11ac expert Joe Bardwell: 30 mins long). Joe, our 802.11ac Hacker Hotshot speaker and wireless hacking instructor is a highly knowledgeable expert on the subject. His expertise is within vendor-neutral RF wireless system technologies and he has consulted dozens of companies and non-profits on firming up their security.

A security (penetration testing) analysis of 802.11ac is yet complete. Key will be understanding packet capture and how that is affected by 802.11ac’s reliance on Adaptive Channel Adjustment and howw capable Wireshark, Airmon-ng etc is able to cope with these frequency fluctuations.

Things you need to know regarding 802.11ac
As we said above, 802.11ac is fast. To give some numbers to this, the fastest current 802.11n Wireless connection reach their peak at around 150Mbps with a single antenna, 300Mbps with two and 450Mbps with three antennas. 802.11ac connections will be roughly three times faster – so that’s 450Mbps, 900Mbps and 1.3Gbps for each of those antenna values: here’s a table to illustrate that better:

(Worth mentioning here that the 802.11ac manufacturers are installing as many as eight antennas into their routers and devices to increase connectivity and speed).

Comparison of 802.11n and 802.11ac speeds!

One Antenna Two Antennas Three Antennas
802.11n (legacy) 150 Mbps 300 Mbps 450 Mbps
802.11ac (new) 450 Mbps 900 Mbps 1.3 Gbps

As with previous IEEE wireless (WiFi) standards the speeds quoted on the marketing materials don’t generally exactly match what your chipset, machine (and other variables) can actually manage. Fiber optic capability could also be a bottleneck. In any event, 802.11ac is faster than 802.11n, period. The increase in speeds will be a bonus to certain, if not all, media industries. The download speed of movies and gaming will certainly be welcome news, but we wonder if IEEE, and the major ISP’s have factored in potential issues such as network overhead, congestion and physical obstacles; distance, and the quantity of simultaneous connections.

Get to know “beamforming” technology!
A major leap in technology and difference between 802.11ac and 802.11n is the way in which packets are relayed from the router to the end user. Current legacy 802.11n (and previous) routers are omnidirectional, but the latest 802.11ac routers will be able using directional transmission and reception technology labelled “beamforming”. Beamforming essentially narrows and intensifies the ‘beam’ of data packets from the router to end user. Not only will this increase speed but we are sure that this will have an impact on being able to crack and hack 802.11ac; because, if a hacker can’t tap into the network to start with, then how can they launch a Man In The Middle or WPA/ WPA2 brute force or Reaver Style attack? We wonder! Please chime in if you think we are off the mark here – this is a developing field and we are still to get our hands on a 802.11ac router to test it. Bottom line is this: “will beamforming create a sense of security through obscurity?

Time to switch frequencies!
Another difference between 802.11ac and 802.11n (and backward legacies) is the frequency that they will and have been using. 802.11ac wireless technology will use the 5GHz frequency band whilst legacy routers are still currently on the 2.4GHz frequency band. The key difference is this: 2.4GHz (current frequency) is busy and in short supply. Simply said, the 5GHz band is less cluttered.

Will I have to trash *recycle please* my old routers?
No sir.

802.11ac routers will be backwards compatible so you will not have to recycle your old legacy kit.

Last word on 802.11ac
Our interest in 802.11ac is the security firmness of the technology. We suspect that the enterprise will not welcome 802.11ac until enough time has passed to detect whether or not there are 802.11ac vulnerabilities. 802.11ac will have a greater private and residential take-up in our opinion, especially with gamers and home users.

Do chime in! We would love to hear your opinions on 802.11ac, especially with regards to the ease/ difficultly of being able to hack this new wireless standard. For a more in-depth analysis of 802.11ac including an interview and video with expert Joe Bardwell click here (Hacker Hotshot’s web show April 2013).

Here is a summary of the questions that were asked:

  • “Regarding speeds, sorry to put a damper on this, but as long as your ISP provider has slow Internet connection, these speed benefits are still constrained by the devices within your home network. So, speed is down to the ISP right?”
  • “Do you recommend a particular hardware vendor, who seems to be the pioneer in producing 802.11ac routers?”
  • “Can you recommend and VHT radio-taps tutorials. Are they relevant to 802.11ac security?”

Click here to watch the answers to the above questions.


One thought on “IEEE 802.11ac hacking overview. What’s the latest?”
  1. wifi password hack says:

    Without a secure wireless network, a hacker can see what you’re doing on your network and could install malicious software leaving you open to identity theft.

    Once you’re hooked, all of your information travels through his device and he captures every packet
    of wireless data. 4) Unlike WEP, WPA has a 48-bit IV, which enables nearly 500 trillion key combinations.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>