Testing WiFi security by Flipper zero, debug by NetSpot, and Cisco Meraki MX68W router
Dear colleagues,
I’d like to share my experience testing WiFi networks and how the Cisco Meraki router logs show indications of a ‘death attack.’
Let’s begin! To proceed, you’ll need Flipper and GPIO (an extended card with a WiFi module).
In my case, I have the ESP32-S2-SOLO Module, which supports 2.4 GHz Wi-Fi (802.11 b/g/n) standards
This should suffice for testing purposes. Next, you’ll need to use Marauder to execute this type of attack. You can download it from this GitHub.
after that you need to choose Apps -> GPIO -> WiFi Marauder
In my case, the WiFi ID is 34
To navigate you may use the up, down, left, and right buttons
Then move back
Choose the attack menu
As far as we can see the Deauthentication attack has started.
Let’s look on to the WiFi analyser NetSpot
What it does it to do?
Sending Deauthentication Frames: Attackers can exploit vulnerabilities in the Wi-Fi protocol to send forged deauthentication frames to the access point, posing as the devices trying to disconnect.
Disconnecting Devices: When the access point receives these deauthentication frames, it interprets them as legitimate disconnection requests from the respective devices and disconnects them from the network.
Impact: This attack disrupts the connectivity of affected devices, causing them to lose network access temporarily or until they reconnect to the Wi-Fi network.
Please note. I put my flipper near my MacBook to show you how the WiFi analyser visualises it.
Let’s look at the Cisco Meraki Logs:
We’ve noticed an 802.11_reason_code = undefined, indicating a potential issue with your WiFi. Cisco Meraki offers additional WiFi diagnostic tools. Though debugging steps aren’t covered in this article, a log analyser like Splunk can help identify the problem.
To be more protected, please use 802.11w to protect Management Frames
I hope this article can assist you to improve your network security. And/mitigate similar attacks.
