Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
WEP RC4 cracking, WPA2 PMKID and KRACK, WPA3 Dragonblood, evil-twin and captive-portal phishing, NFC and QR fraud, IMSI catchers and the Indian wireless threat landscape.
Every wireless protocol since 1997 has shipped with at least one cipher that was broken before the next generation reached production. WEP fell to FMS in 2001, was wounded by KoreK in 2004, and was finished by PTW in 2007. WPA-TKIP fell to Beck-Tews in 2008. WPA2 was bruised by KRACK in 2017 and by the PMKID handshake-less attack in 2018. WPA3 lost its first round to Dragonblood in 2019. The pattern is consistent: the air interface is the easiest place to attack a network, because the attacker does not need to plug anything in, and the standard's authors have spent twenty-five years catching up to the standard's attackers.
This topic covers the Indian wireless threat surface as the digital forensics paper and the NFSU MSc course frame it: protocol weaknesses from WEP through WPA3, the Aircrack-ng and hashcat workflows examiners are expected to know by name, rogue-AP and evil-twin tradecraft as seen at Indian airports and metro stations, NFC and QR attacks that dominate Indian high-street fraud filings, and the cellular-layer attacks (IMSI catchers, 4G to 2G downgrade) that bridge into mobile forensics. Cross-link references run to computer networking fundamentals, network attacks, live packet capture and mobile network attacks.
The names on a captured frame are the first evidence at the access layer.
A Wi-Fi capture is only useful to an examiner who can read the addressing. Each frame in a monitor-mode capture carries up to four address fields: the source MAC, the destination MAC, the BSSID (the AP's MAC), and a fourth address used only in wireless distribution system frames. The BSSID is the anchor: every association, authentication and data frame in a basic service set names that BSSID. The ESSID is the readable network name and appears in beacon frames roughly ten times a second.
The 2.4 GHz band carries channels 1 through 14 (with 12, 13 and 14 restricted by region; India permits 1 through 13 under Wireless Planning and Coordination Wing rules). The 5 GHz band carries 4 non-overlapping channels in the lower UNII-1 sub-band plus more in UNII-2, UNII-2e and UNII-3, with dynamic frequency selection mandatory in the radar-sharing sub-bands. The 6 GHz band, opened in India by DoT in May 2024 for low-power indoor use, carries 59 non-overlapping 20 MHz channels.
| Band | Channels (India) | Range | Crowding |
|---|---|---|---|
| 2.4 GHz | 1 to 13 (20 MHz) | Long, wall-penetrating | Heavy: legacy clients, Bluetooth, microwaves |
| 5 GHz | 36 to 165 (with DFS gaps) | Medium, weaker through walls | Moderate, growing |
| 6 GHz (Wi-Fi 6E / 7) | 59 channels at 20 MHz (LPI only) |
RC4 with a 24-bit IV and no integrity, broken in five minutes on a busy network.
WEP combines a 40-bit or 104-bit pre-shared key with a 24-bit initialisation vector to produce an RC4 keystream. The IV is sent in the clear. Two flaws compound. First, the IV space is small enough (16.7 million values) that a busy AP repeats IVs within hours. Second, the FMS attack of Fluhrer, Mantin and Shamir in 2001 showed that certain "weak" IVs leak information about the key bytes, so the attacker needs only IV reuse plus enough weak IVs to solve for the key.
KoreK improved the attack in 2004 by adding more biased-keystream observations, reducing the number of IVs needed from millions to tens of thousands. The PTW attack by Pyshkin, Tews and Weinmann in 2007 reduced the number further, to roughly 40,000 IVs for a 104-bit key with 50% success. Practical cracking time on a moderately busy AP is 5 to 15 minutes.
The 4-way handshake is fast to capture and slow to crack only if the password is strong.
WPA-PSK introduced TKIP, which wraps RC4 with a per-packet keying function and a Michael MIC. The MIC plus per-packet keys closed the IV-reuse hole that finished WEP, but the password-based key derivation (PBKDF2-HMAC-SHA1 with 4096 iterations and the ESSID as salt) is still attackable offline once the 4-way handshake is captured. WPA2-PSK kept the same handshake but replaced TKIP and Michael with AES-CCMP. The dictionary attack against the handshake works against both.
The handshake capture is straightforward. airodump-ng on the target channel logs all frames; an aireplay-ng -0 deauthentication burst forces an existing client to re-associate, producing a fresh handshake. The capture is then run through aircrack-ng -w wordlist.txt cap.cap for CPU-bound cracking, or converted with hcxpcapngtool and run through hashcat -m 22000 for GPU-accelerated cracking at hundreds of thousands of guesses per second on a single consumer GPU.
The PMKID attack changes the economics. Jens Steube, hashcat's lead developer, showed in August 2018 that many APs leak a Pairwise Master Key Identifier in the first EAPOL frame of any association attempt, without a client ever completing the handshake. hcxdumptool requests the PMKID from the target AP directly; no client is required. The PMKID is fed to hashcat -m 16800 (modern: -m 22000 with the unified format) for the same offline dictionary attack.
WPA2-Enterprise uses 802.1X with a RADIUS server instead of a shared PSK. Each user authenticates with an EAP method (EAP-TLS, PEAP-MSCHAPv2, EAP-TTLS). The handshake-capture attack does not apply, but EAP relay attacks do: a rogue AP using eaphammer or impersonates the corporate ESSID, accepts the client's EAP exchange, and either harvests the MSCHAPv2 challenge-response for offline cracking or relays the credentials to the real RADIUS server. Certificate validation on the client side is the only defence; clients that do not pin the corporate CA are exploitable on first connection.
The cryptography moved to elliptic curves; the bugs moved with it.
KRACK, disclosed by Mathy Vanhoef in October 2017 as CVE-2017-13077 (and a family of related CVEs), targets the 4-way handshake itself rather than the password. Message 3 of the handshake confirms the Pairwise Transient Key. If the attacker replays message 3, a compliant client reinstalls the same PTK and resets its packet number counter, which under CCMP means the same keystream is reused for different plaintexts. The attacker can then recover plaintext bytes without ever knowing the PSK. The bug affected every WPA2 client implementation that followed the standard literally, with Android 6 and Linux's wpa_supplicant 2.4 to 2.6 hit hardest because their re-association behaviour zeroed the key on reinstall.
WPA3, ratified in 2018, replaced the 4-way handshake's password-based key derivation with Simultaneous Authentication of Equals (SAE), also known as Dragonfly. SAE is a balanced password-authenticated key exchange built on elliptic-curve Diffie-Hellman. The protocol is designed so an offline dictionary attack against a captured exchange yields no useful information about the password.
Dragonblood, disclosed by Vanhoef and Eyal Ronen in April 2019, broke that promise in three ways. CVE-2019-9494 is a timing side channel in the hash-to-curve operation that leaks information about the password to a co-located attacker. CVE-2019-9495 is a cache side channel against the same primitive. The companion CVEs cover downgrade attacks where a hybrid AP accepts both SAE and the legacy PSK exchange and an attacker forces the client to negotiate the weaker option.
| Generation | Cipher | Key exchange | Major break |
|---|---|---|---|
| WEP | RC4 with 24-bit IV | Pre-shared key | FMS 2001, KoreK 2004, PTW 2007 |
Same name, stronger signal, fake login page.
A rogue AP is any access point on or near the target network that the network operator did not authorise. An evil twin is a specific kind of rogue AP that imitates a legitimate ESSID. Most consumer and corporate clients are configured to auto-associate with a saved network when it appears with a strong enough signal, and most do not check anything beyond the ESSID. An attacker who broadcasts "AirportFreeWiFi" at higher transmit power than the airport's real AP captures the client without the user touching a button.
The capture pattern at an Indian airport or metro station typically runs as follows. The attacker brings up a portable AP (Wi-Fi Pineapple, an OpenWrt mini-router, or a laptop with hostapd) on the same ESSID as the venue's free Wi-Fi. The first HTTP request from any associated client is intercepted by a captive portal that imitates the venue's branding. The portal asks for the user's email and phone, sometimes for a corporate single sign-on, sometimes for the user's existing bank or wallet credentials in a "verify before browsing" prompt. The credentials are logged; the user is then released to the real internet via the attacker's uplink.
Beyond Wi-Fi: the adjacent wireless surfaces a forensic examiner is expected to know.
WPS, Wi-Fi Protected Setup, was meant to make residential pairing easier and turned out to make residential cracking trivial. The 8-digit PIN is checked as two 4-digit halves, so the search space collapses from 10^8 to 10^4 plus 10^4. Reaver implemented the online attack in 2011. Dominique Bongard's Pixie Dust attack in 2014 exploited weak PRNG seeding in many Broadcom and Realtek chipsets to recover the PIN offline from a single exchange. reaver -K 1 and bully implement Pixie Dust. The recommended posture is to disable WPS entirely; many Indian ISP-supplied routers ship with it on by default.
NFC vulnerabilities cluster around card cloning and relay. Proxmark3 and the open-source Flipper Zero will read most MIFARE Classic and many MIFARE DESFire (with key recovery for weak deployments) tags and emulate them back. Indian transit cards using older MIFARE Classic (some legacy Bengaluru and Delhi metro card generations) have been documented as cloneable in research papers; modern deployments have moved to DESFire EV2 or EV3 with stronger key management. Malicious NFC tag URLs, sticker tags placed on top of legitimate venue tags, redirect a tap to a phishing URL.
QR code attacks dominate the Indian fraud filings list. Three patterns matter. First, malicious QR redirecting to phishing or malware: the user trusts a QR on a poster more than a typed URL. Second, physical QR replacement (QRJacking): a fraudster prints a UPI QR with their VPA over a shopkeeper's legitimate code at the counter; customers scan and pay the fraudster instead of the shop. Third, UPI request-money QR confusion: the victim is sent a "scan to receive" QR that is actually a "scan to pay" request. NPCI advisories in 2023 and 2024 named QRJacking specifically and recommended laminated, single-print QRs with the merchant's name printed prominently above the code.
The cellular bridge is where wireless forensics meets mobile forensics. IMSI catchers (commercially Stingray, KingFisher; research-grade with a USRP plus srsRAN or YateBTS) impersonate a base station, force nearby phones to attach, log the IMSI and IMEI, and frequently downgrade the connection from 4G or 5G to 2G where the lack of mutual authentication lets the attacker intercept calls and SMS. The 4G to 2G downgrade is the practical lever: 2G GSM authenticates the network only via a one-way challenge, so a rogue 2G base station is trusted by default. Diameter protocol attacks at the operator core layer are out of scope for the air-interface examiner but show up in coordinated SIM-swap operations.
An examiner captures a WPA2 4-way handshake and wants to crack it at maximum speed on a single GPU. The correct tool plus mode is:
| Short, line-of-sight strong |
| Sparse: Wi-Fi 6E / 7 only |
The examiner reading a capture from a Bengaluru café incident first checks the channel and band the suspect frame lives on. A capture limited to channel 6 will miss a rogue AP camped on channel 11 or on 5 GHz channel 36. The Aircrack-ng tool airodump-ng with --band abg hops across 2.4 and 5 GHz; --band g6 adds 6 GHz on supported NICs.
The Indian anchor here is the long tail of legacy hardware. In 2024 a state SFSL audit of municipal Wi-Fi deployments in a Tier-2 city in Maharashtra found 47 routers still configured for WEP behind retail counters and small clinics. These are not academic targets; the same routers were named in three FIRs as the pivot point for downstream financial fraud. WEP cracking remains a recurring practical exam in NFSU labs and a recurring digital forensics MCQ.
hostapd-wpeAn Indian SOC team at a Mumbai BFSI client documented an internal red-team exercise in 2024 where an eaphammer-driven rogue AP harvested 41 MSCHAPv2 hashes from corporate laptops in a coffee shop two blocks from the office, in under 90 minutes. None of the laptops had certificate pinning enabled. Cross-link to live packet capture for the post-capture analysis side of the same exercise.
| WPA-PSK | TKIP plus Michael MIC | 4-way handshake | Beck-Tews 2008 (partial), dictionary on weak PSK |
| WPA2-PSK | AES-CCMP | 4-way handshake | Dictionary on weak PSK; PMKID 2018; KRACK 2017 |
| WPA2-Enterprise | AES-CCMP | 802.1X / EAP | EAP relay via rogue AP; MSCHAPv2 offline crack |
| WPA3-Personal | AES-CCMP / GCMP | SAE (Dragonfly) | Dragonblood CVE-2019-9494 et al. |
| WPA3-Enterprise 192-bit | GCMP-256 | 802.1X with stronger EAP | Implementation downgrade flaws |
The takeaway for the examiner is that "WPA3" on a router admin page does not by itself mean strong. The implementation must be patched against the Dragonblood family and configured in WPA3-only (not WPA2/WPA3 transition) mode for the strongest posture. Patched OpenWrt and patched vendor firmware (Cisco, Aruba, Ubiquiti) have shipped Dragonblood mitigations since mid-2019.
CERT-In's wireless advisory from late 2024 named a sustained campaign of evil-twin captive portals at Delhi, Bengaluru and Hyderabad metro stations, with credential harvests linked downstream to UPI fraud and SIM-swap requests. The advisory recommends disabling auto-join for public Wi-Fi, treating any captive portal that asks for OTP as hostile, and using a VPN for any session on a venue network. SSL stripping on plain HTTP and HSTS bypass via crafted redirects are the post-association layer; the cross-link to network attacks covers the wired-side parallels.
Defensively, the operator side wants a Wireless Intrusion Detection System. Kismet, AirMagnet and the WIDS modules built into enterprise controllers (Cisco WLC, Aruba Mobility Master) detect rogue BSSIDs by watching for a BSSID using an ESSID the operator owns from a MAC the operator did not authorise. A 6 dB signal-strength anomaly on a known ESSID is the standard alert trigger.
SIM swap fraud uses the cellular ID layer rather than the radio layer: the attacker convinces the carrier to port the victim's number to a SIM the attacker controls. The deep dive lives at /topics/digital-forensics/wireless-and-mobile-network-attacks-sim-swap-nfc-qr.