Wireless Network Attack: Raising the

Awareness of Kampung WiFi Residents

Syahrul Fahmy, Akhyari Nasir and Nooraida Shamsuddin
Faculty of Computer, Media and Technology Management
TATI University College
24000 Kemaman
Terengganu, MALAYSIA


Abstract The rapid growth of I nformation and Communication
Technology has made people around the world spending more
time on the Internet than ever before. Online activities are
carried out on a daily basis from information searching to
property purchasing. This trend is on the uprise with commercial
I nternet Service Providers offering affordable wireless broadband
connection to all, including in rural areas. In some countries, free
Internet access is given to residents through hotspots such as
Kampung WiFi in Malaysia. Although this means more people
can connect to the information highway, it raises the issue of
I nformation Security and Privacy how secure are these
networks? This paper aims to demonstrate the vulnerability of
Kampung WiFi networks in order to amplify awareness among its
Internet users with regards to security and privacy. Background
of Kampung WiFi is presented in Section I while Section II
presents wireless network implementation technologies namely
WLAN, WMAN, WWAN. Review of classic network attacks
including Malicious Associations, Identity Theft, Man-I n-The-
Middle, Network I njection, Caffe Latte and Denial-of-Service is
presented in Section III and Section IV demonstrates wireless
network attacks using Cain & Abel, Wireshark and
NetworkMiner. Finally, conclusion is made in Section V. It is
hoped that this paper will highlight the importance of IT security
and privacy in Kampung WiFi.
Keywords- Kampung WiFi, I T Security, I nformation Privacy

I. INTRODUCTION
The Kampung WiFi program was launched by the Ministry
of Information, Communications and Culture in 2010 to
bridge the digital divide between rural and urban communities
in Malaysia [1]. It is a joint effort between the
Communications & Multimedia Commission and several
Communication Service Providers (CSPs). The cost of setting
up Kampung WiFi varies from RM 15,000 RM 30,000 each,
depending on technology used i.e. fixed phone line, satellite,
etc. Speed is anticipated to be up to 4Mbps within a 50 meter
radius with different hardware setup depending to
geographical locations. For areas with fixed line access, a
router will be placed at a designated location (house, school,
etc). In rural areas with limited (or lack of) fixed line access, a
satellite tower is erected on high grounds (such as hills) to
transmit WiFi signals. Currently there are more than 400
Kampung WiFi in Sarawak, 400 in Sabah, 350 in east-coast
Peninsular and 500 in west-coast Peninsular.
Three criteria are used for setting up Kampung WiFi: the
number of residents; distance to the nearest wireless
infrastructure (3G/4G); and the availability of wired
infrastructure (fixed lines).

There are more than 16 million Internet users in Malaysia
from its population of 26 million (2010 statistics) [2].
Although the figure is impressive, it prompts the question of
information security and privacy. According to the Malaysian
Computer Response Team, in 2009 alone there were 3,564
computer security incidents; 184,407 spam e-mails; and
1,889,165 incidents of botnet and malware infection [3]. It is
anticipated that by the end of 2012, the number of Kampung
WiFi will reach 4000. So, are these users aware of the danger
that lurks within this service? How adept are they to embrace
this new technology? This paper is part of an on-going
research effort in Kampung WiFi [4] and aims to demonstrate
the vulnerabilities of these networks in order to raise
awareness towards information security and privacy.


II. WIRELESS NETWORK
This section presents an overview of wireless broadband
technology in Malaysia and used in the implementation of
Kampung WiFi. Wireless network provides high-speed
wireless Internet and can be implemented in three (3) ways;
Wireless Local Area Network, Wireless Metropolitan Area
Network and Wireless Wide Area Network.

A. Wireless Local Area Network (WLANs)
WLAN consists of several elements including the client
and access point. The client represents the group of devices
within the WLAN that are connected to the single point of
aggregation the access point that connects to the Internet
or other network infrastructure [5]. WLAN uses radio
frequency signals in 2.4 GHz and 5 GHz spectrum as its
transmission medium [6]. Wi-Fi or IEEE 802.11 is the set of
standards established to define WLANs. A number of different
protocols are defined in the 802.11 family of standards,
addressing various operating frequencies and maximum
throughputs [7], summarized in Table 1.
978-1-4673-1938-6/12/$31.00 2012 IEEE

Table 1: IEEE 802.11 Standards

STANDARD YEAR
DATA
RANGE
RADIO
FREQUENCY
RANGE
802.11a 1999 54 Mbps 5 GHz Short
802.11b 1999 11 Mbps 2.4 GHz Medium
802.11c 2003 54 Mbps 2.4 GHz Medium

Although the 802.11a was the first standard created in the
802.11 family, 802.11b became the first widely accepted
wireless networking standard, followed by 802.11a and
802.11g.

B. Wireless Metropolitan Area Network (WMANs)
WMAN is a form of wireless networking that has an
intended coverage area, a range of approximately the size of a
city [8]. WiMAX (IEEE 802.16) is a wireless digital
communication standard intended for WMANs and promises
very high data rates, high reliability, good efficiency and
lower cost. WiMAX provides a coverage radius of up to 50
km and data rates of up to 70 Mbps.

C. Wireless Wide Area Network (WWANs)
WWAN covers a much broader area than Wi-Fi or WiMax,
with coverage usually measured on a nationwide or even
global basis [9]. WWANs provide broadband data network
with a far greater range, using cellular technologies such as
GPRS, HSPA, UMTS, and LTE [10] at different speed.


III. CLASSIC NETWORK ATTACKS
This section briefly presents several infamous attacks to
wireless network including Malicious Associations, Identity
Theft, Man-In-The-Middle, Network Injection, Caf Latte and
Denial-of-Service.

A. Malicious Associations
Malicious Associations [11-13] are wireless devices that
are made by attackers to connect to a network through Soft AP
(such as laptop) instead of a legitimate Access Point (AP).
Using computer programs, these laptops are made to imitate a
legitimate AP. Once access is gained, the attacker can obtain
passwords, launch attacks on the network, or plant Trojans.
Since wireless networks operate at Layer 2, Layer 3 protections
such as network authentication and Virtual Private Networks
(VPNs) offer no barrier.

B. Identity theft
Identity Theft or MAC Spoofing [14-16] occurs when an
attacker listens to network traffic and identifies the MAC
address of a computer with appropriate privileges. Most
wireless systems use MAC filtering to allow authorized
computers with specific MAC ID to gain access to the network.
802.11 devices transmit unencrypted MAC address in its
headers, and require no special equipment or software to detect
it. Anyone with an 802.11 receiver (such as a laptop) and a
wireless packet analyzer could obtain the MAC address of
transmitting 802.11 devices within range.

C. Man-In-The-Middle
Man-In-The-Middle [17-19] allures computers to log into
another computer which is set up as Soft AP. Once this is done,
the attacker connects to a real AP (through another wireless
channel) offering a steady flow of traffic through the attacking
computer to the real network. The attacker can then sniff the
traffic. Hotspots are particularly vulnerable to any attack since
there is little security, if any, on these networks.

D. Network Injection
Network Injection [20-22] enables attacker to use APs that
are exposed to non-filtered network traffic, specifically
broadcasting traffic such as Spanning Tree, OSPF, RIP, and
HSRP. The attacker injects bogus networking re-configuration
commands that affect routers, switches, and intelligent hubs. A
whole network can be brought down in this manner and require
rebooting or even re-programming a large number, if not all,
intelligent networking devices.

E. Caffe Latte
Caffe Latte [23-25] is a method to defeat WEP where the
attacker does not necessarily be in the area of the network.
Using a process that targets the Windows Wireless Stack, it is
possible to obtain the WEP key from a remote client. By
sending a flood of encrypted ARP requests, the attacker takes
advantage of the shared key authentication and the message
modification flaws in WEP. An attacker can use the ARP
responses to obtain the WEP key in less than 6 minutes [8].

F. Denial-of-Service
Denial-of-Service (DoS) [26-28] occurs when an attacker
continually bombards an AP with bogus requests, premature
successful connection messages, failure messages, and other
commands. The usual reason for performing a DoS attack is to
observe the recovery of the wireless network, during which all
of the initial handshake codes are re-transmitted by all devices,
providing an opportunity for the attacker to record these codes
and use various tools to analyze security weaknesses and
exploit them to gain unauthorized access to the system.
The list of attacks is by no means complete, with new tools
are developed and made available on a daily basis either for
free or for a small fee. These attacks are just the top of the
iceberg and if not addressed properly, may result in
catastrophic consequences. Almost all of these attacks can
occur in Kampung WiFi.
IV. WIRELESS ATTACK SIMU
This section presents attack simulat
network (similar to Kampung WiFi), carr
University College. The objective of this s
fold: (1) To demonstrate that wireless atta
WiFi are possible; and (2) To establish that
affect personal and vital information of the u
40 Personal Computers (PCs) and 3 lapto
simulation. The computers are stationary a
CCNA Computer Laboratory and General I
the Faculty of Computer, Media
Management. The laptops are mobile and
attacks to the network. All computers are
versions of Windows operating system from
Windows 7.
Different wireless configurations are use
different wireless settings that might be u
WiFi including using commercial broadband
as Celcom and DiGi.
The simulation makes use of existing
launch attacks to the network. Respondents w
they are part of a study to investigate IT sec
All respondents are allocated a PC and requ
several tasks including (i) Logging into the
and send an e-mail; (ii) Logging into their
and carry out usual tasks; and (iii) Logging
banking account and logging off. Three (3)
are used namely Cain & Abel, Wireshark and

A. Cain & Abel
Cain & Abel is a password recovery t
Operating Systems. It allows the recovery
sniffing the network, cracking encrypted
Dictionary, Brute-Force and Cryptanalysis
VoIP conversations; decoding scramb
recovering wireless network keys; revealing
uncovering cached passwords; and analyzing
[29].



ULATION
ions to wireless
ried out at TATI
simulation is two-
acks to Kampung
these attacks will
users.
ops are used in this
and located in the
IT 2 Laboratory at
and Technology
d used to launch
running different
m Windows XP to
ed to replicate the
used in Kampung
d connections such
software tools to
were informed that
curity and privacy.
uested to carry out
eir e-mail account
Facebook account
into their internet
different software
d NetworkMiner.
tool for Microsoft
of passwords by
passwords using
attacks; recording
bled passwords;
g password boxes;
g routing protocols

FIGURES 1A & 1B: Obtaining U
Acc
We were successful in
combination for online e-mail
Figures 1A & 1B illustrate
credentials of two e-m
webmail.tatiuc.edu.my were


B. Wireshark
Wireshark is a network pro
interactively browses the tra
network [30]. Features of Wires
hundreds of protocols; live cap
platform; reading live data from
HDLC, ATM, Bluetooth, USB
FDDI, and others; and decrypt
including IPsec, ISAKMP, Kerb
and WPA/ WPA2.



Username-Password for Online E-Mail
count

obtaining username-password
l accounts using Cain & Abel.
results of the attack where
mail accounts hosted at
obtained.
otocol analyzer that captures and
affic running on a computer
shark include deep inspection of
pture and offline analysis; multi-
m Ethernet, IEEE 802.11, PPP/
B, Token Ring, Frame Relay,
tion support for many protocols,
beros, SNMPv3, SSL/TLS, WEP,

FIGURES 2A & 2B: Revealing Comments M

We were successful in revealing com
individual Facebook account using Wiresha
2B illustrate results of the attack where the c
Sufi Asri were revealed.

C. NetworkMiner
NetworkMiner is a Network Forensi
(NFAT) for Windows and can be used as a
sniffer/ packet capturing tool in order to
systems, sessions, hostnames, open ports et
any traffic on the network [31]. NetworkM
about hosts on the network rather than
regarding traffic on the network.



Made on Facebook
mments made on
ark. Figures 2A &
omments made by
c Analysis Tool
a passive network
o detect operating
tc. without putting
Miner collects data
n collecting data
FIGURES 3A & 2B: Readin
We were successful in read
mail account using NetworkMi
result of the attack where t
successfully displayed.
FIGURE 4: Obtaining Username-P

We were also successful
password for an online bank ac
of the attack where the userna
account was successfully obtain





ng Individual e-Mail Account

ding the content of an online e-
iner. Figures 3A & 3B illustrate
the content of an e-mail was


Password for Online Bank Account
l in obtaining the username-
ccount. Figure 4 illustrates result
ame and password for a CIMB
ned.
V. CONCLUSION AND FURTHER WORK
The Kampung WiFi program aims to bridge the digital
divide between rural and urban communities in Malaysia.
Currently there are more than 400 Kampung WiFi in Sarawak,
400 in Sabah, 350 in east-coast Peninsular and 500 in west-
coast Peninsular. Wireless network provides high-speed
wireless Internet and implemented in three (3) ways; Wireless
Local Area Network, Wireless Metropolitan Area Network
and Wireless Wide Area Network. Attacks to wireless network
such as Malicious Associations, Identity Theft, Man-In-The-
Middle, Network Injection, Caf Latte and Denial-of-Service,
are not uncommon and pre-emptive measures should be taken
to minimize if not curb them.
This paper has demonstrated the possibility of wireless
attacks to Kampung WiFi by means of computer software that
can be easily downloaded from the Internet. Results of this
demonstration have revealed alarming results including
successfully obtaining username-password combination of
online e-mail accounts, reading comments made on Facebook;
revealing the content of e-mail account; and obtaining
username-password combination for online bank account.
These are just some potential issues surrounding Kampung
WiFi and need to be carefully addressed to ensure the smooth
implementation of the program. Cooperation from all quarters
is needed. CSPs have to publish clear guidelines on Internet
security policy and procedures. Internet users in Kampung
WiFi have to be extra-vigilant when using this service and
keep abreast with security measures that can be implemented
to safeguard confidential information when connecting to the
Internet. The Government through MyCert, NGOs, MyCert
and other bodies, can help by notifying Kampung WiFi users
of security threats from time to time.
Works in the near future include empirical study of the
awareness level; and IT security modelling for Kampung
WiFi. It is hoped that the objectives of the program can be
achieved without the expense of confidential information of
the users. As Burke once said, better be despised for too
anxious apprehensions, than ruined by too confident security.

REFERENCES

[1] Bahagia Jaya Kampung Wifi Pertama. Utusan Malaysia: 12 May 2010.
[2] International Communication Union. http://www.itu.int/ Last accessed
August 2011.
[3] Malaysian Computer Emergency Response Team.
http://www.mycert.org.my/ Last accessed August 2011.
[4] Akhyari Nasir et. al., Issues Surrounding Kampung WiFi. TATIUC
Research and Innovation Exhibition (TARIE 2012). Kuala Terengganu,
Malaysia, 18-19 May 2012.
[5] Alan Sicher, Randall Heaton, White Paper Of GPRS Technology
Overview, Dell, 2002. Retrieved May 2011.
http://webpc.ciat.cgiar.org/wireless/documents/2002-gprs_overview.pdf
[6] Booz, Allen, Hamilton, White Paper Of Route Diversity Project
Wireless Communications Capabilities; Evaluation Of Wireless Fidelity
(Wi-Fi) Technology In Support Of ESF #2 Disaster Response Role,
Technology And Programs Division (N2), 2007.
[7] White Paper Of LTE: The Future Of Mobile Broadband Technology,
Verizon Wireless, 2009. Retrieved May 2011.
https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2
0mobile%20broadband%20technology.pdf
[8] White Paper Of WIMAX And Thefuture of Wireless Technology;
Connecting The New Millennium, Emerging Technology, IJIS Institute.
Retrieved May 2011.
http://www.ijis.org/docs/wp/ijis_wp_wimax_20070618_final.pdf
[9] Karen Scarfone, Cyrus Tibbs, Matthew Sexton, Guide To Securing
Wimax Wireless Communications, National Institute Of Standards
And Technology, 2010
[10] White Paper Of LTE: The Future Of Mobile Broadband Technology,
Verizon Wireless, 2009. Retrieved May 2011.
https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2
0mobile%20broadband%20technology.pdf
[11] Vipul Goyal, Virendra Kumar, Mayank Singh. An Efficient Solution for
the ARP Cache Poisoning Problem. The First Information Security
Practice and Experience Conference (ISPEC 2005), Singapore, April
2005, Lecture Notes in Computer Science, Springer-Verlag.
[12] Asthana, N C, and Anjali Nirmal. Urban Terrorism: Myths and
Realities. Jaipur: Pointer Publishers, 2009.
[13] Vacca, John R. Guide to Wireless Network Security. Springer (2006).
[14] Lambert M. Surhone, Mariam T. Tennoe, Susan F. Henssonow (edited
by). MAC Spoofing. Betascript Publishing. 2010.
[15] Dru Lavigne. BSD Hacks. O'Reilly Media Inc. 2004.
[16] Thomas W. Shinder, Thorsten Behrens. The Best Damn Firewall Book
Period. Syngress. 2007.
[17] V.S.Bagad, I.A.Dhotre. Computer Networks - II. Technical
Publications. 2009.
[18] Brian L. Stuart. Principles of Operating Systems: Design &
Applications. Cengage Learning EMEA, 2008
[19] Jon Erickson. Hacking: The Art of Exploitation. No Starch Press.
2008.
[20] Nitesh Dhanjani, Justin Clarke. Network Security Tools. O'Reilly
Media, Inc. 2005.
[21] Harald Rohde, Dominic A. Schupke. Securing Passive Optical
Networks Against Signal Injection Attacks. Proceedings of the 11
th

International IFIP TC6 Conference On Optical Network Design and
Modeling ONDM'2007. pp.96~100
[22] Merritt Maxim, David Pollino. Wireless Security. McGraw-Hill
Professional. 2002.
[23] Bruce Brown. How to Stop E-Mail Spam, Spyware, Malware,
Computer Viruses and Hackers From Ruining Your Computer Or
Network: The Complete Guide for Your Home and Work. Atlantic
Publishing Company. 2010.
[24] Ian Barile. Protecting your PC. Charles River Media. 2006.
[25] Michael Miller. Is It Safe?: Protecting Your Computer, Your
Business, and Yourself Online. Que Publishing. 2008.
[26] Jelena Mirkovic, Sven Dietrich, Peter Reiher. Internet Denial Of
Service: Attack and Defense Mechanisms. Prentice Hall Professional
Technical Reference. 2005.
[27] Chin-Tser Huang, Mohamed G. Gouda. Hop Integrity in the Internet.
Springer. 2006.
[28] Joseph Migga Kizza. Ethical and Social Issues in the Information
Age. Springer. 2010.
[29] Cain & Abel. http://www.oxid.it/cain.html/ Last accessed February
2012.
[30] Wireshark. http://www.wireshark.org/about.html/ Last accessed
February 2012.
[31] NetworkMiner. http://www.netresec.com/?page=NetworkMiner Last
accessed February 2012.