Vulnerability Analysis of GWireless

Abstract

Wireless networking has become very popular in recent years due to the increase in adoption of mobile devices. As more and more employees demand for Wi-Fi access for their devices, more companies have been jumping onto the "Bring Your Own Device" (BYOD) bandwagon[1] to appease their employees. One such example of an enterprise wireless infrastructure is the George Washington University's GWireless. For this project, I will attempt to capture hashes of authentication credentials from users who are connecting to the GWireless network using what is commonly known as the "evil twin" attack. I will document the hardware, software used and steps taken to configure the devices. I will then evaluate the feasibility of such an attack, explore variations of the attack and document measures that can be taken to prevent such an attack.