Mobile applications may transmit data to the network in clear or encrypted format and our testing will also interact with the server side components to capture and analyse traffic to identify vulnerabilities.  The increase in the deployment of wireless networks has led to an increase in the number of attackers who are capable of using them to attempt to penetrate the security controls of the organisation.  These attacks are commonly known as “war driving”.

The threat model for a wireless penetration test is an unauthorised outsider attempting to gain access to internal networks.  Wireless penetration is more risky than network penetration for an attacker as they need to be physically near to their target to make the attempt and to stay connected.  Examples of this class of attacker include hackers and activists.

The goal of the simulated attacker performing a wireless penetration test is network level access to the internal network.  Attacks may be performed on wireless clients and access points that are accessible and within the specified scope.

The testing follows a consistent and structured approach covering the following layers of the OSI network model:

• Data link; and

The methodology for the testing is as follows:

• Architecture Review
• Scanning & enumeration
• Attacking WEP
• Attacking WPA PSK
• Attacking WPA Enterprise
• Infrastructure Review

Upon identifying any weaknesses within your system DMA will provide you with a report detailing all of the vulnerabilities which have been identified within your system, categorising them by their risk and offering suggested remediation activities which should occur.  These remediation activities can be completed by your organisation or DMA’s services can be enlisted to assist.