Wireless Penetration Testing

Are Wireless Networks Dangerous?​

Wireless networks offer incredible flexibility for organisations, giving employees extensive access to data and systems. However, they also act as a very straightforward entry point for cyberattacks. Threats to WiFi networks are unique, and the challenges and risks can be hugely detrimental to an organisation.

Wireless networks, if implemented insecurely, can grant attackers access to internal corporate resources from external locations beyond the physical company premises. There are numerous opportunities for threats to occur in wireless infrastructure.

Below is a list of some common network vulnerabilities:

  • Rogue access points / spoofing;
  • Guest WiFi weaknesses;
  • WPA keys and packet injection vulnerabilities;
  • Default router setups;
  • Poor encryption algorithms;
  • Weak passwords;
  • Zero configurations on a WiFi network.

Wireless Penetration Testing can help identify weaknesses, vulnerabilities and architectural flaws that would allow attackers to obtain sensitive information via a wireless solution.

Wireless security, under the IEEE 802.11 standard, is inherently insecure. Bridewell Consulting can help your organisation assess your organisation’s current security posture of your infrastructure, and by extension, its supporting procedures.

Our wireless penetration tests will consist of numerous testing procedures to identify security issues and assess your wireless infrastructure’s reliability, and how susceptible it is to potential attackers.

Types of Wireless Penetration Tests​

A WiFi network penetration test can typically include anything from the following:

  • Identification of WiFi networks, by way of information or signal leakage and wireless fingerprinting.
  • Pinpointing opportunities for network penetration either by evading WLAN (Wireless Local Area Network) access control measures or using wireless connectivity.
  • Determining encryption weaknesses, by performing encryption cracks, session hijacking or wireless sniffing.
  • Isolating the identities and credentials of legitimate users, for accessing private networks and services that would otherwise be hidden.


Man-in-the-Middle Attack Testing 

This involves intercepting communications between an entity and a victim. This involves either injecting malicious software (usually by phishing) or physical proximity to the intended victim. MITM attacks can come from access to unsecured routers, where tools can be inserted between devices and websites to capture login details and personal or sensitive information.

Wireless Denial of Service

A DOS attack is a malicious, targeted attack which can disable a WLAN. Wireless networks are vulnerable to DOS attacks; the bandwidth and resources available to intended users is overwhelmed, thus forcing it to shut down. Hackers can use other computers on a network to send ‘packets’ to the server, reducing its bandwidth for other, legitimate users.

Bluetooth Attacks

Cyber attackers can launch attacks on Bluetooth devices, via several methods. Bluejacking (sending unsolicited messages to nearby devices via images, texts or sound clips), blue snarfing (unauthorised access to information from a connection) or even blue bugging (which gives attackers control over mobile devices).

The above types of wireless network attack are performed as a measure of ethical hacking by Bridewell Consulting. Purely to determine vulnerabilities and security posture in wireless infrastructure, this testing is primarily conducted on and in the vicinity of client premises, at convenient times to suit your requirements.

Once the penetration testing has been completed, you will be provided with a detailed rundown of recommended remediation. This will, in turn, give you an idea of how to improve your wireless security.

Our Wireless Penetration Testing Process​

Perimeter Assessment
The focus will be to establish the strength of any signal leakage to determine the range, and the possibility to connect, to the WiFi network.

On-Site Assessment
The focus will be to test the visibility of access points, and enumeration of the access points, and identification of potential information leakage from wireless broadcast traffic.

A detailed assessment of the wireless networks will be conducted before, during and after authentication, to determine the level of access the wireless network should be compromised through any of the other stated techniques.

Why Should I Penetration Test My Wireless Networks?​

Why might you need a network penetration test? There are numerous advantages of completing one, including (but not limited to) the following.

  • Improve your incident response to an attack.
  • Flag security and data vulnerabilities.
  • Detect default wireless routers.
  • Identify unauthorised or rogue access points.
  • Get real-world insight into how an attack could take place.
  • Get an idea of your current security posture.
  • Determine whether your protocols are industry-accepted (WPA2).
  • Isolate misconfigured or duplicated wireless networks.
  • Identify whether your organisation would benefit from RADIUS servers, rather than WPA/WPA2. RADIUS servers use separate login IDs and passwords for each user, which requires authentication, making them more difficult for attackers to penetrate.

Bridewell possess industry-recognised technical certifications, including CREST, Tiger and CEH, which ensures all of our penetration tests are authorised and conducted by experienced professionals. We have the appropriate security clearance to conduct independent assessments of your infrastructure, critical assets and applications. We can also give you guidance on how to guarantee their protection.

We will always ensure you fully understand what is required following our penetration tests, through detailed remediation guidance to provide you with the necessary assistance and assurance.

Before any penetration test is performed, we will always agree on the appropriate penetration testing methodology with you during our scoping exercise. This ensures you are receiving the most suitable level of assessment for your organisation. Each expert penetration tester will remain completely transparent with you ahead of any security assessment.

Wireless networks in the United Kingdom must comply with all Payment Card Industry Security Standards Council (PCI DSS) requirements. If businesses store, process and transmit cardholder data, wirelessly, they must ensure they are doing it over a legally compliant WiFi solution

Ready to Take the Next Step?​​​​

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Bridewell Consulting may contact you from time to time to keep you informed of security news and events.

You will always have an option to change your preferences or unsubscribe in line with our Privacy Policy.

Our Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.