What is a deauthentication attack?

Ruth C. | November 5, 2020

Deauthentication attack is a disruptive technique against wireless connections. It belongs to the denial-of-service family, abruptly rendering networks temporarily inactive. These tactics are usually low-key as they do not require unique skills or elaborate equipment. For some, deauthentication attacks are innocent pranks on coworkers, friends, or neighbors. However, it can be a component of a bigger ruse, such as an evil twin attack. As a result, perpetrators overwhelm networks with deauthentication requests, forcing them to drop their clients’ connections. Hence, how do networks become unstable, and why reconnections might lead straight to rogue access points?

How a deauthentication attack works

Deauthentication attacks represent fraudulent requests that interfere with the communication between routers and devices. The strategy attacks 802.11-based wireless networks, as they require deauthentication frames whenever users terminate connections. The dilemma here is that access points might not recognize that requests originate from a fraudulent source. Since networks do not validate incoming frames, hackers can imitate them. Lack of encryption adds fuel to the fire, even if sessions feature WEP.

Wi-Fi networks also do not have effective mechanisms for verifying MAC addresses. Perpetrators could spoof addresses and perform deauthentication attacks. Forged frames terminate connections. If attackers continue to send requests, users won’t be able to reconnect. While the attack could focus on a single target, all clients could lose connection to the access point.

As the attack forces clients to abandon the authentic AP, they might consider connecting to other hotspots. Rogue access points known as evil twins are highly prominent in the free Wi-Fi landscape. Nowadays, many popular hangouts supply free internet. Hackers could generate fake hotspots by mimicking the details of an official access point. So, after a deauthentication attack terminates clients’ connections, they could connect to a rogue network. Then, its owners can monitor all activities. This surveillance covers all communications, visited websites, financial transactions, and more. Hence, free Wi-Fi in crowded locations poses severe threats, especially if hackers set up evil twins nearby.

Scenarios when deauthentication attacks occur

Disturbingly, there are articles and special tools for performing deauthentication attacks. While this strategy is prevalent in hackers’ communities, its purpose could be benign. Let’s discuss several scenarios that force networks to drop connections.

  • Terminating hidden cameras. Airbnb clients always wonder whether accommodation providers follow the rules regarding surveillance through cameras. Over the years, frequent disputes forced Airbnb to forbid the use of cameras in rented apartments or rooms. However, more cunning homeowners can conceal cameras from their guests. White hackers emphasize that deauthentication attacks can reveal whether a rented apartment conceals cameras.
  • Hotels pushing their paid Wi-Fi plans. There have been incidents when hotels employed deauthentication to promote their Wi-Fi services. In fact, the Federal Communications Commission (FCC) issued documents stating that blocking or interfering with Wi-Fi hotspots is illegal. One of the first offenders was the Marriott hotel with financial motives for disrupting visitors’ access points. However, charging perpetrators with deauthentication attacks is a rare sight. Usually, victims might blame the interruptions on unstable Wi-Fi.
  • A prank on neighbors or friends. Ethical computer hackers could employ deauthentication for testing purposes. In other cases, tech-savvy users might make their neighbors stop stealing their Wi-Fi. However, deauthentication attacks can participate in evil twin attacks, highly damaging to victims’ privacy.

How not to fall victim to deauthentication attacks?

The prevention of deauthentication attacks does not offer many options. However, there are effective strategies for mitigating their impact. First of all, it is essential to ensure that your network applies WPA2 encryption. In case you use a pre-shared key, it needs to be complicated and lengthy. Another improvement might be 802.11w that validates deauthentication frames and discards spoofed ones. However, older hardware and IoT might not support it, raising connectivity issues for some Wi-Fi clients. Furthermore, remember that you have minimal control over free public Wi-Fi and its security.

The good news is that a VPN will assist if deauthentication attacks force clients to connect to evil twins. Atlas VPN creates a secure path between users and access points. All the data shared with the rogue network won’t be in plaintext. In fact, legitimate public Wi-Fi hotspots lack encryption, too. Even if you do not connect to an evil twin, Atlas VPN will prevent hackers from intercepting regular connections.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.
Ruth C.

Ruth C.

Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.


evil twindenial-of-servicewi-fi

© 2022 Atlas VPN. All rights reserved.