Imagine you're cruising on an open road when a truck blocks the main road. The blockade forces you to take a detour through a one-way street, where people in an unmarked van seize and strip you of your valuables.
That is essentially how a Wi-Fi disassociation attack works: the road is your internet connection, your car is your router, the people in the van are hackers, and your valuables are data stored on your phone. So how does a disassociation attack work? How can you protect yourself?
What Is a Disassociation Attack?
A disassociation attack is a cyberattack where a hacker forces a device to lose internet connectivity either temporarily or for an extended time. One second, you're using your internet, and the next, your connection vanishes.
Your phone or laptop will try to reconnect as usual, but your router will be unavailable. The attack can be one where the attacker simply wants to kick you off the network for fun. However, it is seldom so. Most disassociation attacks are by hackers who want a profit.
And usually, in that case, when your device attempts to reconnect to the router, it'll be connecting to an evil twin (cloned) router the attacker has set up for that purpose. Most people won't notice a difference when they connect to a cloned router, but their internet activities will be visible to the attacker.
How Does a Disassociation Attack Work?
Like all hacks, disassociation attacks are a result of cybercriminals exploiting security loopholes or vulnerabilities in a network setup. The former is usually inherent in the protocol a technology operates on—how Wi-Fi connections happen. The latter is a case of a target using unsecured Wi-Fi or using a protocol with weak security.
That said, let's dig into how a hypothetical disassociation attack would happen. Generally, a disassociation attack happens in two phases.
Hacker Finds the Router and Connected Devices
In an area with high internet traffic, an attacker would need to identify the router to attack, as well as the devices connected to it. They typically do this using network sniffing tools.
Network sniffing tools are mostly software—but sometimes hardware—that monitors network traffic. These are freely available on the internet for consumer and business use. Company admins typically use these tools to monitor customer bandwidth usage. For example, it's how a café would know you've exhausted your free 1GB allowance or that your 30-minute access to free Wi-Fi is up.
Hackers, however, use network sniffers to get the information they can use to launch an attack. Generally, they're looking for information about the origin and destination of data packets and the security/encryption protocol used. More specifically, they also want to know your device's MAC address, IP addresses, Wi-Fi 802.11 standard, and the Wi-Fi security protocol (WEP or WPA).
Hacker Initiates a Denial of Service (DoS) Attack
Armed with the aforementioned information, the hacker may then launch their disassociation attack via a MAC-level Denial of Service (DoS). Here, the hacker sends a barrage of deauthentication packets to capture your router's management frames.
This attack will cause the connected device to disconnect. Then, when the device tries to reconnect, the attacker can exploit the steps in the Wi-Fi reauthentication protocol to perform a brute-force attack on the password. Hacking this password gives the hacker access to your internet activities.
Alternatively, a hacker may clone your router and boost the clone's signal strength. When your device searches for available networks, it will see and connect to the spoofed router instead of the original router. In this case, your internet activities will also be in full view to the hacker.
How to Protect Yourself From Disassociation Attacks
You cannot prevent a hacker from targeting you with disassociation attacks. However, you can protect the privacy of your internet activity, keep files on your computer secure, and even bat off the attacks with the right setup.
Secure Your Wi-Fi
For starters, you should enable your Wi-Fi security and use a strong password. Your Wi-Fi password should be at least 16 characters long and comprise of alphanumeric characters.
Also, most routers and internet-enabled devices come with default Wi-Fi passwords. A web search can provide a hacker with this information. So, as a rule of thumb, you should always change default passwords on your devices.
Spoof Your MAC Address
It's not fun to do, but consider spoofing your MAC address. Spoofing your MAC address is not an absolute guarantee, but it will make it even harder for a hacker to level a disassociation attack against you. Perhaps even hard enough for the hacker to give up.
There are two ways to spoof a MAC address on Linux: for beginners and power users. Meanwhile, the process of spoofing a MAC address on Windows is much easier to follow. Likewise, the process isn't complicated on macOS devices either.
Use a VPN
A VPN encrypts the content of your internet traffic, so anyone snooping cannot see it. You can think of the way a VPN works as driving through a tunnel to avoid a helicopter. Although a VPN cannot prevent a disassociation attack, it can conceal the contents of your data packets from hackers on the network.
Use Antivirus Software
In addition to securing your Wi-Fi and using a VPN, also consider using antivirus and keeping the virus definitions up to date. Windows comes with a default protection software, Windows Defender, and it's good enough to protect you from most threats. MacOS computers have a native defender too.
For starters, you should consider activating this layer of protection, even if you would prefer to use a third-party antivirus. This way, you get protection against malware that a hacker may attempt to install on your system.
Encrypt Your Computer
Wi-Fi security can be cracked. A VPN isn't infallible, and an antivirus doesn't guarantee absolute protection either. So you should also consider encrypting your device.
This way, your files will be useless to a hacker who hijacks your computer and steal your files. Setting up military-grade encryption on your Windows computer is quite easy, and the entire process can take from a few minutes to a couple of hours, depending on how much disk space you need to encrypt.
Use a Router That Supports Secure Wi-Fi Standards
802.11w is a Wi-Fi standard designed with enhanced security for management frames. Routers equipped with this standard are resilient to disassociation attacks.
Although this protocol exists, few consumer hardware support the Wi-Fi standard. Instead, consider using a router with 802.11ax (aka Wi-Fi 6), as those have better security without sacrificing backward compatibility with devices that use older standards.
Get a Wireless Intrusion Prevention System (WIPS)
WIPS are effective at preventing disassociation attacks, but they are expensive to install and maintain—making them out of reach for the individual. If you'd still rather get a WIPS, consider products like Cisco Adaptive Wireless IPS, Aruba RFProtect, and AirTight WIPS.
Switch to Ethernet
This one is more of a last resort, but is nonetheless an effective measure to prevent disassociation attacks. Because of the way Ethernet works, it's more secure, albeit less pleasant to work with compared to a wireless connection. The setup uses a lot of cables, and you'll have to keep them tidy. However, that's a good thing if you want to remove the security loopholes and vulnerabilities in wireless connections.
A hacker would have to attach a physical device to the network to carry out an attack, which means they would have to enter your home or office. Doing this would likely leave a trail of evidence and increase the hacker's chances of being caught. Most hackers would rather find easier targets than risk getting caught.
Disassociation Attacks: More Than Mere Nuisance
It doesn't matter if you're at home or in a hotel. Getting cut off from the internet is not a pleasant experience for anyone. Worse still, you won't know that you've been the target of a disassociation attack. Most people would think it's a network glitch. Indeed, disassociation attacks are difficult to detect and prevent for most people. Still, it is possible to reduce the attack's impact or even emerge unscathed.