Wireless Penetration Testing

Wireless (Wifi) is inherently insecure and is often the launching pad for larger attacks and data breaches.

Wireless Penetration Testing Services

Steps to Schedule Your Wireless Penetration Test:

wireless penetration testing


Wireless access points are often the easiest way for an attacker to gain access to your network. The unbound nature of wireless signals increases touch points an attacker can use to break into your network. Attackers can now compromise your facility remotely –  from a park across the street, a hotel nearby, a parked vehicle, the office next door, etc. Our Wireless Penetration Test provides a report-card type of rating on a scale of 1-10 about the security of your wireless access points. We provide specific recommendations on how to improve your security rating to fall inline with your risk tolerance


The Wireless Penetration Test Report covers the SSIDs we assessed and includes a “report card” rating of how secure the wireless access points are in terms of risk. We also outline tactics we used to gain access and provide recommendations to improve the security rating of each access point assessed.


For the Wireless Security Assessment we typically travel to your location and perform this service onsite. To leverage the fact that we will be traveling to your location, we offer to bundle (at a discount) other services that require us to be onsite, such as our Internal Penetration Test, Internal Vulnerability Assessment, and Physical Security Review.

We can also perform the wireless penetration test remotely, by shipping a device to you.

A rogue access point is an unauthorized access point.  Rogue access points typically fall into three categories – malicious, convenience, and accidental.  Malicious rogue access points are designed to help an attacker carry out an objective, such as expanding a foothold on your network, stealing passwords, or using your network to attack someone else.  Malicious rogue wireless devices can be used to attack any of the following:


-- WiFi networks

-- Wireless devices, such as keyboards and mice

-- Bluetooth devices

-- Cellular networks

-- Other RF technologies, such as RFID


Rogue access points set up for convenience are typically configured by users unhappy with corporate wireless access or Bring Your Own Device (BYOD) policies. Users often bring their own WAP from home and plug the wired portion into the corporate network. This allows the user to connect all their personal wireless devices (cell phone, iPad, etc.) to their access point that is connected to the corporate network.

Rogue access points that are accidental are devices, such as printers, that an organization did not realize had wireless enabled or accessible. On a recent wireless assessment we discovered printers on an enterprise environment that were accessible to anyone over the wireless network.  We were able to manage these printers over an ad hoc wireless network without the organization ever noticing.

An evil twin is a WAP that with the same “look and feel” as the real WAP. An evil twin is used by an attacker to trick users into connecting to the attacker WAP instead of the real WAP. The attacker then sniffs all of your traffic (passwords, credentials, personally identifiable information (PII), etc.) from your system to the Internet, as the evil twin access point acts as a Man-In-The-Middle (MITM). An example would be an access point called “Starbucks”. How do you know you are connected to the real “Starbucks” access point and not an evil twin?

Our purpose is simple — to make your organization secure

The number of cybersecurity incidents continues to climb. The variety of attacks continues to grow. It is no longer a question of if you will have a cyber event.