Hacking Exposed Wireless


Even with a team of editors, and some of the best technical reviewers ever, we can make mistakes. If we hear about technical issues, or need to update URLs or other resources cited in the book, you'll find it here.

Buy Your Copy Today!

Chapter 1: Introdution to 802.11 Hacking

We incorrectly stated the part numbers for some of our favorite wireless cards; references to "AWUS306H" and "AWUS306NEH" should be "AWUS036H" and "AWUS036NEH" (the 0 and the 3 were transposed). Tell me again, it is "potato", or is it "potatoe" (yeah, I remember Dan Quayle jokes). (Thanks Steve Pinkham!)

In the section "Directional Antennas", we said "A typical parabolic antenna has 24 dB of gain and an extremely narrow bandwidth of 5 degrees" -- what we should have said was "A typical parabolic antenna has 24db of gain and an extremely narrow beamwidth of 5 degrees" ("beamwidth", not "bandwidth"). (Thanks Mehdi Asgari!)

Chapter 3: Attacking 802.11 Wireless Networks

Not an error, but a point of clarification: In the section "Mounting a Deauthentication Attack on Linux", we demonstrate an attack against a victim station with the MAC address 00:23:6C:98:7C:7C. We got this MAC address from Kismet by selecting the target network with the arrow keys and navigating to View | Clients to see a list of client MAC addresses. Kismet: it's like fate, or something. (Thanks Mehdi Asgari!)

Chapter 4: Attacking WPA-Protected 802.11 Networks

We incorrectly stated that the wpa_supplicant.conf file on Android devices can be read without root access. While the file does store WPA/WPA2-PSK network credentials in plaintext, it does require root on Android to read the file. Sorry, this one got by us. (Thanks Mehdi Asgari!)

In the section "Finding APs Vulnerable to Reader" we use the wash tool to exploit the "Ramona T. Flowers" SSID. One of us was trying to obscure our home APs BSSID in the example, but we forgot to modify the BSSID in both the scan results and the attack output so the addresses don't match. Which one is the legitimate BSSID? We'll never tell. (Thanks Mehdi Asgari!)

Chapter 13: Hack ZigBee

The scapy-com project has moved from the URL http://bb.secdev.org/scapy-com to BitBucket. You can checkout the latest copy of the Scapy Community source code with the command "hg clone https://bitbucket.org/secdev/scapy-com".