Method: Low-hanging fruit
Description: Hacker scans for open access points that allow anyone to connect. In some cases, such wireless networks are meant to be used by the public, but most of the time, the networks are just misconfigured.
Goal: Free Internet access, attack a third party using target as a blind, exploring someone else's network.
Method: Access point spoofing
Description: An attacker sets up his or her own access point, known as a rogue, near the target network or in a public place where the victim might believe that wireless Internet access is available. If the rogue access point's signal is stronger than the signal of the real access point, then in many cases, the victim's computer will connect to the rogue access point. Then, the attacker can wait for the victim to type in passwords or inject attack code into the information flow to compromise the victim's computer.
Goal: Snooping, password acquisition, identity theft, network access
Method: WEP attack
Description: By exploiting the flaws in the Wired Equivalent Privacy security protocol, an attacker can crack the encryption on the communications between an access point and a legitimate client. Passive attacks, when the attacker just listens, can take days. But at least one active attack has been discovered that requires merely hours.
Goal: Snooping, password acquisition, identity theft, network access
Method: Man-in-the-middle attack
Description: Similar to the access point spoofing, the attacker combines an access point with a virtual private network (VPN) server of the same type as the one on the target network (for example, Secure Shell or SSH). When the victim attempts to connect to the real server, the spoofed server sends a reply back, leading the victim to connect to the fake server.
Goal: Snooping, password acquisition, identity theft, network access
