Rogue access point and WiFi audit with an ASX 50 company

Rogue access point audit. An office with multiple concealed WiFi signals detected

An ASX 50 company wanted to see how the HackHunter Pursuit portable WiFi tracker rated against its current method of detecting and locating unauthorized WiFi in a WiFi audit.

Their Existing Method

  • A laptop running Kali Linux and Aircrack-ng with an Alfa antenna; and
  • A Netscout WiFi Analyzer.

The Trial

Our CTO Mike Thompson walked the floors of 3 buildings over 3 days with the Pursuit tracker, side-by-side with their two-man team using the laptop and WiFi analyzer. 

Their Method

On each floor the team member operating the laptop would:

  • From one corner of the floor, see which unauthorized WiFi access points (APs) were picked up by the laptop
  • Repeat for the other 3 corners of the floor
  • Select 4 – 5 APs to locate and investigate
  • Cut and paste these APs to a spreadsheet (with one hand while holding the laptop with the other)
  • Tell the other team member with the WiFi analyzer which APs to find
  • When the APs were found, investigate them and record the results in the spreadsheet.

On each floor the team member operating the WiFi analyzer would:

  • Carry the heavy WiFi analyzer on a lanyard around his neck
  • Change batteries every 90 minutes from the huge bag of heavy batteries he lugged around
  • Attempt to track down the selected APs by following the signal strength in a spiral pattern, narrowing down the location of the AP through trial and error.

The HackHunter Method

On each floor Mike would:

  • Point the 250g/0.6lb hand-held Pursuit tracker to the 4 cardinal points to find the direction of the AP
  • Walk towards it
  • Continue the process until the AP was located, to within centimetres/inches.

So what happened?

The HackHunter Pursuit tracker was 300% more effective during the Wifi audit, finding the APs first by a wide margin, except in the few cases when the WiFi analyzer was right next to the AP and the Pursuit tracker was on the other side of the floor when tracking started.

Our Pursuit tracker alerted that there were 3 potentially malicious APs:

  • Under the floor, which the WiFi analyzer didn’t even register as it only operates on the horizontal plane
  • A suspicious unknown person
  • A device hidden in a bag switched off remotely on approach. 

We were even able to do something the laptop and WiFi analyzer couldn’t do at all – tell the difference between unauthorized and malicious WiFi.

The HackHunter Pursuit tracker was so much easier to use (lightweight, single-hand use and 10.5 hours with no battery change) that the team member operating the heavy WiFi analyzer asked to swap!

Through this trial we proved that HackHunter Pursuit is significantly more effective than the existing method of performing rogue access point and Wifi audits, finding rogue access points and other potentially malicious WiFi sources quicker, easier and more accurately, saving time and money. 

We use cookies to improve your experience on our site and to analyse web traffic. To find out more read our privacy policy and cookie policy.