Wireless & Mobile Security · beginner · ~10 min
Explain Wi-Fi security protocols and why WPA2-PSK is attackable.
Wi-Fi is broadcast, so encryption/auth is everything. WEP is broken; WPA2 is the baseline (Personal/PSK has an offline-crackable handshake; Enterprise/802.1X is per-user); WPA3 (SAE) resists offline cracking. WPA2-PSK weakness and WEP are key findings — and wireless attacks need explicit authorization.
Wi-Fi protocol generation determines the attack and the fix: WEP is instant, WPA2-PSK is offline-crackable with a weak passphrase, WPA3/Enterprise are the recommendations. And wireless testing has hard legal limits that must be respected.
WEP. Broken — critical finding. WPA2-Personal (PSK). Capturable handshake, offline crack. WPA2-Enterprise (802.1X). Per-user, no shared secret. WPA3 (SAE). Resists offline cracking, forward secrecy. Legal. Authorization mandatory; concepts-only here.
Wireless networks broadcast over the air, so anyone in range can receive frames — security comes entirely from encryption and authentication.
WPA2-Personal's offline-crackable handshake is the single most common home/SMB Wi-Fi weakness; WEP is an instant finding. Knowing the generation tells you the attack and the recommendation (WPA2-Enterprise or WPA3 with a strong passphrase).
Capturing or attacking Wi-Fi you don't own/aren't authorized for is illegal (wiretapping / unauthorized access) in most jurisdictions. Wireless testing requires explicit written scope, and this course teaches the concepts only — no attacking real networks.
Wi-Fi security rests on its protocol: avoid WEP, prefer WPA3 or WPA2-Enterprise, and treat WPA2-PSK as only as strong as its passphrase. All wireless attacks require explicit authorization — this track is conceptual.