A Wi-Fi deauthentication attack is when someone forces a device, like your phone or laptop, to disconnect from a Wi-Fi network by pretending to be the router.

This can happen because the signals that manage your connection aren’t secured. The attacker sends fake signals telling your device to disconnect, which can either disrupt your internet or trick you into connecting to a fake network they control.

This fake network allows them to potentially steal your data or monitor your online activity. It’s a weakness in how Wi-Fi works, but newer security standards help protect against it.

More technically…

A Wi-Fi deauthentication attack is a form of denial-of-service (DoS) attack that targets wireless networks by exploiting the deauthentication frames within the Wi-Fi protocol. In Wi-Fi, deauthentication frames are management frames sent by a router (or access point) to disconnect a device from the network. This is part of the legitimate communication process in network management, allowing the access point to maintain proper connections.

However, because these management frames are unencrypted, they can be spoofed and manipulated by attackers to forcibly disconnect clients from a Wi-Fi network.

The attack is carried out by sending forged deauthentication frames to the target device, making it believe that the access point has requested a disconnect. The attacker doesn't need to know the network password or have access to the encrypted communication - only the MAC addresses of the target device and the access point are required.

With tools like `aireplay-ng` in the Kali Linux suite, an attacker can inject these spoofed frames, disrupting the communication between the client and the router. This is commonly done in a public or unsecured Wi-Fi environment where it's easier to capture network traffic.

One of the primary uses of a Wi-Fi deauthentication attack, beyond simple disruption, is to force a target device to reconnect to the network, often in combination with a more invasive attack like a "Man-in-the-Middle" (MitM). For example, the attacker can set up a fake access point (a rogue AP), and after deauthenticating the target from the legitimate network, the victim may unknowingly reconnect to the attacker’s rogue AP, allowing interception of traffic and potential credential theft. This technique is often used in penetration testing to expose vulnerabilities in a network's security.

Defending against Wi-Fi deauthentication attacks can be challenging because the attack exploits a weakness in the Wi-Fi protocol itself, specifically its management frame architecture. However, modern Wi-Fi standards such as WPA3 and mechanisms like Management Frame Protection (MFP) or Protected Management Frames (PMF) provide better safeguards by encrypting these management frames, making it harder for attackers to execute such attacks successfully.

Additionally, ensuring that Wi-Fi networks use strong encryption, and monitoring for unusual traffic or device disconnections, can help mitigate the risk.