Essentially, the ability to breach through wireless network clients involves networking technologies, hacking principles, and command-line tools that simultaneously exploit the inherent lack of encryption and IT security innovation in the wireless front as well as the common vulnerabilities found in major propriety operating systems like Windows, Mac OS X, and Linux. Because of the facts that Windows is notoriously error- and vulnerability-prone (especially first-time releases), Mac OS X takes so long to address the myriad of bugs that it sports, and Linux systems are nearly clones of each other regardless of the variant are also very beneficial to hackers when it comes to hacking WEP, WPA, and WPA2 protocols.
Public WiFi network connections mostly work this way:
First off, a client first has to get a packet (also known as a beacon management frame) from a nearby access point in order to work. If there are multiple beacons present, a client will choose which of the available Basic Service Sets it can join.Windows XP users will even be presented with a list of SSIDs representing the networks that they can connect to at their behest. Probe request management frames can also be transmitted by the client at any access point as well to ensure uninterrupted connection.
Once the command-line programs are executed and the WEP or WPA encryption process starts, the attacker can commence his own operation by using a sniffer program to find wireless gadgets running in peer mode. This should enable him to gain root access to a system in the long run (a very dangerous circumstance to be sure, because at this point of no return, the hacker has already bypassed the main defenses of your mobile or wireless connection). From there, he'll probably deploy a key logger or a precisely placed Trojan horse that will allow him to cripple your network system to the point where he has complete control over it, exploiting each and every last inherent weakness that's been outlined thus far.
The WiFi client hacking attack described above can be done even if the victim is traveling and only using his laptop at an airport or hotel lobby. In fact, as long as an unsuspecting user is surfing via an exposed and public "Free WiFi" area, a cyber attacker can pretty much do anything he wants and use all sorts of methods to begin his invasion. Keep in mind that public wireless Internet is an open channel, so in order to make it available to as many people as possible, it will have to expose itself to hackers as well; that's the true price of using a complimentary WiFi service.