PACE-IT, Security+3.4: Summary of Wireless Attacks

A summary of wireless attacks.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certification PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3


– Common types of wireless attacks.

– Attacks on wireless encryption.

PACE-IT.

Page 4

Common types of wireless attacks.A summary of wireless attacks.

Page 5

Common types of wireless attacks.

By their very nature, wireless networks tend to be more vulnerable than wired networks.

The best security for any network is for an attacker to not even realize that there is a network to be hacked. Since wireless networks rely upon transmitting data over public radio frequencies, it is all but impossible to hide a wireless network. The requirement to transmit data over the radio frequency (RF) spectrum has led to the development of various types of attacks on wireless networks.


Page 6


– War driving/war chalking.» The practice of attempting to sniff out

unprotected or minimally protected wireless networks.

• Once found, marks are placed on buildings and streets, indicating what networks are available and vulnerable.

» Wireless networks are vulnerable merely due to the fact that they need to broadcast over the air.

– Rogue access point attack.» An unauthorized wireless access point (WAP) that

gets installed on the network.» The biggest culprits are end users; they often

install their own WAPs for convenience and don’t properly secure them, opening a vulnerability in the network.

• Can also be implemented by a hacker.


Page 7


– Jamming attack.» All wireless networks use radio frequency (RF) channels

to transmit data on the network. It is possible to create enough interference on the RF channel that it is no longer usable on the network.

• An attacker will often use jamming when performing a DoS type of attack; however, it can also be used as a prelude to an evil twin type of attack.

» Many of the modern networking standards and devices employ techniques to mitigate the threat of jamming (e.g., 802.11n and 802.11ac are difficult to jam).

– Evil twin attack.» A type of rogue access point attack.

• A WAP is installed and configured with a service set identifier (SSID) that is very similar to the authorized version.

• As users access the twin, their keystrokes are captured in the hope of gaining sensitive information.

» Can also be considered a type of wireless phishing attack.


Page 8


– Bluejacking attack.» Sending unsolicited messages over a Bluetooth

connection in an effort to keep the target from responding to valid requests.

– Bluesnarfing attack.» An attack in which the attacker creates a Bluetooth

connection with another device without that device’s permission.

• The goal is to retrieve information from the attacked device (e.g., contact information and stored emails).

» This vulnerability has been patched and may no longer be a concern.

– Near field communications (NFC) attack.

» An attack in which the attacker attempts to capture NFC transmissions in order to gain access to sensitive information.

• NFC uses radio waves to transfer information between two devices that are close together.

• It is becoming a common tool used for purchases.» Unshielded NFC devices are subject to exploitation.


Page 9

Attacks on wireless encryption.A summary of wireless attacks.

Page 10

Attacks on wireless encryption.

Unfortunately, all of the encryption standards that are currently deployed in modern wireless networks can be broken (cracked).

Some are easy to crack (e.g., WEP). Others are much more difficult to crack (e.g., WPA2). The fact still remains that, given enough time and computing resources, all wireless encryption can be broken.Hackers often use a replay attack to help in the cracking process. In order to break the encryption, the hacker has to receive enough wireless traffic to discover the patterns. Usually, hackers are looking for the initialization vector (IV). To speed up the information gathering process, an attacker will feed back (replay) captured packets to the wireless access point (WAP).


Page 11


– Packet sniffer attack.» Packet sniffers examine network traffic at a very

basic level and can be used to help in the administration of a network.

• Packet sniffers may also be used by malicious users to see what protocols and activities are allowed on a network. This may help them in further attacking the network.

• They can also be used to determine what type of encryption is being used on the wireless network.

– IV attack.» Some encryption standards use a weak IV—which,

when enough data is captured, will allow the hacker to break the encryption.

• RC4 only uses a repeating 24-bit IV value, which is why Wired Equivalent Privacy (WEP) encryption is easy to crack.


Page 12


– WEP cracking/WPA cracking.» The use of a packet sniffer to capture data that is

essential to cracking the encryption standard used.• Wired Equivalent Privacy (WEP) can be cracked in

minutes.• WiFi Protected Access (WPA) cracking will take hours,

but it can still be cracked.

– WPS (Wi-Fi Protected Setup) attack.» WPS was implemented to simplify the process of

setting up wireless security for homes and small businesses.

• By pushing a button and entering a PIN (personal identification number), wireless security is automatically set up and established for the user.

• In 2011, a vulnerability was discovered with WPS that allows a hacker to use a brute force attack on the PIN.

» WPS is very vulnerable and, as a best practice, should be disabled on all devices.


Page 13

What was covered.A summary of wireless attacks.

The requirement to transmit data over public radio waves tends to make wireless networks more vulnerable than wired networks. This has led to the development of attacks for wireless networks that include: war driving/war chalking, rogue access point attacks, jamming attacks, evil twin attacks, bluejacking attacks, bluesnarfing attacks, and NFC attacks.

Topic


Summary

It is possible to break all modern encryption standards that are used in the modern wireless network. Some encryption standards are easier than others to break. Common attacks on encryption include: replay attacks, packet sniffer attacks, IV attacks, WEP cracking/WPA cracking, and WPS attacks.


Page 14

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.