CompTIA Sec+ | Microsoft MTA Security: Types of Wireless Attacks Part 2

The Types of Wireless Attacks Part 2

CompTIA Security+ Objective 1.2

WPS Attacks

Wi-Fi Protected Setup (WPS) allows users to configure a wireless network without typing in the passphrase. Instead, users can configure devices by pressing buttons or by entering a short personal identification number (PIN).
For example, a user can configure a new wireless device by pressing a button on the WAP and on the wireless device. It will automatically configure the device within about 30 seconds with no other actions needed. These buttons can be physical buttons on the devices, or virtual buttons that the user clicks via an application or web page. When using the PIN method, users first identify the eight-digit PIN on the WAP and then enter the PIN on the new wireless device.

How to prevent a WPS attack

Security experts recommend disabling WPS on all devices. However, not all devices include the capability to turn off WPS. Worse, many WAP interfaces include configuration settings that appear to turn off WPS—making users think it’s disabled when it’s still operational and vulnerable to attacks. Several testers reported that they were unable to disable WPS on each Linksys and Cisco Valet WAPs they tested. Some vendors have released firmware updates to address this, but updates are not available for all devices.

BlueJacking

Bluejacking is the practice of sending messages between mobile users using a Bluetooth wireless connection. People using Bluetooth-enabled mobile phones and PDAs can send messages, including pictures, to any other user within a 10-meter or so range. Because such communications don’t involve the carrier, they are free of charge, which may contribute to their appeal.

How to prevent a BlueJacking Attack?

Setting the Bluetooth on the Right Mode


If you happen to use the Bluetooth connection more often, putting it off/on can be a chore. Adjust the setting of Bluetooth to non-discoverable mode. The non-discoverable mode hides the device from attackers or unknown people.


Factory Reset of the Phone

 

If your device was perpetrated at some point, it means that the attacker’s device has already been added as a trusted device on your phone. Reset the phone to take off all the devices from the trusted list.


Keep Away from Strangers


Make it a point to decline any messages or connection requests from unknown devices. Most attacks happen due to accepting connection requests from strangers who then get added as trusted devices.
Keep the Device Updated and Password Character Strong
Make sure you maintain strong passwords and change them at regular intervals. Keep your devices up-to-date with the latest technology.


Putting off the Bluetooth When Not in Use


If you don’t use the Bluetooth connection frequently, keep it off to avoid your device from being listed in the sender’s device search list. This method keeps the device safe from perpetrators who try to gain access to others’ phones using Bluetooth.


Set Password for Bluetooth

 

It is very simple to secure your device by setting a pin or a password for your Bluetooth connection. This will prompt a password from anyone trying to pair with your device. Remember to keep this password secure by sharing it only with trusted people.

Bluesnarfing

Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information — such as the user’s calendar, contact list and e-mail and text messages — without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.

How to Prevent Bluesnarfing

Setting the Bluetooth on the Right Mode


If you happen to use the Bluetooth connection more often, putting it off/on can be a chore. Adjust the setting of Bluetooth to non-discoverable mode. The non-discoverable mode hides the device from attackers or unknown people.


Factory Reset of the Phone


If your device was perpetrated at some point, it means that the attacker’s device has already been added as a trusted device on your phone. Reset the phone to take off all the devices from the trusted list.


Keep Away from Strangers


Make it a point to decline any messages or connection requests from unknown devices. Most attacks happen due to accepting connection requests from strangers who then get added as trusted devices.
Keep the Device Updated and Password Character Strong
Make sure you maintain strong passwords and change them at regular intervals. Keep your devices up-to-date with the latest technology.


Putting off the Bluetooth When Not in Use


If you don’t use the Bluetooth connection frequently, keep it off to avoid your device from being listed in the sender’s device search list. This method keeps the device safe from perpetrators who try to gain access to others’ phones using Bluetooth.


Set Password for Bluetooth


It is very simple to secure your device by setting a pin or a password for your Bluetooth connection. This will prompt a password from anyone trying to pair with your device. Remember to keep this password secure by sharing it only with trusted people.

RFID Attacks

7 Types of Security Attacks on RFID Systems

1. Reverse Engineering

 

Like most products, RFID tags and readers can be reverse engineered; however, it would take a lot of knowledge about the protocols and features to be successful. Hackers would take apart the chip in order to find out how it works in order to receive the data from the IC.

 

2. Power Analysis

 

This attack requires nothing more than the brain of a hacker and a cell phone. According to leading experts1, power analysis attacks can be mounted on RFID systems by monitoring the power consumption levels of RFID tags. Researchers stumbled upon this hacking technique when studying the power emission levels in smart cards, especially in the difference in power levels between a correct passcode and an incorrect passcode
Purpose: Steal Information and/or Gain Access

 

3. Eavesdropping & Replay

 

Eavesdropping, like it sounds, occurs when an unauthorized RFID reader listens to conversations between a tag and reader then obtains important data. It is still necessary for the hacker to know the specific protocols and tag and reader information for this technique to work.

Replay attacks builds on eavesdropping and specifically occur when one part of communication in an RFID system is recorded and then ‘replayed’ at a later time to the receiving device in order to steal information or gain access.

 

4. Man-in-the-Middle Attack or Sniffing


A man-in-the-middle attack happens during the transmission of a signal. Like eavesdropping, the hacker listens for communication between a tag and reader and then intercepts and manipulates the information. The hacker diverts the original signal and then sends false data while pretending to be a normal component in the RFID system.


5. Denial of Service


A Denial of Service attack is the broad concept of an RFID system failure that is associated with an attack. These attacks are usually physical attacks like jamming the system with noise interference, blocking radio signals, or even removing or disabling RFID tags.

 

6. Cloning & Spoofing


Technically two specific events, cloning and spoofing are usually done back to back. Cloning is duplicating data from a pre-existing tag, and spoofing is then using the cloned tag to gain access to a secured area or item. Because the hacker has to know the data on the tag to clone it, this type of attack is mainly seen in access or asset management operations.


7. Viruses

 

According to some sources1, RFID tags currently do not have enough memory capacity to store a virus; but in the future, viruses could be a serious threat to an RFID system. A virus programmed on an RFID tag by an unknown source could cripple an RFID system when the tagged item is read at a facility. When read, the virus would transfer from tag to reader and then to a company’s network and software – bringing down connected computers, RFID components, and networks.

NFC attacks

The Near Field Communication (NFC) is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance. The NFC standard regulates a radio technology that allows two devices to communicate when they are in close proximity, usually no more than a few centimeters, allowing the secure exchange of information.


New users of near field communication, especially for payment purposes such as storing credit card information, are understandably concerned at first about the security and safety of their private information. Possible security attacks include eavesdropping, data corruption or modification, interception attacks, and physical thefts.

How to prevent NFC Attacks

1) Monitor NFC updates and patch your device promptly


The NFC vulnerabilities used to compromise devices in the Pwn2Own competition have been fixed, but manufacturers are typically slow to release patches for vulnerabilities in smartphones.
They’re getting better, however, leaving consumers as the primary hurdle for locking down phones.


2) If you’re not using NFC, turn it off


NFC is new, and many consumers have yet to adopt the technology. Unless you’ve started using Google Wallet or Apple Pay, turn NFC off.

 

Aside from saving some power, turning off unused networking features is a good rule of thumb to limit exposure to attackers.

Deauthentication/Disassociation attack

Deauthentication/Disassociation attack is a part of the Denial-of-Service attacks. Attackers may also use this attack in order to recover hidden ESSIDs or to capture WPA/WPA2 handshakes by forcing victims to re-authenticate. This attack can be used only if there is at least one client connected to the access point.

Exit mobile version