The document provides a summary of common wireless attacks and attacks on wireless encryption. For wireless attacks, it discusses war driving/war chalking, rogue access point attacks, jamming attacks, evil twin attacks, bluejacking attacks, bluesnarfing attacks, and NFC attacks. For attacks on encryption, it describes how all modern encryption standards can be broken, with some easier than others. Common encryption attacks mentioned are replay attacks, packet sniffer attacks, IV attacks, WEP cracking/WPA cracking, and WPS attacks.
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certification
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
3. Page 3
– Common types of wireless attacks.
– Attacks on wireless encryption.
PACE-IT.
5. Page 5
By their very nature,
wireless networks tend to be
more vulnerable than wired
networks.
The best security for any network is for an attacker to not
even realize that there is a network to be hacked. Since
wireless networks rely upon transmitting data over public
radio frequencies, it is all but impossible to hide a wireless
network. The requirement to transmit data over the radio
frequency (RF) spectrum has led to the development of
various types of attacks on wireless networks.
A summary of wireless attacks.
6. Page 6
– War driving/war chalking.
» The practice of attempting to sniff out unprotected or
minimally protected wireless networks.
• Once found, marks are placed on buildings and streets,
indicating what networks are available and vulnerable.
» Wireless networks are vulnerable merely due to the fact
that they need to broadcast over the air.
– Rogue access point attack.
» An unauthorized wireless access point (WAP) that gets
installed on the network.
» The biggest culprits are end users; they often install their
own WAPs for convenience and don’t properly secure
them, opening a vulnerability in the network.
• Can also be implemented by a hacker.
A summary of wireless attacks.
7. Page 7
– Jamming attack.
» All wireless networks use radio frequency (RF) channels to
transmit data on the network. It is possible to create enough
interference on the RF channel that it is no longer usable on the
network.
• An attacker will often use jamming when performing a DoS
type of attack; however, it can also be used as a prelude to an
evil twin type of attack.
» Many of the modern networking standards and devices employ
techniques to mitigate the threat of jamming (e.g., 802.11n and
802.11ac are difficult to jam).
– Evil twin attack.
» A type of rogue access point attack.
• A WAP is installed and configured with a service set identifier
(SSID) that is very similar to the authorized version.
• As users access the twin, their keystrokes are captured in the
hope of gaining sensitive information.
» Can also be considered a type of wireless phishing attack.
A summary of wireless attacks.
8. Page 8
– Bluejacking attack.
» Sending unsolicited messages over a Bluetooth connection in
an effort to keep the target from responding to valid requests.
– Bluesnarfing attack.
» An attack in which the attacker creates a Bluetooth connection
with another device without that device’s permission.
• The goal is to retrieve information from the attacked device
(e.g., contact information and stored emails).
» This vulnerability has been patched and may no longer be a
concern.
– Near field communications (NFC) attack.
» An attack in which the attacker attempts to capture NFC
transmissions in order to gain access to sensitive information.
• NFC uses radio waves to transfer information between two
devices that are close together.
• It is becoming a common tool used for purchases.
» Unshielded NFC devices are subject to exploitation.
A summary of wireless attacks.
10. Page 10
Unfortunately, all of the
encryption standards that
are currently deployed in
modern wireless networks
can be broken (cracked).
Some are easy to crack (e.g., WEP). Others are much more
difficult to crack (e.g., WPA2). The fact still remains that, given
enough time and computing resources, all wireless encryption
can be broken.
Hackers often use a replay attack to help in the cracking process.
In order to break the encryption, the hacker has to receive
enough wireless traffic to discover the patterns. Usually, hackers
are looking for the initialization vector (IV). To speed up the
information gathering process, an attacker will feed back (replay)
captured packets to the wireless access point (WAP).
A summary of wireless attacks.
11. Page 11
– Packet sniffer attack.
» Packet sniffers examine network traffic at a very basic
level and can be used to help in the administration of a
network.
• Packet sniffers may also be used by malicious users to
see what protocols and activities are allowed on a
network. This may help them in further attacking the
network.
• They can also be used to determine what type of
encryption is being used on the wireless network.
– IV attack.
» Some encryption standards use a weak IV—which, when
enough data is captured, will allow the hacker to break
the encryption.
• RC4 only uses a repeating 24-bit IV value, which is why
Wired Equivalent Privacy (WEP) encryption is easy to
crack.
A summary of wireless attacks.
12. Page 12
– WEP cracking/WPA cracking.
» The use of a packet sniffer to capture data that is essential to
cracking the encryption standard used.
• Wired Equivalent Privacy (WEP) can be cracked in minutes.
• WiFi Protected Access (WPA) cracking will take hours, but it
can still be cracked.
– WPS (Wi-Fi Protected Setup) attack.
» WPS was implemented to simplify the process of setting up
wireless security for homes and small businesses.
• By pushing a button and entering a PIN (personal
identification number), wireless security is automatically set
up and established for the user.
• In 2011, a vulnerability was discovered with WPS that allows
a hacker to use a brute force attack on the PIN.
» WPS is very vulnerable and, as a best practice, should be
disabled on all devices.
A summary of wireless attacks.
13. Page 13
A summary of wireless attacks.
The requirement to transmit data over public radio waves tends to make
wireless networks more vulnerable than wired networks. This has led to the
development of attacks for wireless networks that include: war driving/war
chalking, rogue access point attacks, jamming attacks, evil twin attacks,
bluejacking attacks, bluesnarfing attacks, and NFC attacks.
Topic
Common types of wireless
attacks.
Summary
It is possible to break all modern encryption standards that are used in the
modern wireless network. Some encryption standards are easier than
others to break. Common attacks on encryption include: replay attacks,
packet sniffer attacks, IV attacks, WEP cracking/WPA cracking, and WPS
attacks.
Attacks on wireless
encryption.
15. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.