CompTIA Security+ SYO-401

Certification Training
9146 Learners
View Course Now!
33 Chapters +

Explain types of Wireless Attacks Tutorial

1 Explain types of Wireless Attacks

The Internet may have brought your friends and family closer, but it isn’t exactly reassuring to know that it has brought cyber attackers closer as well. In this lesson, we will cover different types of attacks over a wireless network. We’ll begin with objectives in the next screen. After completing this lesson, you will be able to: • Explain the concepts of Rogue access point, jamming or interference, and evil twin, • Define War Driving, War Chalking, Bluejacking and Bluesnarfing, and • Describe WEP/WPA Attacks, Initialization Vector Attack, WPS Attack, and Near Field Communication.

2 Rogue Access Point, Jamming or Interference, and Evil Twin

In this topic, you will learn about concepts of rogue access point, jamming or interference, and evil twin. This is an unauthorized wireless access point but possesses default settings. It can be connected to any open port or network cable and is not configured for security or does not match the organization’s standard security configuration. It is important for organizations to regularly scan the premises, discover such access points, and remove them to prevent unauthorized access of their secured network. It is easy for attackers and hackers to plant rogue access points in the premises by posing as a technician, a cleaner, or a seller, or even by breaking-in at night. Once they have planted the access point, it can be accessed easily even from outside the office building. It is important to note that hackers are even capable of turning an employee laptop into a rogue access point. Wireless devices such as mobile phones use wireless signaling methods to connect to the Base Transceiver station, or B-T-S. These signaling methods use radio waves as their carrier and send digital data using wide range of frequencies. A range of frequency is termed as spectrum. On the other hand, frequency is the number of wave oscillations within a defined time. It is measured in Hertz or oscillations per second. The regulatory authorities have assigned frequencies and spectrums per the viable use. For instance, Radio waves operate between frequencies of 3Hz and 300 GHz. Commercial wireless products use the frequencies 900 MHz, 2.4 GHZ, and 5 GHz. Managing the continuous and simultaneous use of the limited radio frequencies requires efficient spectrum-use techniques. These include Spread spectrum; frequency hopping spread spectrum, or F-H-S-S; direct sequence spread spectrum, or D-S-S-S; and orthogonal frequency-division multiplexing, or O-F-D-M. Now, let’s learn about the spectrum-use techniques. We begin with Spread Spectrum. This refers to the simultaneous communication of devices using multiple frequencies. In this technique, the message is divided into multiple parts and each part is sent at the same time using different frequencies in the range. This type of communication is referred to as parallel communication. Next, we have Frequency hopping Spread Spectrum, or FHSS. This is considered the predecessor of Spread Spectrum. But here, instead of parallel communication, data packets are transmitted in a series using different frequencies. This technique utilizes all frequencies in the range, but as the sender changes the frequency to send the data, the receiver is required to hop on to the same frequency to receive the data. Third on our list is Direct sequence spread spectrum, or D-S-S-S. This technique simultaneously occupies the available frequencies and transmits the data packets using parallel communication. This way it provides a greater amount of data transmission when compared with FHSS. Additionally, the DSSS technique uses a special encoding mechanism, referred to as “Chipping,” which allows the receiver to recreate data even though certain parts of the signal were wrecked due to interference. Finally, we have Orthogonal frequency-division multiplexing, or O-F-D-M. This technique employs a digital multicarrier modulation scheme, which enables highly compact transmission. The resultant modulated signals are in perpendicular to the Orthogonal state. This enables the signals to avoid interference. This technique requires smaller channel bands but offer a high amount of data transmission. Now that we have learned about frequencies and spectrum-use techniques, let’s understand the concepts of jamming or interference. Jamming is referred to as increasing the noise-to-signal ratio, thereby preventing effective communication between the sender and receiver. Some industry experts define jamming as intentional to block legitimate communication. On the other hand, interference can be referred to as an unintentional increase in the noise-to-the signal ratio. A common example of interference is two radio channels using or operating on one frequency. Now, let’s look at the steps to avoid or minimize interference and jamming. • The first step is to ensure that the two devices are placed at a considerable distance. • Next, verify if the two devices aren't using the same frequency or channel. • If yes, simply change the frequency or channel for the devices. • Else, check if there exists an interference attack. • If yes, identify the source of the attack. • If the source is external and unauthorized, contact the law enforcement agencies and report the problem. Evil twin is an attack where the attackers configure their device or system as a twin or similar access point and tricks the victims into connecting through this fake access point. As the victim is connected, the hacker can sniff into the network, seize the communication, and further attempt attacks such as man-in-the-middle, session hijacking, DNS attacks, or phishing. You can protect your users and employees against such attacks by connecting all client computers to official access points with validated details and implementing encryptions techniques in the communication channel.

3 War Driving, War Chalking, Bluejacking and Bluesnarfing

In this topic, you learn about the concepts of war driving, war chalking, bluejacking, and bluesnarfing. War driving is the act of detecting wireless signals with the help of detection tools. This technique can be used by attackers to detect wireless ports and by administrators to locate malicious wireless signals. War driving can be performed using a compact detector, a mobile device with Wi-Fi capabilities, or a netbook or laptop with a wireless access card. For an attacker, once the required network is found, the next step is to identify if the network is open or closed. In an open network, there is no security and anyone can enter the network. On the other hand, the closed network comprises several security limitations to prevent unauthorized access. For a closed network, the hacker locates the SSID using the SSID scanner and then gets on the task of identifying if the implemented encryption can be overhauled. Do you remember the pre-mobile era when we used the calendar on the walls to remember important events? Similarly, hackers and attackers used war chalking, the method of marking an area with the presence of a wireless network. Though the method is not used anymore, the presented image displays various chalking symbols. For example, a closed circle indicates a closed network, whereas the opposing semicircles indicate an open network. Bluejacking is the act of sending malformed messages over the Bluetooth network to a mobile, P-D-A, or even a laptop. Attackers look for devices with an open Bluetooth connection and, without permission, send messages and vCards using the Object Exchange, or OBEX, protocol. These messages are not harmful as they may contain advertisements or some information. Most mobile devices can accept bluejacked messages when sent within a 10-meter range, but for notebooks and laptops, the range is 100-meters. However, certain attackers may use a power antenna to send the messages from a long distance. Unlike Bluejacking, Bluesnarfing is harmful as it involves stealing data over the Bluetooth network. The data includes contacts, messages, calendars, e-mails, videos, pictures, and other details from the victim’s device. This type of attack generally takes place when the attacker’s and victim’s devices are already paired. Bluesnarfing is not possible if the two devices aren’t paired or if the victim’s device is hidden. However, there is a remote possibility for attackers to steal your data over the Bluetooth network even when the device is hidden. For this, they must know the Bluetooth MAC address.

4 WEP/WPA Attacks, Initialization Vector Attack, and WPS Attacks

In this topic, you will learn about WEP/WPA Attacks, Initialization Vector attack, WPS Attacks, and near field communication. Attacker can crack both Wired Equivalent Privacy, or WEP, and Wi-Fi Protected Access, or WPA, through an initialization vector, or IV, attack. This is because, WEP/WPA uses a 24-bit IV, whereas WPA2 uses 48-bit IV. W-E-P uses simple RC4 encryption to encrypt data and this key is easy to crack. WPA uses the same 24-bit IV but employs the Temporal Key Integrity protocol, or TKIP, which uses a temporary key and not the original key for communication. So an attacker would need authentication packets because the device uses the original key only for authentication. On the other hand, WPA 2 uses Counter Mode Chaining Message Protocol, or CCMP, and uses 48-bit IV. Initialization Vector, or IV, is a term used in mathematics and cryptography for a random number. As we studied earlier, WEP and WPA use 24-bit IV, whereas WPA 2 uses 48-bit IV. This means they use a number of 24 or 48 bits as a random number with a passphrase to form the complete encryption key. A common example of an IV attack is cracking the WEP of a network. This is because, WEP uses RC4 encryption to encrypt data. This is a weak encryption algorithm and is easy to crack. Wi-Fi Protected Setup, or W-P-S, is a security standard for wireless networks, which allows the user to connect with a wireless network without much effort. For example, an administrator can trigger the WPS feature by physically pressing the corresponding button on the base station. This allows the user to automatically get connected and without entering any key. This can also be done by generating a code. However, this may lead to the brute force guessing attack, wherein the hackers can guess the WPS code within few hours, and connect to wireless network with their unauthorized devices. By default, the WPS feature is enabled on most access points. So for security reasons, you need to ensure that this feature is disabled.

5 Packet Sniffing, and Near Field Communication

In this topic, you will learn about Packet Sniffing and Near Field Communication. Near Field Communication, or NFC, is a technology that allows users to communicate and exchange date by simply tapping or bringing two devices within inches of each other. This feature is available only on smartphones and their accessories. NFC uses radio waves to transfer the data and provides auto synchronization and the transfer or association of data without configuring or pairing the two devices. Since it doesn’t require authentication, it is exposed to several vulnerabilities. The common NFC attacks include Man-in-the-middle, eavesdropping, data access or manipulation, and replay.

5 Packet Sniffing, and Near Field Communication

In this topic, you will learn about Packet Sniffing and Near Field Communication. Near Field Communication, or NFC, is a technology that allows users to communicate and exchange date by simply tapping or bringing two devices within inches of each other. This feature is available only on smartphones and their accessories. NFC uses radio waves to transfer the data and provides auto synchronization and the transfer or association of data without configuring or pairing the two devices. Since it doesn’t require authentication, it is exposed to several vulnerabilities. The common NFC attacks include Man-in-the-middle, eavesdropping, data access or manipulation, and replay.

7 Summary

Let’s summarize the topics covered in this lesson. • Rogue Access Point is an unauthorized wireless access point with default settings and can be connected to any open port or network cable. • Managing continuous and simultaneous use of the limited radio frequencies requires efficient spectrum-use techniques. • Both interference and jamming are similar. However, the only difference is that the former is unintentional, whereas the latter is an intentional attack. • War driving is the act of detecting wireless signals with the help of detection tools. • The common NFC attacks include Man-in-the-middle, eavesdropping, data access or manipulation, and replay. With this, we conclude this lesson “Explain types of wireless attacks.” In the next lesson, we will look at “Explain types of application attacks.”

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*