Security: Types of Wireless Attacks - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Rogue access points

    • Unauthorized wireless AP that allow unauthorized persons access to the company network

  • Jamming/Interference

    • The use of electronic devices that either fill the wireless space with garbage packets or cause the AP to wait before transmitting

  • Evil twin

    • Unauthorized wireless AP that pose as a legitimate AP
    • Typically installed in public hotspots imitating legitimate APs in the hopes to launch man-in-the-middle attacks

  • War driving

    • The act of searching for open or poorly secured wireless networks
    • Use tools like NetStumbler

  • War chalking

    • The act of leaving symbols to mark open or poorly secured wireless network for others

  • IV attack

    • Allows the attacker to control the initialization vector, which is used to change the encryption key slightly to avoid the same text to produce the same ciphertext.
    • The attacker can then bypass this effect and gain access to the information

  • Packet sniffing

    • Used to intercept communications on a network
    • If enough packets are intercepted, entire communication threads can be reassembled revealing the messages contained
    • Typically used in information gathering in order to launch more sophisticated attacks

  • Replay attacks

    • Capturing packets and then sending them back out onto the network to manipulate traffic.
    • Typically used in conjunction with IV attacks to successfully break weak encryption

  • WEP/WPA attacks

    • Wired equivalent privacy
    • Uses a weak stream cipher to encrypt data and is vulnerable to IV attacks in order to crack the encryption
    • WiFi protected access
    • Uses a stronger key than WEP but still uses a stream cipher to encrypt data. because of this WPA is vulnerable to brute force password cracking

  • WPS attacks

    • WiFi protected setup
    • Feature typically on by default that simplifies connection to a wirless AP. an 8 digit pin is used to enroll a device onto the network. The pin is checked four digits at a time allowing just 10,000 guesses per half.
    • Standard hardware today can crack it a few hours
    • WPS attacks allow an attacker access to a wireless network exploiting the vulerability in the WiFi Protected Setup authentication process

  • Near field communication

    • Mobile payments and authentication exchanges happen over NFC. an attacker can use tools that can initiate this exchange to collect the information
    • A very close range attack
    • This attack can include straight up stealing the NFC device and using it directly

  • Bluejacking

    • a close range attack where the attacker send unsolicited messages via bluetooth
    • This also can include sending fake contacts to smartphones containing trojans

  • Bluesnarfing

    • A close range attack where the attacker gains access to a person's personal information via bluetooth