2.4 Wireless and Mobile Device Attacks Flashcards
2.4.1 Grayware and SMiShing
GRAYWARE
Grayware is any unwanted application that behaves in an annoying or undesirable manner. And while grayware may not carry any recognizable malware, it may still pose a risk to the user by, for example, tracking your location or delivering unwanted advertising.
Authors of grayware typically maintain legitimacy by including these ‘gray’ capabilities in the small print of the software license agreement. This factor poses a growing threat to mobile security in particular, as many smartphone users install mobile apps without really considering this small print.
SMISHING
Short message service phishing or SMiShing is another tactic used by attackers to trick you. Fake text messages prompt you to visit a malicious website or call a fraudulent phone number, which may result in malware being downloaded onto your device or personal information being shared.
2.4.2 Rogue Access Points
A rogue access point is a wireless access point installed on a secure network without explicit authorization. Although it could potentially be set up by a well-intentioned employee looking for a better wireless connection, it also presents an opportunity for attackers looking to gain access to an organization’s network.
An attacker will often use social engineering tactics to gain physical access to an organization’s network infrastructure and install the rogue access point.
Also known as a criminal’s access point, the access point can be set up as a MitM device to capture your login information.
This works by disconnecting the rogue access point, which triggers the network to send a deauthentication frame to disassociate the access point. This process is then exploited by spoofing your MAC address and sending a deauthentication data transmission to the wireless access point.
An evil twin attack describes a situation where the attacker’s access point is set up to look like a better connection option. Once you connect to the evil access point, the attacker can analyze your network traffic and execute MitM attacks.
2.4.3 Radio Frequency Jamming
Wireless signals are susceptible to electromagnetic interference (EMI), radio frequency interference (RFI), and even lightning strikes or noise from fluorescent lights.
Attackers can take advantage of this fact by deliberately jamming the transmission of a radio or satellite station to prevent a wireless signal from reaching the receiving station.
In order to successfully jam the signal, the frequency, modulation and power of the RF jammer needs to be equal to that of the device that the attacker is seeking to disrupt.
2.4.4 Bluejacking and Bluesnarfing
Bluetooth is a short-range, low-power protocol that transmits data in a personal area network (PAN) and uses pairing to establish a relationship between devices such as mobiles, laptops and printers. Cybercriminals have discovered ways to exploit the vulnerabilities between these connections.
Due to the limited range of Bluetooth, an attacker must be within range of their target. Here are some ways that they can exploit a target’s device without their knowledge.
BLUEJACKING
Bluejacking uses wireless Bluetooth technology to send unauthorized messages or shocking images to another Bluetooth device.
BLUESNARFING
Bluesnarfing occurs when an attacker copies information, such as emails and contact lists, from a target’s device using a Bluetooth connection.
2.4.5 Attacks Against Wi-Fi Protocols
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are security protocols that were designed to secure wireless networks.
WEP was developed to provide data transmitted over a wireless local area network (WLAN) with a level of protection comparable to what is usually expected of a traditional wired network. It added security to wireless networks by encrypting the data.
WEP used a key for encryption. The problem, however, was that WEP had no provision for key management and so the number of people sharing the same key continually grew, giving criminals access to a large amount of traffic data. Furthermore, WEP’s initialization vector (IV), one of the key components of its encryption key, was too small, readable and static.
To address this and replace WEP, WPA and then WPA2 were developed as improved security protocols. Unlike with WEP, an attacker cannot recover WPA2’s encryption key by observing network traffic. However, they can still use a packet sniffer to analyze the packets going between an access point and a legitimate user.
2.4.6 Wi-Fi and Mobile Defense
There are several measures that organizations and users need to implement to defend against wireless and mobile device attacks. These include the following:
Take advantage of basic wireless security features such as authentication and encryption by changing the default configuration settings.
Restrict access point placement by placing these devices outside the firewall or within a demilitarized zone — a perimeter network that protects an organization’s LAN from untrusted devices.
Use WLAN tools such as NetStumbler to detect rogue access points or unauthorized workstations.
Develop a policy for secure guest access to an organization’s Wi-Fi network.
Employees in an organization should use a remote access VPN for WLAN access when on public Wi-Fi networks.
