Wireless Attacks

Question 1

Replay (WEP)

Initialization Vector (IV)

Evil Twin

Answer 1

Replay - An access point to generate lots of IV packets (usually by replaying ARP packets at it.)

IV - Cryptographic module value that is random or pseudo-random. A requirement may exist that an IV not be reused (as with a nonce).

Evil Twin - Rogue Access Point (AP) masquerades as a legitimate one(Wiphishing).Could have similar SSID.
Attack does not succeed if authentification security is enabled.

Question 2

Rogue AP

Jamming (Interference)

Wi-Fi Protected Setup (WPS)

Answer 2

Rogue AP - unauthorized access point (AP); also capture user log in an attack.

Jamming - Interference from other radio sources; position an evil twin on network in hope of stealing data.
Illegal to use and sell.
Only way to mitigate is locate offending radio sourc and disable or boost signal from legitimate equipment.

WPS- wifi setup with secure access points; push button access; PIN;generates a SSID and Pre-Shared Key (PSK)
Vulnerable to brute-force attack
Pin is 8 characters; 1 is a checksum; other 7 are PINs of 4 and 3 characters.

Question 3

Bluejacking

Bluesnarfing

Radio Frequency Identification (RFID)

Answer 3

Bluejacking - a sort of spam where someone sends you an unsolicited text or image
Could be Trojan or malware
Obad Android Trojan malware

Bluesnarfing - using an exploit in Bluetooth to steal information from someone else’s phone. Attackers could circumvent the authentication mechanism.

RFID - encoding information in passive tags on devices

Question 4

Near Field Communications (NFC)

Disassociation

Answer 4

NFC - very short range radio link based on RFID
Does not provide encryption; MitM and/or eavesdropping possible attacks.
Google Beam - allows NFC transfers to occur without user intervention.