Professional Documents
Culture Documents
This paper explains brief overview about the Modern Attacks related to Wireless
Technology that can pose a potential threat to the devices that communicate
wirelessly. In a brief format this paper covers several scenarios that theoretically
explain the security issues of the wireless infrastructure. The term Wireless was
taken for the first time in 1880 when the first wireless telephone communication
occurred over wirelessly modulated light beams not up to much distance. The
device was known as a photo phone back then. As noted upon all the drafted
technologies including wireless there is no concept of security whatsoever until
someone tries to exploits certain loopholes and succeeds or in other words does
some damage. As wireless enabled devices such as laptops, cellular phones, and
tablets become increasingly pervasive, the demand for reliable and secure mobile
computing services escalates. Over the years everything as we know it is being
transformed into wireless. But so are the risks that are coming with it. Wireless
technology that submissively controls our planes, phones, and computers is prone
to security flaws. The research paper cover overall studies that relate to common
wireless device flaws in very simple explanation.
This paper contains a theoretical study on how devices as cast as airplanes and as
small as cellphones are vulnerable to wireless attacks. This research paper is an
overview of the upcoming book of the writer which will be out later this year
named as
“Attacking the Air”.
The paper explains the vulnerabilities that are within their protocols of
communication and countermeasures against those issues. Although most of the
countermeasures discussed are already or in the phase of being implemented to
make communication between endpoints as secure as possible. All the topics
being researched are kept in pace of series and in a step deduction format to
maintain legacy and generic security centric problems. All the papers are
concerned with Wireless Infrastructure flaws, Wireless Security vulnerability
research, Wireless Security vectors and Wireless exploitation and penetration
testing.
A Brief Overview of Wireless Communication Standards:
Different methods and standards of wireless communication have developed
across the world, based on various commercially driven requirements. In a
nutshell Let us first talk about IEEE 802.11, the Wi-Fi standard, presents a
collection of Wireless LAN/WLAN standards that were developed by working
group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). The 802.11
family currently includes six modulation techniques that all use same protocol.
2. Confidentiality Attacks
These attacks attempt to intercept private information sent over wireless
associations.
Type of Attack Description Methods and Tools
Eavesdropping Capturing and decoding Ettercap, Kismet, Wireshark,
unprotected application commercial analyzers
traffic
WEP Key Cracking Capturing data to recover a Aircrack-ng, airoway,
WEP key using passive or AirSnort, chopchop
active methods.
Evil Twin AP Posing as an authorized AP cqureAP, Rogue Squadron,
by beaconing the WLAN's WifiBSD
SSID to lure users.
AP Phishing Running a duplicate portal or Airpwn, Airsnarf
Web server on an evil twin
AP to "phish" for user logins,
credit card numbers.
Man in the Middle Running traditional man-in-
the-middle attack tools
3. Integrity attacks
These attacks send forged control, management or data frames over wireless to
mislead the recipient or facilitate another type of attack.
Type of Attack Description Methods and Tools
Frame Injection Crafting forged 802.11 Airpwn, File2air, libradiate,
frames. void11,
Data Replay Capturing data frames for Capture + Injection Tools
later replay.
EAP Replay Capturing Extensible Wireless Capture + Injection
Authentication Protocols for Tools between station and
later replay. AP
RADIUS Replay Capturing RADIUS Access- Ethernet Capture + Injection
Accept or Reject messages Tools between AP and
for later replay. authentication server
4. Authentication attacks
Intruders use these attacks to steal legitimate user identities and credentials to
access otherwise private networks and services.
Type of Attack Description Methods and Tools
Shared Key Guessing Attempting Shared Key WEP Cracking Tools
Authentication with guessed,
vendor default or cracked
WEP keys.
PSK Cracking Recovering a WPA/WPA2 PSK coWPAtty, KisMAT,
from captured key
handshake frames using a
dictionary attack tool.
Login Theft Capturing user credentials Dsniff, PHoss, WinSniffer
from cleartext application
protocols.
Domain Login Cracking Recovering user credentials John the Ripper, L0phtCrack,
by cracking NetBIOS Cain
password hashes
VPN Login Cracking Recovering user credentials ike_scan
by running brute-force
attacks on VPN
authentication protocols.
5. Availability attacks
These attacks impede delivery of wireless services to legitimate users, either by
denying them access to WLAN resources or by crippling those resources.
Type of Attack Description Methods and Tools
AP Theft Physically removing an AP "Five finger discount"
from a public space.
Queensland DoS Exploiting the CSMA/CA An adapter that supports CW
Tx mode
Beacon Flood Generating thousands of FakeAP
counterfeit beacons to make
it hard for stations to find a
legitimate AP.
To begin with let us see the common vulnerabilities of Wireless networks which in
further pages will be given with practical examples to be exploited
In Linux it is also similar to this. Here we use Wcid Network Manager to do this
It is also observed that mostly Enterprise Wi-FIs have their BSSID or Wi-Fi’s name
if we speak in normal terminologies hidden. For this purpose we use insider.
InSSIDer is the most popular free and open source Wi-Fi scanning tool available
today. It is easy to use and understand without all the confusing configuration.
After installation, running inSSIDer will automatically select your wireless adapter
to start scanning for available access points.
Initially after finding out the Access points you need to plan an attack that what is
to done with it. Usually the attacker is breaking the encryption keys and trying to
connect to use free internet.
There are different kinds of attacks that can be used based on the encryption
standards and location of the Access point
As mentioned earlier WEP, WPA and WPA2 all three of them have different attack
vectors. WEP uses secret keys to encrypt data. Both AP and the receiving stations
must know the secret keys. There are two kinds of WEP with keys of either 64bits
or 128bits. The longer key gives a slightly higher level of security. In fact the user
keys are 40bits and 104bits long, the other 24bits in each case being taken up by a
variable called the Initialization Vector (IV). WEP is relatively easy to crack
because of the following reasons:
IV values can be reused
IV length is too short
Weak keys are susceptible to attack
Master keys are used directly
Message integrity checking is ineffective
So if you find a WEP encrypted Wi-Fi consider yourself lucky because it would be
very easy to crack that network and break in.
After doing so you will need to click on the second option that Scan for all Access
points in Range.
Then you will find a WEP and network hopefully and you will need to select it.
As talked about earlier Arp Request Replay is the fastest attack that can be used
to crack a WEP key. Just click on Attack and there will be a time frame of about 1-
2 hours based on your network adapter card to crack the wireless network
Cracking a WEP is very easy now a days but WPA/WPA2 are harder because there
much complex algorithms associated with these standards.
Cracking WPA/WPA2 using WPS vulnerability:
Through WPS configuration vulnerability a WPA/WPA2 enabled can also
compromised as easily as WPA2. For this particular purpose we use Reaver-WPS.
It is mostly observed that large password dictionaries and rainbow tables are
required in the cracking process of WPA/WPA2 but the WPS vulnerability allows
an attacker to brute force the WPS pin thus gaining the WPS shared key and then
finding out the authentication key as well.
Reaver-wps performs a brute force attack against an access point’s Wi-Fi
Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be
recovered and alternately the AP’s wireless settings can be reconfigured.
In order for Reaver to start the brute force you will need to supply the BSSID of
the network. Which can be found out by using the command
Airmon-ng start wlan0
Next after seeing the wlan0 working you will have to find out the BSSID by
running airodump on the interface supplied
airodump-ng wlan0
This will provide you with a list of other Aps that have WPA/WPA2 configured on
them to choose from
Then it is all relatively simple to use the command and put reaver to work
reaver -i moninterface -b bssid –vv
Then reaver will take about 3-4 hours to get the WPS pin and reconfigure the
network to obtain the authentication key
There are many ways to prevent this attack as it can compromise almost all
WPA/WPA2 keys. Since the vulnerability lies in the implementation of WPS, your
network should be safe if you can simply turn off WPS (or, even better, if your
router doesn't support it in the first place). Unfortunately even with WPS
manually turned off through his router's settings, Reaver was still able to crack
this password. The inability to shut this vulnerability down is widespread. He and
others have found it to occur with every Linksys and Cisco Valet wireless access
point they've tested. "On all of the Linksys routers, you cannot manually disable
WPS," he said. While the Web interface has a radio button that allegedly turns off
WPS configuration, "it's still on and still vulnerable.
Okay here we have the Mac address named as the station that is connected to
Access point. Now we have to change our mac address to that
Macchanger –m XX-XX-XX-XX-XX-XX
This will change your mac address and then you can easily connect to the access
point.
As stated this is a brute force attacks so it will take some time to work.
After the password has been found it will connect and prompt accordingly.
Man-in-the-Middle attack Using Arpspoofing:
MITM attacks are probably one of most potent attacks on a WLAN system. There
are different configurations that can be used to conduct the attack. We will use
the most common one—the attacker is connected to the Internet using a wireless
LAN and so is the victim. The attacker can use the Arp table to spoof requests on
the WLAN in order to visualize the victim’s activities.
To perform this attack we use the arpspoofing utility built in backtrack. Ofcourse
you will need to know the victim’s IP as well as yours to know who you are
spoofing. Initially we will need to check for the To accomplish this we will modify
the IP Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward
The value is “0”. It should be set to 1. To change the value to 1 enter the
following command:
sudo echo 1 >> /proc/sys/net/ipv4/ip_forward
Now using the command below we check out the ip_forward file and make sure
the value equals “1”
cat /proc/sys/net/ipv4/ip_forward
An arp spoofing attack will redirect data from the victim’s PC going to their
gateway to be redirected to our machine.
sudo arpspoof –i eth1 –t 192.168.1.138 192.168.1.1
The “-i” command specifies which interface. The “-t” specifies the target IP
Address. We will now use another arp spoofing attack to redirect data from the
gateway destined for the victim’s PC back to our Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1 192.168.1.137
Copyright © McAfee
A group of skilled wireless hackers drove around markets and connected to free
Wi-Fi hotspots to and launched sniffing attacks to steal user credentials, CCs etc.
Similar to Wi-Fi, The Wi-Max technology also has security issues in it’s very
architecture. In order to understand WiMAX security issues, Initally we need to
understand WiMAX ‘s working architecture and how it’s security
countermeasures are addressed in WiMAX. By adopting the best technologies
available today, the WiMAX, based on the IEEE 802.16e standard can provide
strong support for authentication, secure key management and also control and
management of plain text protection. In order to understand Wi-Max attacks we
need to understand the IEEE 802.16 protocol architecture.
Copyright © Amazon.com
Scrambling is similar to jamming but only achievable for short intervals of time
and assigned to desired WiMax frames at the PHY layer. Attackers can scramble
the control or management information to affect the desired work tasks of the
network. Parts of data traffic relating to the targets at the SSs can be scrambled
forcing the packets to transmit again. As compared to Jamming, The scrambling
attack is difficult to carry out because the requirement of the attacker to interpret
control information and to send noise packets.
After that simple device is made we will look at three kinds of attacks related to
RFID exploitation techniques
1. RFID System Destruction attacks
2. RFID data collection attacks
3. RFID Relay attacks
Consider the image below
Copyright © RFID handbook
The image above shows all the possible attacks on RFID systems. Mostly the
endpoint compromised by an attacker is the Transponder and Reader itself.
Copyright © Instructables
Now you need to bring it closer to the RFID system about 25 cm and it will cause
radio waves to fluctuate through their paths and this cease functioning due to
high amount of magnetism eventually. Other methods include Chemical,
mechanical demolition of the RFID chips that could permanently destroy the
system. A very serious option of destroying an RFID chip is using the microwave
but that would also affect the oven itself.
Jamming an RFID system:
Just like any other system and RFID network can also be a subject of jamming.
This requires the attacker to the cease the transmission and receiving of radio
waves on both ends. Jamming is the use of an electronic device to disrupt the
readers function. Covering this very section we will also get a glimpse of how RFID
networks can be used to steal data. It should be noted that RFID chips are very
similar to barcodes except that barcoded cards have to be visible to the
connecting device to get the access to the system while the RFID reader can be
easily scanned through outer covering.
Back in 2005 an RFID tag was scanned at about 69 feet the distance now is as long
as 500 feet for the reading device. The main reason behind a person blocking an
RFID communication between the device and endpoint would be to gain access to
sensitive areas. But we will be talking about jamming an RFID network that how
an attacker could jam communication between two endpoints.
The simplest way to perform this is to introduce a Noise signal up to 13.86 MHZ
(according to black hat into the medium).
Yet another simple way to do this if you have access to the device is to wrap 2
sheets of aluminum over the device.
Copyright © ebay.com
Such devices can easily be bought over web stores. To quote an example of
researcher jamming the Israeli e-voting system. The same methodology of
transmitting a high frequency was followed.
Dosing an RFID network:
RFID networks can be when specially-designed tags are used to overwhelm a
reader’s capacity to differentiate tags. We use anti-collision algorithms to fake
about 100 million number of tags at the same place which over loads the device’s
capacity to detect RFID devices thus turning it off. The algorithm simulates the
RFID device addresses with combinations that are multiples of 0s and 1s
And RFID DOS attack can be carried out very simply by making an algorithm of the
above described UML diagram. Then we would need to reprogram an RFID tag to
hardcode the algorithm that would further exploit the RFID endpoint device to
cause a temporary or permanent denial of service.
Another way of jamming an RFID network is a desynchronization attack, which is
one kind of DoS attacks, the shared secret values among the tag and the back-end
server are made inconsistent by an attacker. Then, the tag and back-end server
cannot recognize each other in future and tag becomes disabled.
http://www.offensive-security.com/offsec/cloning-rfid-tags-with-proxmark-3/
In order to make an RFID cloning device refer to the link below that is official
offensive security method to clone RFID tags using Proxmark.
Eavesdropping and Skimming on a RFID device
Eavesdropping and skimming both are considerably the same processes except
for one difference. Eavesdropping refers to a term in which the attacker actively
tries to perform unauthorized listening by intercepting the communication to the
available devices that are over the RFID network, while skimming is a term used
to define a process in which one targeted device is to be detected and then data
is to be read from that device.
In a Skimming attack there are two distances that an attacker considers:
The distance at which an attacker can power the token and issue a
command.
The distance at which an attacker can power the token, issue a command
and recover a response.
In an Eavesdropping attacks there three distances that an attacker keeps in mind:
The distance at which an attacker can detect a transaction, i.e. he can see
activity on the forward channel but cannot reliably recover the actual data.
The distance at which an attacker can reliably recover the data sent on the
forward channel.
The distance at which an attacker can reliably recover the data sent on the
backward channel.
We will be describing attack vectors over 13.46 MHz frequency limitation but
these attacks can be carried out.
An attacker can execute an eavesdropping attack if he acquired a suitable
antenna, an RF receiver and a method to sample and record the data. An
inexpensive RF receiver can be easily made using 3 functional units
1. Antenna: Enameled copper wire and adhesive copper tape can easily be
used to construct HF loop antennas of different sizes and number of loops
2. Mixer unit: The mixer’s function is to move a spectral band of interest to a
chosen intermediate frequency (IF) through direct down conversion
3. Filter Bank: Filtering helps to isolate the unwanted frequencies and extract
the data of interest
The attacker needs to capture and demodulate the signal from his receiver. The
signal sample rate used by the attacker depends upon the output of his receiver,
since the rate needs to be at least twice the highest frequency component. An
RFID receiver can be made by reference to the following link
http://www2.eng.cam.ac.uk/~dmh/ptialcd/trf/trf.htm
The skimming attack as described earlier occurs when an unauthorized reader
gains access to data stored on a token. In this attack scenario an attacker tries to
read the token without the victim knowing.
Ideally, an attacker must increase the operational range of his reader to avoid
raising suspicion. Increasing the range is not a new technical challenge and
methods for doing this are in fact described in application notes by several RFID
chip manufacturers. For this purpose we will look at a more practical scenario that
is skimming in ATMs. Theoretically, a skimmer could build such a device and walk
through a crowd, lifting information from nearby credit cards with RFID tags.
An RFID skimmer consists of the following components
An antenna
A Power Amplifier
A Buffer
A Power supply(+12 V)
Building an RFID Skimmer is a relative complex task than building any other RFID
device. The circuits and the components need to be carefully tuned to perform a
skimming attack. This is best explained in the reference journal given below.
http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html
The above reference article shows clear and complete steps in making an RFID
skimmer device that would perform the attacks
A ghost is the device that impersonates that data in the range of the reader of the
tag.
It should be noted that relay attacks are carried out in specific scenarios only. The
attacker has a large degree of freedom in performing these attacks and designing
the system. There are 4 ways in which relay attacks are feasible for the attacker to
carry out their plan
Range increase between Leech and the tag
Range increase between Ghost and Reader
Range increase between Ghost and Leech
Now that we have an idea about how relay attacks work. For demonstration
purposes we will be taking review about the new proposed Israeli voting system
that was based on contactless smart cards and how it is vulnerable to RFID relay
attack.
The working scheme as published by the Israeli Election Commission works on the
scenario of the following steps
1. A voter enters the premises of the voting booths
2. He is verified is ID card and assigned a voter number along with a smart
card to confirm his voting action
3. He has to then go to the voting booth where there is complete privacy. In
order reach the voting booth he passed to through a scanner which in fact
has an RFID tag reader installed in it to confirm the voter’s cote has been
casted and marked in the attendee’s column.
4. The he casts his vote gets out and disposes of the RFID tag
This is all legitimate how this can be misused. There are several flaws in this
voting system and all because of the RFID wireless smart card.
During the research it was found that many false votes could be casted for the
voters who were even not in the premises. This was because they were victims of
the RFID relay attacks.
Attackers has the leech devices with in contact with the victim and the Ghost
devices at the voting booths. This allowed the attackers to cast votes on behalf of
the victim who has not even been to the voting booth.
There are most practical implementations of this kind of attack as well. An RFID
Relay device kit can be easily purchases online and attacks of such types could be
performed. One example is as shown
http://www.buyincoins.com/item/34868.html#.U7xMFfldXww
Hacking UAVs
RFID is only one aspect of how smart cards are so vulnerable and attackers can
freely hack people. But one aspect of wireless frequency analysis is UAV or
Unmanned Aerial vehicle or drones. Many countries have this technology that
relies on wireless frequencies to communicate between control tower and the
Unit. Basically Unmanned Aerial Vehicles (UAVs) are remote-controlled aircraft
that can carry cameras, sensors and weapons over enemy territory.
The decade since 9/11 has seen these remote aircraft increase in prominence
from speculative prototypes to America’s primary counterterrorism weapon.
With a range of 10,000 miles (16,000 kilometers), the largest drone, Northrop
Grumman’s RQ-4 Global Hawk, cruises at high altitude, loitering over an area for
up to 30 hours. The drone produces high-quality surveillance images using its
suite of sensors.
A structure of a simple Drone has many components. It consists, four-cylinder,
four-stroke, 101-horsepower engine, the same engine type commonly used on
snowmobiles, turns the main drive shaft. The drive shaft rotates the Predator's
two-blade, variable-pitch pusher propeller.
The rear-mounted propeller provides both drive and lift. The remote pilot can
alter the pitch of the blades to increase or decrease the altitude of the plane and
reach speeds of up to 135 mph (120 kts). There is additional lift provided by the
aircraft's 48.7-foot (14.8-meter) wingspan, allowing the Predator to reach
altitudes of up to 25,000 feet (7,620 meters).
The slender fuselage and inverted-V tails help the aircraft with stability, and a
single rudder housed beneath the propeller steers the craft.
The GPS Unit is located at the mid center of the UAV to allow maximum exposure
to the Satellite. There is a Camera Sensor array that performs the image
monitoring as well as of course the propeller to propagate the Unit further.
The drone works on principles that are different from the working of normal
aircrafts.
Copyright © Washington post
The UAV works on the principle of communication switching. When the UAV takes
flight it is initially connected and controlled through the Ground control tower
that controls its movement and monitors the visuals that are sent back. As we
know that the control tower’s communication range is limited in the sense that
after a certain distance it extends the communication range by using the satellite
antenna.
The UAV is then controlled through the satellite and its launch codes and
navigation codes are issued through there. The location of the drone is
determined by the GPS satellite that is in range.
Any UAVs works on two kinds of signals
1. Military signal
2. Clear Access Signal
Mostly Predator drones have Military signal working capability in order to encrypt
the signal to avoid distortion and most importantly avoid attackers. When
communication between the drone unit and the ground tower is lost the drone
tries to reconnect to the last connected signal and searches for it until
reconnected and If not reconnected it just continues to fly until the fuel runs out
and it crashes.
In 2011 Iran hacked a US RQ-170 stealth drone, to show you how drones can be
hacked and what are the current vulnerabilities that put them at risk we will have
to take that incident initially as a reference.
The drone was safely landed near Kashmar a station in Iran. Basically there are
two issues with drones that are currently in the internal devices that Iran took in
notice to hack the drone and that can still be used to hack UAVs.
1. Drone Auto-Pilot Mode
2. Frequency iteration search
It is the behavior of any aircraft to reconnect when the signal is lost. But when so
in Aircrafts such as a Boeing in which there are pilots to control and command
until the signal is reconnected. But in drones the case scenario is until the
reconnection the Drone switches in autopilot mode and flies based on
permutation observations and at the same time researches for available
frequencies that are valid. All this is done in the military signal band. Iran was
somehow able to decrypt the US military signal and flood the UAV with
connection attempts which lead to eventually loss of the original signal and then
came the part of the device called the “Spoofer”. By spoofing false GPS signals the
drone was completely controlled and hacked by the team and landed after that.
It is also possible to hack into UAVs that run on CA signals because there is no
security control applied to the signal being transmitted from the controller and
received by the unit. The civilian GPS signal are completely open and
unauthenticated so it is easy to spoof them. All the operational power of the
signals have to be more than the original controller of the unit. There are many
dangers here as said earlier.
In the future or near future to be exact we are going to have drones in the
Airspace that would be sharing the airspace with planes and military convoys. An
attacker from the ground could force these drones to turn against a crafting
Boeing and cause the mayhem it is not designed to do. Like drones any device
using GPS navigation system can be spoon feeded with false co-ordinates and
hacked.
There are a number of ways to fix this issue that is in drones. One way that is less
secure is to change the receiver design to rely only the satellite adopted
frequencies. Another way is to use the satellite itself to transmit and reduce the
time delay between original frequencies so that the signals cannot be spoofed.
One way or another drones may be hacked because of the design itself has issues.
Bluetooth and Mobile networks Vulnerabilities and
Exploitation techniques:
It has been easy to connect mobile devices with each other using Bluetooth.
Invented by telecom vendor Ericsson in 1994 Bluetooth is the wireless technology
standard for exchanging data over short distances from fixed and mobile devices,
and building personal area networks (PANs).
Bluetooth is a standard wire-replacement communications protocol primarily
designed for low-power consumption, with a short range based on low-cost
transceiver microchips in each device.
It is too frequent that individuals abandon proper setup of systems/units for the
Convenience of “out-of-the-box” configurations. Bluetooth, like any other
technology, can be quite complex and cumbersome to configure correctly
Bluetooth enabled devices are becoming more prominent in everyday life. Cell
phones, headsets, PDA’s, digital cameras, Bluetooth accessories such as PCMCIA
cards, and mobile computers are just a few of these devices. Together, they
encompass a significant portion of an individual’s everyday life. The average
person may not be aware of what Bluetooth technology is or is too busy to be
concerned with proper setup. This leaves them as well as the information
contained on these devices vulnerable to attacks.
Like all wireless attacks Bluetooth attacks are also about the same but with
different scenarios. Bluetooth has similar attack scenarios as all the other wireless
networks
1. MITM
2. Eavesdropping
3. DOS
4. Sniffing
5. Spoofing
But since the dawn of cellular modern technology, Android, IOS and other
conventional Cellular Oss have adopted hacking in their own ways.
Now select and copy one Bluetooth device to check if it’s alive using l2ping utility
L2ping [BT-address]
Now to open the utility called BT-Scanner.
Btscanner
There you will have a list of options of types of scan
That and more Wireless attacks will be discussed in the complete edition of this
research paper in the form a Book “Attacking the Air”
Conclusion:
All the wireless attacks discussed in this research paper were a part of the
theoretical research carried out on various endpoints used in the wireless
technology. Limitless attack vectors exist in the technological aspect of wireless
security that are left unpatched. To sum it all up, wireless technology has matured
to a stage where it has become very common deployment. Wireless attacks are
also evolving as the security standards evolved. Current protection mechanisms
and detection tools have not matured to a stage where detection is sufficiently
reliable.
This paper looks primarily at Wi-Fi, WiMax, UAVs, RFID tags, Voting systems,
Bluetooth enabled devices attacks for wireless LAN, but once that is breached,
and the attacker will then employ traditional types of attack strategies to attack
higher applications. Thus defenders ought to look at defense in depth strategies
other than just concentrating their efforts in Wireless DID type defenses.
In the meantime, enterprises seeking to deploy wireless technologies for
whatever reason should stay aware of current standards, software and hardware
releases so as to better mitigate the risks brought about by these wireless
deployments. We are wide open to attack and prey to attackers if we are
wirelessly connected. This proves that making ease not always make us secure
Ending Note:
This research paper concentrated on various wireless attacks, Most of them were
defined well for the ease of the reader. Like every written or complex piece of
work this one also has mistakes in it and issues with it because it was created by a
human being. And human beings do mistakes if we would not have then we
would have been in the heavens with the angels.
References:
Websites:
www.instructables.com
www.google.com
www.securitytube.net
www.offensive-security.com
www.linuxjournal.com
www.wireless-security.com
Books:
Wireless Penetration Testing Backtrack 5
RFID Handbook
Wireless Hacking Exposed
Bluetooth hacks V1