Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 04 - Wireless and RF Attacks - Handout

    Uploaded by

    Wayne Wayne
    2 views12 pages
    This document discusses wireless and RF vulnerabilities and attacks. It describes various attack vectors such as evil twin attacks, deauthentication attacks, fragmentation attacks, credential harvesting, and weaknesses in WPS implementations. It also discusses other wireless vulnerabilities like bluejacking, bluesnarfing, RFID cloning, and jamming. The document emphasizes that wireless traffic can be received by anyone if unencrypted, and outlines exploits like data modification, data corruption, and capturing handshakes. It notes that amplified antennas can extend the range of an attack platform, allowing attacks from farther distances.

    Original Description:

    Original Title

    Chapter 04_Wireless and RF Attacks_Handout

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses wireless and RF vulnerabilities and attacks. It describes various attack vectors such as evil twin attacks, deauthentication attacks, fragmentation attacks, credential harvesting, and weaknesses in WPS implementations. It also discusses other wireless vulnerabilities like bluejacking, bluesnarfing, RFID cloning, and jamming. The document emphasizes that wireless traffic can be received by anyone if unencrypted, and outlines exploits like data modification, data corruption, and capturing handshakes. It notes that amplified antennas can extend the range of an attack platform, allowing attacks from farther distances.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views12 pages

    Chapter 04 - Wireless and RF Attacks - Handout

    Uploaded by

    Wayne Wayne
    This document discusses wireless and RF vulnerabilities and attacks. It describes various attack vectors such as evil twin attacks, deauthentication attacks, fragmentation attacks, credential harvesting, and weaknesses in WPS implementations. It also discusses other wireless vulnerabilities like bluejacking, bluesnarfing, RFID cloning, and jamming. The document emphasizes that wireless traffic can be received by anyone if unencrypted, and outlines exploits like data modification, data corruption, and capturing handshakes. It notes that amplified antennas can extend the range of an attack platform, allowing attacks from farther distances.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    CHAPTER 4

    Wireless and RF Attacks


    Episode 4.01 - Wireless Exploits, Part 1

    Objective 3.2 Given a scenario, research attack vectors and


    perform wireless attacks
    WIRELESS AND RF
    VULNERABILITIES
    • Wireless and RF
    vulnerabilities
    ­Broadcast is wide open
    ­aircrack-ng

    • Evil twin – rogue WAP used to


    eavesdrop
    ­Karma attack (Karma Attacks Radio
    Machines Automatically)
    ­Downgrade attack – attempt to
    negotiate a more insecure protocol

    • Deauthentication attacks
    ­DoS attacks, disrupt communication
    between user and WAP
    WIRELESS AND RF
    VULNERABILITIES
    • Fragmentation attacks
    ­DoS attack, floods a network with
    datagram fragments

    • Credential harvesting
    ­Process of capturing or discovering
    valid login
    ­Social engineering, etc

    • WPS implementation
    weaknesses
    ­Several consumer grade WAPs
    could allow an attacker to learn
    the WPS PIN
    OTHER WIRELESS
    VULNERABILITIES
    • Bluejacking
    ­Unsolicited messages to a Bluetooth-
    enabled device
    • Bluesnarfing
    ­Stealing information from Bluetooth-
    enabled device
    • RFID Cloning
    ­Unauthorized copy of device’s RF signal
    • Jamming
    ­DoS attack, disables communication
    among devices
    • Repeating
    ­Receiving and retransmitting a signal to
    increase range
    • Anyone can receive wireless traffic - unencrypted
    means anyone can read it
    • Evil twin can trick users into using your access
    point instead of a valid one
    • Multiple attacks emerging for Bluetooth devices
    • IoT makes wireless vulnerabilities much more
    prevalent
    Episode 4.02 – Wireless Exploits, Part 2

    Objective 3.2 Given a scenario, research attack vectors and


    perform wireless attacks
    WIRELESS EXPLOITS
    • Data modification
    - Unauthorized wireless access to change actionable data
    - May focus on altering configuration to ease further
    access/attack
    • Data corruption
    - Attack on availability
    - Targets may be valuable data and/or configuration settings
    • Capture handshakes
    - Useful in replay and impersonation attacks
    • On-path
    - Previously known as man-in-the-middle attacks
    • Wireless attacks focus on key vulnerable areas
    including sessions, authentication, and blocking
    valid access
    • Data corruption is an attack on availability
    • Capturing handshakes is useful in replay and
    impersonation attacks
    Episode 4.03 – Antennas

    Objective 3.2 Given a scenario, research attack vectors and


    perform wireless attacks
    WIRELESS ATTACK TOOLS
    • Amplified antenna
    - Device to extend the effective range of attack
    platform
    - Allows an attacker to carry out attacks physically
    farther from victims
    • Amplified antennas are devices used to extend
    the effective range of attack platform
    • Amplified antennas allow an attacker to carry out
    attacks physically farther from victims

    You might also like