2 Flashcards

1
Q

Bluetooth classic
Frequency:
Modulation:
Channel #:
H/S:
Data Rate:
Range:
Payload:

A

2.4Ghz
FHSS
79 Channels
1600
3 mbps
10-100 m
none

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between Bluetooth smart and Bluetooth ready?

A

Smart - Can only connect to devices with Bluetooth low energy mode
Smart Ready- can connect too both new and old bluetooth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Bluetooth low energy
Frequency:
modulation:
Channels? How many are data transfers and BD_ADDR advertisments?
H/S:

A

2.4 Ghz
FHSS
40, 37 tx, 3 adver
100 h/s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

BLE ver4.0-4.2
Data rate:
Range:
Payload:

A

1 mbps
10m
2-39 bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BLE ver 5.0-5.2
Data Rate:
Range:
Payload:

A

2 Mbps - 20 m or 40m -1 mbps
2 - 257 bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does Bluetooth Low energy do for security?

A

Will send out a randomized BD_Addr in order to prevent location tracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is exploiting BT difficult?

A

Use of FHSS; based on a secret value
standard equipment doesn’t support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is it called that determines the hopping pattern of BT classic?

How long before it resets?

What are the two components its made of?

A

Pseudorandom hopping pattern

23 hours

Master Mac
Clock value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the relationship within a piconet?
How many devices in total/different types?

A

Master-Slave
1 master, 7 slaves, 8 in total

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two devices discovery modes? And what are there characteristics?

A

Discoverable:
Responds to Inquiry scans with inquiry response

Non-Discoverable
cannot make new connections, dosen’t respond to inquiry scans. Can still react w/ devices they have previously interacted with

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a BD_ADDR?

A

48-bit mac address of a bluetooth device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What parts make up the BD_ADDR?
SB:CD:DE:12:34:56

A

SB:CD - NAP Non-significant address part
First sixteen bits of BD_ADDR

DE - UAP Upper-address part
Last 8 bits of the oui

12:34:56 - Lower-address part
last 24 bits of the MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When is a BD_ADDR sent over the air?

A

Only when a device is in discoverable mode and never in the layer 2 header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the characteristics of the Host in a Bluetooth Protocol stack?

A

-Computer
-soft-ware based
-upper-layer protocols
- Profiles are stored here
- easily accessible to developers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the characteristics of the Host Controller Interface (HCI) in a Bluetooth Protocol stack?

A
  • Communication link b/w the host layer and the controller layer, *Last layer easily accessible by developers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the characteristics of the Controller (dongle) in a Bluetooth Protocol stack?

A

-hardware-based
-comes from a manufacturer
- encryption and authentication
- not accessible to developers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Bluetooth Profile?

A

Define additional functionality w/ a BT device, In order for a BT device to use certain functionality they must be operating the same profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the two types of authentications within BT?

A

Traditional pairing
Secure Simple Pairing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Link Key made of in a traditional pairing?

What can be found during the initial pairing of a device

What is traditional pairing vulnerable too?

A

BD_ADDR
PIN
Random #s

Random #s

pin attacks

20
Q

What is the Link Key made of in a secure simple pairing

Is it vulnerable to pin attacks? Why or why not?

A

ECC w/the Diffie Helman key exchange

No, because it isn’t used in the creation of the key. Preventing man-in-the-middle attacks

21
Q

Bluetooth Power classes
What is the power/range of class 1?

A

100 mw 100m

22
Q

Bluetooth Power classes
What is the power/range of class 1.5?

23
Q

Bluetooth Power classes
What is the power/range of class 2?

24
Q

Bluetooth Power classes
What is the power/range of class 3?

25
When trying to find the BD_ADDR what are the methods to do so?
1. Active Discovery - Scanning inquiry response 2. Passive Discovery - looking for label that has BD_ADDR 3. Hybrid Discovery - off by one method, looking at last byte of a wifi mac address and adding or subtracting one the last value too guess the BD_ADDR 4. Traffic Analysis- reconstructing the BDR_ADDR from a BT frame, taking the LAP from the Sync word which comes from the Access code and the UAP from the frame size fo the payload
26
When trying to exploit BT Classic pin attacks what's the order?
Scan and recon for BD_ADDR using AD, PD, HD, TA > Get BD_ADDR from Inquiry Response > Brute Force PIN > get the link key
27
What is the repairing exploit in BT?
Disconnect Bluetooth devices to force them into another session and get another opportunity for an inquiry response
28
What is the vulnerability of Bluetooth low energy ver 4.0-4.2?
A weak temporary key
29
What is the Device Identity Manipulation?
-Happens before A connection - Changing class information too bypass any connection restrictions
30
What exploit is abusing profiles
Happens after a connection - takes advantage of a preloaded profile for uses it was not designed for
31
RFID Communication: Frequencies(3): Componenets(3):
Simplex "one way" Low, High, Ultra High Reader/Interrogator Antennae Tag
32
Within RFID what is the difference between an active and passive tag? Active: Power source? Transmit capable? range? Devcies? Passive Power source? Transmit capable? range? Devcies?
Active: Power source transmits 300 ft Transponder: transmits when interrogated Beacon: Transmits periodically Passive: No power Source Can't transmit can be read 30 ft
33
What are the security concerns of RFID?
Skimming, tag data manipulation, jamming
34
NFC Communication: Freq: Data Rate: Range: Components
Simplex, Half-duplex, and full duplex 13.56 MHz 424 kbps 4cm-10cm initiator, target
35
What NFC mode of operation emulates a physical card?
Card emulation
36
What NFC mode of operation allows interaction w/an information source
Discovery
37
What NFC mode of operation has two NFC enabled devices to communicate directly to each other.
Perr-to-Peer communication
38
NFC Security?
Skimming Tag manipulation jamming
39
ZigBee Layer 1 and Layers 2: Layer 3 and Layer 4: Frequency: Data rate: Range: Toplogies: max # of hops: max # of nodes:
IEEE 802.15.4 ZigBee 2.5GHz 250kbps 10-20m between nodes star, tree, or mesh unlimited 65,535
40
ZigBee device types: __________ Trust center, can only be 1 in the network, All keys are unique and stored here
ZigBee Coordinator (Zc)
41
ZigBee device types: ____________ - forwards traffic
Zigee Router (ZR)
42
ZigBee device types: _____________ - can only communicate w/ a zigbee coordinator for a ZigBee Router. No perr-to-peer communication
ZigBee End Device (ZED)
43
What are 2 security models of Zigbee?
Centralized - unique keys, (Zc) Distributed - identical keys (no Zc)
44
What are the two security modes of ZigBee?
High Security- Enterprise Standard - Residential
45
Zwave Layer 1 and Layer 2: Layer 3 and 4: Frequency: data rate: Range: Topologies: max # of hops: max # of nodes:
ITU-T Rec. G.9959 Zwave Sub-1 GHz 100 kbps 100m b/w nodes mesh only 4 232
46
What is Zwave security charecxteristics?
Zsnare downgrade S2 > S0 -optional encryption is Zwaves biggest threat