2.3 Explain various types of vulnerabilities.

Question 1

Types of Cryptographic Attacks

Answer 1

• Downgrade Attacks: Forces systems to use old, weak encryption (e.g., POODLE on SSL 3.0).
  
  • Fix: Stop using outdated protocols and add version checks.
• Collision Attacks: Finds two inputs that make the same hash, breaking data verification.
  
  • Example: Birthday Attack – two different inputs produce the same hash.
  • Vulnerable Algorithms: MD5 is one example.
• Quantum Computing Threat
  
  • Threat: Could break encryption like RSA and ECC by quickly factoring large numbers.
  • Fix: (1) Increase key size (2) Use advanced cryptography

Question 2

Bluetooth Vulnerabilities and Attacks

Answer 2

• Vulnerabilities
  
  • Insecure Pairing: Connection without proper authentication
  • Device Spoofing: Attacker impersonates a device to trick users
  • On-Path Attacks: Intercept and alter communications without detection
• Types of Bluetooth Attacks
  
  • Bluejacking: Sends unsolicited messages (e.g., pranks, testing vulnerabilities)
  • Bluesnarfing: Steals data like contacts and messages without permission
  • Bluebugging: Takes control of Bluetooth functions (e.g., make calls, send texts)
  • Bluesmack: Denial-of-Service attack, overwhelms devices to crash them
  • BlueBorne: Infects devices over the air without user action
• Wireless Audit: Evaluates wireless signal footprint, power levels, antenna placement, and encryption of traffic.
  
  • Helps detect rogue access points and unauthorized users.
• War Driving: Technique where attackers use vehicles to scan and test wireless networks. Could be used by admins
• War Flying: Similar to war driving but uses planes or drones instead of cars.
• Best Practices for Secure Bluetooth Usage
  
  • Turn off Bluetooth when not in use to reduce attack surface
  • Set devices to non-discoverable mode by default
  • Update firmware regularly for security patches
  • Pair only with trusted devices
  • Use unique PINs during pairing for added security
  • Be cautious of unsolicited connection requests
  • Encrypt sensitive data during transfer to prevent unauthorized access

Question 3

Mobile Vulnerabilities and Attacks

Answer 3

• Sideloading: Installing apps from unofficial sources, increasing malware risks (Mitigation: Download from official sources only)
• Jailbreaking/Rooting: Grants escalated privileges but blocks updates, leaving devices vulnerable
• Insecure Connection Methods: Using open Wi-Fi or unknown Bluetooth devices exposes to attacks
  
  • Mitigation: Use cellular data, connect only to known devices, use strong passwords, enable 802.1x authentication, and set devices to non-discoverable

Question 4

Operating System Vulnerabilities

Answer 4

• Unpatched Systems
• Zero-Day Vulnerabilities: Unknown flaws to developers and attackers (Mitigation: Use host-based IPS and keep systems updated)
• Misconfigurations: Improper settings can create vulnerabilities (Mitigation: Use configuration management tools and perform periodic audits)
• Data Exfiltration: Unauthorized transfer of sensitive data (Mitigation: Use encryption and endpoint protection tools)
• Malicious Updates: Fake updates with malware (Mitigation: Use trusted sources, verify updates with digital signatures and hashes)

Question 5

SQL and XML Injections

Answer 5

• Injection Attack: Sends malicious data to cause unintended behavior
  
  • SQL and XML injections aim to insert code into systems
• SQL (Structured Query Language) Injection
  
  • SQL Injection: Inserts malicious SQL code (e.g., ' OR 1=1)
    
    • Attack Vectors: Use URL parameters, form fields, cookies, or HTTP headers
    • Prevention:
      
      • Input validation and data sanitization
      • Use web application firewall (WAF)
• XML (Extensible Markup Language) Injection
  
  • XML Exploits:
    
    • XML Bomb: Acts as a denial-of-service attack by consuming memory
    • XXE (XML External Entity) Attack: Reads local resources (e.g., password files)
      ```
      <!ENTITY xxe SYSTEM “file:///etc/shadow”>
      <foo>&xxe;</foo>```
    • Prevention:
      
      • Use TLS encryption for XML data
      • Implement input validation and sanitization

Question 6

XSS and XSRF

Answer 6

XSS (Cross-Site Scripting): Injects malicious scripts into trusted sites, compromising visitors

• Goal: Make visitors execute malicious code bypassing security
• XSS Attack Steps:
  
  1. Find input validation vulnerabilities
  2. Craft a malicious URL
  3. Site returns a page with injected code
  4. Code runs with trusted site’s permissions
• Types of XSS:
  
  • Non-Persistent: Runs once (server-side)
  • Persistent: Inserts code into a backend database (server-side)
  • DOM XSS: Exploits client-side scripts to modify web pages
• FOR THE EXAM:
  
  • If attack involves something in the URL → Likely XSS
  • If attack uses document-something (e.g., document.cookie) → Likely DOM-based XSS

Session Management: see a separate card

XSRF (Cross-Site Request Forgery): Exploits sessions from another site within the browser (if two tabs are opened in the browser)

• Uses tags, images, HTML to disguise attacks
• Doesn’t need user clicks to execute
• Prevention:
  
  • Use user-specific tokens in forms
  • Add randomness to password resets
  • Enforce two-factor authentication
  • Require current password for changes
  • Additional concepts:
    
    • Session Hijacking: Attacker spoofs a host to take over a session
    • Session Prediction: Attacker guesses the session token
• FOR THE EXAM:
  
  • If someone tries to change data on behalf of a user (e.g., unknown update to password or email) → Likely XSRF

Question 7

Race Conditions

Answer 7

Attack, related to the order and timing of events in concurrent processes

• Types
  
  • TOC (Time-of-Check)
  • TOU (Time-of-Use)
  • TOE (Time-of-Evaluation)
• Mitigation
  
  • Use mutexes for exclusive access
  • Prevent deadlocks by proper lock design