MOD 16 - Hacking Wireless Flashcards

1
Q

Wardriving

A

Driving around in an car while using a laptop to find wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Zigbee

A

Short-range communications protocol (802.15.4) to deliver data infrequently, at a low rate, in a restricted area, with a max range of 100m. Examples include home automation or medical device data collection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WEP, WPA, WPA2

A

Wired Equivalent Privacy - was designed to be as secure as a wired LAN. Used RC4 for encryption, but never changed the key
WPA - replacement for WEP and did NOT require a hardware upgrade; simply do a firmware update on your WEP devices. Uses RC4/TKIP
WPA2 - uses AES-128/CCMP for encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WPA3

A

Latest WiFi encryption standard. WPA3 Uses GCMP-256 for authenticated encryption, HMAC-SHA-384 for key derivation and confirmation, and ECDSA-384 for key establishment & authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • SAE
A

Simultaneous Authentication of Equals - this the new & improved authentication method that WPA3 uses for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Evil Twin

A

Fake WAP that pretends to be a legitimate one. Victims connect to the Evil Twin unaware. Attacker can then sniff their traffic, present fake login pages to pharm user credentials, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

KRACK attack

A

Key Reinstallation AttaCK - attack against WPA2. Tricks a victim into reinstalling an already-in-use encryption key, which the attacker has. This lets MiTM view your WiFi traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Downgrade attack
A

Forces a victim to use older, less-secure protocols. For example, your users normally use WPA3 security, but an attacker sets up an Evil Twin that only allows WPA2, thus downgrading the victim’s security to use a lesser standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

aLTEr Attack

A

Attacks LTE devices, like cell-phones. Attacker runs a fake cell-tower between victim and real tower, which can then interrupt the victim’s transmission in an attempt to hijack an active session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dragonblood

A

Set of vulnerabilities in WPA3 that allows attackers to recover keys, downgrade security mechanisms, and launch data theft attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Bluetooth attacks

A

Bluejacking: Bluetooth SPAM. Bluesnarfing: Stealing someone’s info by exploiting Bluetooth vulnerabilities. Bluesmacking: Bluetooth DOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

*BtleJack

A

Bluetooth utility to sniff, jam, or hijack Bluetooth connections. Use -d to select a a connected device to use. Use -s to sniff a connection. Use
-d selects a connected device
-c finds a new connection to sniff, then -s will sniff that connection
-t allows you to hijack a Bluetooth connection (think -t for “takeover”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Best-Practice WiFi configuration

A

Disable SSID broadcasts, use Port-Security (MAC filtering) to only allow authorized devices to connect, use 802.1x (port-authentication)
While it’s a great idea to disable SSID broadcasts, it’s not bullet-proof. An attacker can still connect to your WiFi by sniffing the SSID from a successful wireless association.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

802.1X

A

Port-Authentication. Forces users to supply their own credentials in order to gain access to the network through switch ports (wired or wireless)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WIPS (Wireless IPS)

A

Can locate rogue access points and many other wireless threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Ettercap
A

Comprehensive suite of tools that can be used for wireless Man in The Middle attacks and other useful tricks

17
Q
  • WPS and the Wash utility
A

WPS = WiFi Protected Setup. This is a feature that makes it easy for home users to connect to a WAP. They just press a button on the WAP and enter a PIN on their device. Unfortunately, this feature is relatively easy to attack. The Wash utility scans a network to find WPS-enabled AP’s.
Wash Utility can find WPS devices and hack it.

18
Q

Best 3 ways to protect wifi

A
  1. Hide SSID
  2. MAC Address Filtering / Port Security
  3. Use 802.1x (Enterprise)