Understanding Wireless Attacks

Question 1

What type of wireless attack involves the attacker mimics an organizations AP to connect your users’ computers to their wireless AP for the purpose of a peer-to-peer attack?

Answer 1

Evil Twin

Question 2

How do wireless stations choose an access point?

Answer 2

Using the SSID

Question 3

Disabling the function that makes a bluetooth devices “discoverable” can help prevent what type of attack?

Answer 3

Bluesnarfing

Question 4

WPS uses what to simplify configuration of a wireless device?

Answer 4

an 8-digit pin

Question 5

What type of attack is WPS susceptible to and how long can it take for the attack to reveal the correct PIN?
Once the PIN is discovered, what can the attacker then find out?

Answer 5

Brute force guessing of PIN
It can take as little as 2 hours to find the PIN
Once PIN found, attackers can then find out the WPA and WPA2 passphrase

Question 6

What’s the difference between a Rogue AP and an Evil Twin. What do hackers use them for?

Answer 6

A rogue access point is an unauthorized access point that has been installed on a network. A hacker will use it to gather information by using it sniff packets or simply access the wired network
Evil Twin is also a rogue access point but this use is slightly different. It is set up to mimic the SSID of a legitimate AP causing users to connect to it. It is not connected to a company’s network. Hackers use it to steal information the users enter when they browse the web.

Question 7

What does jamming involve?

Answer 7

an attacker using noise on the same frequency as the wireless signal. This prevents users connecting to the wireless network or intermittent connectivity.

Question 8

What’s the name given to the practice of sending unsolicited messages to nearby bluetooth devices?

Answer 8

Bluejacking

Question 9

You’ve just used obexftp to steal information from someone’s phone, what have you just done?

Answer 9

Bluesnarfing

Question 10

How is bluebugging different to bluesnarfing?

Answer 10

Bluesnarfing involves stealing information from a phone over bluetooth connection, but Bluebugging installs a back door which allows the attacker to do things like make the hijacked phone call their phone so they can listen in on conversations in the same room.

Question 11

What 3-types of attack is RFID susceptible to?

Answer 11

sniffing
replay
DoS

Question 12

What type of attack involves a method where attackers use an antenna to boost the range of a short range reader to steal data

Answer 12

NFC attack

Question 13

Why is it called a replay attack?

Answer 13

because the attacker captures data, alters it, then re-sends or replays the data in attempt to impersonate one of the parties.

Question 14

What wireless security standard is invulnerable to replay attacks?

Answer 14

WPA2 using CCMP and AES

Question 15

TKIP was deprecated in 2012 for what reason?

Answer 15

Attacker were able to discover the Message Integrity Check key used to launch a replay attack