Wireless Attacks Flashcards
1
Q
Dissociation Attack
A
Dissociation Attack
- Removes client from wireless network
- Attacker sends dissociation frame with spoofed MAC address of victim to AP
- AP disconnects victim from wireless network
2
Q
WPS Attacks
A
WPS Attacks
- Wifi Protected Setup - config wireless device with PIN or buttons
- Brute force attack - keep trying PINS until one works
- Reaver is tool that can guess PIN in 10 hours
- With PIN can discover passphrase in WPA and WPA2
- Should disable WPS
3
Q
Rogue AP
A
Rogue AP
- Sniffer to capture wired traffic and broadcast wirelessly
- Attacker could use rogue AP to access wired network
4
Q
Evil Twin
A
Evil Twin
- Rogue AP with same SSID as legit AP
- Users connect to, attacker could present bogus login page
- Attacker could traffic
5
Q
IV Attack
A
IV Attack
- Initialization Vector attack
- IV = number plus pre-shared key
- Try to discover pre-shared key from IV
- Attacker injects packets, AP responds with more packets, each with an IV
- WEP uses small 24-bit IV; good chance it will send same IV, so can figure out key
- WEP can be broken in < 1 minute
6
Q
Bluejacking
A
Bluejacking
- Send unsolicited messages to nearby Bluetooth devices
- Harmless
- Message can confuse users
7
Q
Bluesnarfing
-Tools
A
Bluesnarfing
- Unauthorized access to, or theft of info from Bluetooth device
- Can access email, contacts, calendars, texts
- Attack tools: hcitool, obexftp
8
Q
Bluebugging
A
Bluebugging
- Like Bluesnarfing
- Attacker installs backdoor
- Attacker can have user’s phone call attacker, so can eavesdrop
- Also listen to phone calls, enable call forwarding, send messages
9
Q
Replay Attack
- What is vulnerable?
- What is not vulnerable?
A
Replay Attack
- Attacker captures data between two parties, modifies, attempts to impersonate one party by replaying data
- WPA2 uses CCMP and AES so not vulnerable
- WPA using TKIP is vulnerable - should not be used
10
Q
Which is short range? NFC or Bluetooth?
A
Which is short range? NFC or Bluetooth?
-NFC
