WIRELESS DAY 2 Flashcards
Bluetooth devices advertise their BD_ADDR and device name when operating in what mode of operation?
Discoverable Mode
What allows Classic Bluetooth devices to alter their hopping sequences to avoid channels with interference?
Adaptive Frequency Hopping (AFH)
What is the max transmit power and typical range for Power Class 1 interfaces?
100 mW and 100 meters
The Bluetooth discovery method of Traffic Analysis attempts to read the 24-bit Lower Address Part (LAP) out of the _____ _____ and reverse engineer the 8-bit Upper Address Part (UAP) from the ________.
Sync Word and Checksum
What is the max transmit power and typical range for Power Class 1.5 interfaces?
10 mW and 20 meters
What is the hopping rate for Classic Bluetooth operations?
1600 hops per second
What Bluetooth discovery method attempts to guess the BD_ADDR as being “off-by-one” from the Wi-Fi MAC address of the same device?
Hybrid Discovery
Which portion of the Classic Bluetooth protocol stack is software-based, user-accessible, and is where profiles can be found?
Host Layer
What is the max transmit power and typical range for Power Class 2 interfaces?
2.5 mW and 10 meters
What is the maximum data rate for Bluetooth Classic?
3 Mbps
What defines security mechanisms and various applications for various Bluetooth uses?
Bluetooth Profiles
What Bluetooth protocol can be used to enumerate what services are available on a potential target device?
Service Discovery Protocol (SDP)
What are the three parts of the BD_ADDR?
Non-significant Address Part (NAP), Upper Address Part (UAP), Lower Address Part (LAP)
Which portion of the Classic Bluetooth protocol stack is hardware-based, not user-accessible, and where encryption is implemented?
Controller Layer
On a Classic Bluetooth protocol stack, what is the interface called between the user-accessible protocols implemented on the Bluetooth host and the typically inaccessible protocols implemented on the Bluetooth controller?
Host Controller Interface (HCI)
Classic Bluetooth uses FHSS modulation to hop across how many frequencies?
79
In what frequency range does Classic Bluetooth operate?
2.4 GHz ISM Band
What is the max transmit power and typical range for Power Class 3 interfaces?
1 mW and 1 meter
In what frequency band does BLE operate?
2.4 GHz ISM Band
What optional privacy feature is available for BLE devices?
Randomly generated BD_ADDR for each connection
On how many channels/frequencies does BLE networks hop?
40 total: 37 data channels and 3 advertising channels.
What marketing term describes devices capable of operating in both Classic Bluetooth and BLE?
Bluetooth Smart Ready
For Bluetooth Low Energy 4.0
Max Data Rate: ____
Typical Max Range: ____
Max Payload Size: ___
1 Mbps
10 meters
39 bytes
For Bluetooth Low Energy 5.0
Max Data Rate: ____
Typical Max Range: ____
Max Payload Size: ___
2 Mbps
40 meters
257 bytes
What marketing term describes devices capable of operating in BLE only?
Bluetooth Smart
How many devices can participate in a piconet?
Maximum of 8 total devices. 1 Master device and up to 7 Slave devices.
What architecture does a Bluetooth piconet use?
Master-Slave structure formed in an ad hoc fashion
What is the key value used to generate the pseudorandom hopping sequence?
MAC Address of the Master device
What 3 components are required to create a Classic Bluetooth Security (Link) Key?
Which part(s) is/are sent during the pairing process?
BD_ADDR, PIN value, and some Random Numbers
Only the Random numbers are sent during the pairing process.
- The PIN is never transmitted
- The BD_ADDR is only transmitted when in Discoverable mode
What is the term used to describe changing a Bluetooth interface’s name, service class, and/or BD_ADDR in order to bypass connection restrictions?
Device Identity Manipulation
What makes intercepting Bluetooth traffic difficult?
- Use of FHSS modulation
- Unique and long hopping pattern
- Pattern may have been altered due to AFH - Standard Bluetooth interfaces do not support “monitor-mode” passive sniffing
What is the term used to describe taking advantages of vulnerabilities of Bluetooth Profiles after establishing a connection to a target device?
Abusing Profiles
What attack attempts to invalidate legitimate Security Keys to create an opportunity for an attacker to capture a new “initial” pairing?
Repairing attack
What are the 3 types of ZigBee devices?
ZigBee Coordinator (ZC)
ZigBee Router (ZR)
ZigBee End Device (ZED)
What network topologies are supported in ZigBee networks?
Tree, Star, or Mesh
What open standard is used by ZigBee devices at Layers 1 & 2?
IEEE 802.15.4
What is the most common frequency range for ZigBee networks?
2.4 GHz ISM band
What is the typical max range of transmission for ZigBee devices?
10 to 20 meters
What is the max data rate for ZigBee communications?
250 Kbps
What is the maximum number of devices in a ZigBee network?
65,535
What are the two ZigBee security modes?
Which is more secure?
High Security and Standard
High Security is more secure
What are the two security models?
Which is more secure?
Centralized and Distributed
Centralized is more secure
What frequency range does Z-Wave networks operate?
Sub-1 GHz (865 - 926 MHz)
What is the max data rate for Z-Wave transmissions?
100 Kbps
What network topologies are supported by Z-Wave networks?
Mesh
What open standard do Z-Wave devices use at Layers 1 & 2?
ITU-T Recommendation G.9959
What is the maximum number of devices on Z-Wave networks?
232
What is the biggest security threat to Z-Wave operations?
Lack of use of the optional encryption
What are the different types of RFID tags?
Active - has own power source
Passive - powered through inductive coupling of the magnetic field from the reader
What are the three major components of an RFID system?
- Reader/Interrogator
- Antenna
- Tag
In how many frequency ranges can RFID operate?
3 different frequency ranges (LF, HF, and UHF)
What is the biggest security concern with RFID?
“Skimming” and duplication of RFID tags
What are the two types of Active Tags?
- Transponder - transmits when interrogated
2. Beacon - transmits on a periodic basis
What is the max range of operation for RFID systems?
approximately 300 feet
What is the frequency of operation for NFC devices?
13.56 MHz
What is the typical range of transmission for NFC?
less than 4 centimeters
What are the components of an NFC system?
- Initiator
2. Target
What is the max data rate of transmission for NFC?
424 Kbps
What are the 3 NFC modes of operation?
- Card Emulation
- Discovery (read & write)
- Peer-to-peer communications
What are the communication modes supported by NFC?
Simplex (one-way)
Half-Duples (two-way)
Full-Duplex (two-way)
What is the term used to describe using malicious code embedded in QR codes to execute malware on a victim device?
Attack Tagging or “attaggin”
A typical QR code can store how many alphanumeric characters?
appx. 4000 (4296)
A typical QR code can store how many numeric characters?
appx. 7000 (7,089)
