Learn how PurpleSec can help mitigate the latest cyber attacks and improve security ROI.
Authors: Michael Swanagan, CISSP, CISA, CISM / Last updated: 10/18/22
Reviewed By: Rich Selvidge, CISSP, Seth Kimmel, OSCP
View Our: Editorial Process
Wireless attacks can be prevented by Turning off unused networking features, Not broadcasting your SSID, Changing the default password and secure it with a strong password, Encrypting your wireless communication, Filtering the MAC addresses that are allowed to connect to your router. and more.
A wireless attack involves identifying and examining the connections between all devices connected to the business’s wifi. These devices include laptops, tablets, smartphones, and any other internet of things (IoT) devices.
Common types of wireless attacks include:
Data emanation is a form of an attack whereby data is compromised by receiving the analog output from a device and transferring the by-product to another resource. The source of the attack can derive from emanations from the sound of keyboard clicks, light from LEDs, and reflected light.
The electromagnetic field generated by a network cable or device can also be manipulated to eavesdrop on a conversation or to steal data.
Jamming is a type of Denial of Service (DoS) attack targeted to wireless networks. The attack happens when RF frequencies interfere with the operation of the wireless network. Normally jamming is not malicious and is caused by the presence of other wireless devices that operate in the same frequency as the wireless network.
Hackers can perform Denial of Service (DoS) jamming attacks by analyzing the spectrum used by wireless networks and then transmitting a powerful signal to interfere with communication on the discovered frequencies.
The main aim of a DoS attack is to direct malicious signals towards the sensor nodes’ communication channels to deplete their resources such as the battery life, bandwidth, and storage in order to prevent transmitted sensor data from reaching its destination, thereby affecting its long-term availability.
Several attack methods target Bluetooth devices specifically.
These include:
Near Field Communication (NFC) technology allows two devices placed within a few centimeters of each other to exchange data. In order for the technology to work, both devices must be equipped with an NFC chip. This technology is usually embedded in commuter cards, smart cards, and smartphones.
The security attacks and risks that could occur in NFC are due to the physical nature of the NFC sensors and its operating mechanism which uses the insecure communication channel.
NFC communication is susceptible to eavesdropping, ticket cloning, data corruption, data modification, data insertion, and Denial of Service (DoS) attacks.
War Driving is defined as the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computing device. The term War Driving is derived from the 1980s phone hacking method known as war dialing.
War dialing involves dialing all the phone numbers in a given sequence to search for modems. The War Driving gained popularity in 2001, because that time wireless network scanning tools became widely available.
The initial war driving tools included simple software coupled with the WNIC (Wide-area Network Interface Coprocessor).
Recent wireless technology developments enable a network to extend far beyond the parking space of an office building. In some cases, a wireless network has the ability to span several miles.
Now an attacker can stay far away from the building and still catch a strong signal from the network. A good war driving software package is NetStumbler.
You can prevent War Driving Attacks by:
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims’ sensitive details. The attack can be performed as a man-in-the-middle (MITM) attack.
The fake Wi-Fi access point is used to eavesdrop on users and steal their login credentials or other sensitive information. Because the hacker owns the equipment being used, the victim will have no idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent straight to the hacker. Once the hacker gets them, they might simply disconnect the victim and show that the server is temporarily unavailable.
A Deauthentication attack is a type of denial of service attack that targets communication between a user and a Wi-Fi access point.
Deauthentication frames fall under the category of the management frames. When a client wishes to disconnect from the AP, the client sends the deauthentication or disassociation frame. The AP also sends the deauthentication frame in the form of a reply. This is the normal process, but an attacker can take advantage of this process.
The attacker can spoof the MAC address of the victim and send the deauth frame to the AP on behalf of the victim; because of this, the connection to the client is dropped. The aireplay-ng program is the best tool to accomplish a deauth attack.
Warchalking is when someone draws symbols or markings in an area to indicate open Wi-Fi. This type of attack is relatively harmless.
The practice of creating symbols that could demonstrate the open wireless network and they were documented for standardization. So whenever they would come across an open Wi-Fi, they would draw these symbols on nearby walls or pavement or even on the lamps so as to advertise it.
Importance of it was to make other people were aware that open wireless network exists at a particular location for other to use it as well. They would draw specific symbols to state whether there was an open node, closed node or even the encrypted one.
An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device.
The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user.
An eavesdropping attack can be difficult to detect because the network transmissions will appear to be operating normally.
To be successful, an eavesdropping attack requires a weakened connection between a client and a server that the attacker can exploit to reroute network traffic. The attacker installs network monitoring software, the “packet sniffer,” on a computer or a server to intercept data as it is transmitted.
A simple, yet effective strategy for wireless DoS is to replay locally overheard data packets. These packets are then carried by other forwarding nodes resulting in increased levels of congestion on a wider scale. There are variations of the attack, where either control or data packets are replayed.
The objective of the attacker is to make the packet to look like a legitimate unit avoiding at the same time detection. The intelligence of such an attack lies in convincing the MAC level recipient(s) of a packet to accept and forward it and, the final destination into believing that this was a legitimately retransmitted packet and that no attack is being launched.
You can prevent Replay Attacks (Wireless) by:
Wi-Fi Protected Setup (WPS) is a wireless standard that enables simple connectivity to “secure” wireless APs. The problem with WPS is that its implementation of registrar PINs make it easy to connect to wireless and can facilitate attacks on the very WPA/WPA2 pre-shared keys used to lock down the overall system.
The WPS attack is relatively straightforward using an open source tool called Reaver. Reaver works by executing a brute-force attack against the WPS PIN.
WEP, or Wired Equivalent Privacy, was implemented in 1995 to provide the same expectation of privacy as on wired networks for users of Wi-Fi but had security problems that came to light shortly afterwards. It was deprecated in 2004, superseded by the WPA and WPA2 encryption that you see today.
The reason for this was a series of increasingly devastating attacks against the encryption used in WEP, resulting in the ability to recover the password in a matter of minutes.
WEP is a stream cipher which relies on never using the same key twice to provide security. Unfortunately, as demonstrated in several published attacks, an attacker is easily able to force the same key to be used twice by replaying network traffic in a way that forces a tremendous amount of packets to be generated.
This allows an attacker to collect the data needed to determine the encryption key and crack the network password outright. With good range and a powerful network adapter, anyone can expect to crack WEP networks in only a few minutes.
Unfortunately, WPA (Wi-Fi Protected Access) is susceptible to password-cracking attacks, especially when the network is using a weak PSK or passphrase.
An IV attack is also known as an Initialization Vector attack. This is a kind of wireless network attack that can be quite a threat to one’s network. This is because it causes some modifications on the Initialization Vector of a wireless packet that is encrypted during transmission.
After such an attack, the attacker can obtain much information about the plaintext of a single packet and generate another encryption key which he or she can use to decrypt other packets using the same Initialization Vector. With that kind of decryption key, attackers can use it to come up with a decryption table which they and use to decrypt every packet being sent across the network.
TKIP was introduced in 2003, and amongst other enhancements, including a new per-packet hashing algorithm, the Message Integrity Check (MIC). MIC is based on a weak algorithm, designed to be accommodated on legacy WEP hardware.
TKIP uses MIC for guaranteeing the integrity of an encrypted frame. If more than two MIC failures are observed in a 60 second window, both the Access Point (AP) and client station shut down for 60 seconds. The new TKIP attack uses a mechanism similar to the “chopchop” WEP attack to decode one byte at a time by using multiple replays and observing the response over the air.
When a MIC failure occurs, the attacker can observe the response and waits for 60 seconds to avoid MIC countermeasures. Using the mechanism, the attacker can decode a packet at the rate of one byte per minute. Small packets like ARP frames can typically be decoded in about 15 minutes by leveraging this exploit.
WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it.
Unfortunately, in 2017 an attack method called KRACK (Key Reinstallation AttaCK) was discovered to break WPA2 encryption, allowing a hacker to read information passing between a device and its wireless access point. This technique used a variation of a common – and usually highly detectable – man-in-the-middle attack.
The vulnerability could potentially allow a hacker to spy on your data as well as gain access to unsecured devices sharing the same Wi-Fi network.
In some instances, attackers could also have the ability to manipulate web pages, turning them into fake websites to collect your information or to install malware on your devices.
Michael is an IT security expert with 15 years of proven experience. He has experience leading and supporting security projects and initiatives in the healthcare, finance, and advertising industry.
Get a fully manged enterprise security solution at an affordable price