Wireless AttacksLearn about attacks on wireless communications, from Wi-Fi to Bluetooth.
What we’ll be learning
Wireless communications are great for convenience because they make it much easier to move around with our devices, while still remaining connected. Unfortunately, they also make it easy for attackers to target our networks. With a wired network, an attacker would need physical access to tamper with it, but with wireless networks, they can do it from across the street.
Today, we’ll be learning about attacks targeting or involving wireless communication technologies such as Wi-Fi, Bluetooth, RFID chips, and more. We’ll look at how attackers can exploit and disrupt these technologies for their own gain.
Wi-Fi is essentially a wireless analog to an ethernet cable. Its primary use is to connect endpoints such as computers or tablets, to a router via a wireless access point. Most routers used in the home are wireless routers, which function as both a router and wireless access point.
Evil twin attacks
An evil twin attack is where an attacker will create a malicious Wi-Fi network that looks legitimate. For example, an attacker might go to a coffee shop that provides free Wi-Fi, then set up their wireless access point with a very similar name to the coffee shop’s network. Any unencrypted traffic passing the attacker’s access point can be intercepted by the attacker, making it very useful for Man-in-the-Middle attacks. It’s also possible to create a network that has the exact same name as a legitimate network, and devices will usually try to connect to the stronger access point.
Rogue access points
A rogue access point is a device connected to a network that has not been approved by the network’s administrator. This can be any device, from an employee’s personal phone to a malicious backdoor installed by an attacker who gained physical access to an ethernet port on the network.
Wi-Fi DOS attacks
A Wi-Fi disassociation attack is when an attacker breaks the connection between a victim and a wireless access point. This type of attack involves an attacker posing as the victim, and sending a message to the wireless access point telling it to disassociate from the victim device. This is a type of Denial of Service (DOS) attack.
Wi-Fi uses radio waves to communicate wirelessly, and these radio waves are susceptible to electromagnetic interference. Jamming is when an attacker purposefully uses this interference to interfere with victims’ connections, and such attacks can completely block communication over a channel. Purposefully using electromagnetic interference to jam communications is spectacularly illegal, and will likely incur the wrath of the FCC (or local equivalent), as well as local hobbyist radio operators.
Attacks involving short-range communication
Bluesnarfing and bluejacking
Bluetooth is a technology used for short-range wireless communication. It is commonly used by wireless peripherals such as headphones or computer mice to connect to smartphones and computers.
Bluetooth devices need to be able to find each other in order to work, but this can be exploited by attackers in a technique known as bluesnarfing (yes, really). Bluesnarfing involves looking for Bluetooth devices operating in discovery mode, and attempting to exploit vulnerabilities in OBEX, a protocol for exchanging data between wireless devices, to steal data from the targeted device.
It’s also possible for attackers to send data to a victim’s device. Bluejacking usually involves sending unsolicited messages to a victim’s phone.
Radio-Frequency Identification (RFID) uses radio waves to transmit information from a “tag” that stores the information, to a “reader” that retrieves information from a tag. RFID tags come in both passive and active varieties: Passive tags have no power source of their own, and instead use power wirelessly transferred by the reader to transmit their information, while active tags contain their own power source. Active tags can be read from up to hundreds of meters away, while passive tags have a much shorter range, usually less than a meter.
RFID is generally used for tracking or identifying things, like shipments, animals, toll-tags for cars, or ID cards.
Near-Field Communication (NFC) is similar to RFID in that it is a very short-range method of wireless communication, limited to only a few centimeters. Unlike RFID, NFC can work bidirectionally: A phone, for example, can send or receive data rather than being limited to one or the other.
NFC can be used for making payments, sharing information, authentication, and is even used in some toys.
Both NFC and RFID technology are vulnerable to skimming, where an attacker illicitly accesses the information stored in an RFID tag or transmitted via NFC. Electromagnetic interference can also interfere with RFID and NFC.
Wireless communication technologies are convenient and useful, but also introduce new attack vectors into our communications. Eavesdropping and data theft can be made much easier with wireless communications, and many protocols weren’t necessarily designed with security in mind, meaning we need to take extra precautions when using them.