Penetration Test

Wireless Exploits

WIRELESS AND RF VULNERABILITIES

• Wireless and RF vulnerabilities
  • Broadcast is wide open
  • aircrack-ng
• Evil twin - rogue WAP used to eavesdrop
  • Karma attack (Karma Attacks Radio Machines Automatically)
  • Downgrade attack - attempt to negotiate a more insecure protocol
• Deauthentication attacks
  • DoS attacks, disrupt communication between user and WAP
• Fragmentation attacks
  • DoS attack, floods a network with datagram fragments
• Credential harvesting
  • Process of capturing or discovering valid login
  • Social engineering, etc
• WPS implementation weaknesses
  • Several consumer grade WAPs could allow an attacker to learn the WPS PIN

OTHER WIRELESS VULNERABILITIES

• Bluejacking
  • Unsolicited messages to a Bluetooth - enabled device
• Bluesnarfing
  • Stealing information from Bluetooth - enabled device
• RFID Cloning
  • Unauthorized copy of device's RF signal
• Jamming
  • DoS attack, disables communication among devices
• Repeating
  • Receiving and retransmitting a signal to increase range

QUICK REVIEW

• Anyone can receive wireless traffic - unencrypted means anyone can read it
• Evil twins can trick users into using your access point instead of a valid one
• Multiple attacks are emerging for Bluetooth devices
• IoI makes wireless vulnerabilities much more prevalent