Major Security Threats in Wireless Networks

Santosh K. Pandey
Department of Information Technology
Board of Studies, The Institute of Chartered Accountants of India, Noida- 201301
E Mail: [email protected]

Signals in wireless networks are omni directional and spread beyond the desired coverage
area. Due to this weakness, many active and passive methods are available for doing
attacks in wireless network transmission. Inserting the data into wireless networks or
modifying any transmitted data is called active method whereas passive methods include
monitoring the traffic in promiscuous mode to get information about wireless networks.
With the availability of various software, it is very easy to attack on wireless networks.
Major security threats which are possible in wireless networks are as follows:

· Active Scanning / Probing Threat:

The most common threat of wireless networks is doing attack by Active software
like Net Stumber (for Windows) and Dstumber (for Unix/ Linux). These software
works on the method of active scanning. Attacks transmit the probe request to
find any access point. If any access point is available, it will transmit probe
response for that request. This response frame consists of SSID,
Source/Destination MAC Address. Once attack captures this response frame,
he/she has all the necessary information to enter in the network. Hence, if there is
not any strong authentication mechanism, attackers may easily enter in the
network.
In another scenario, if access point is using open system authentication, then also
the attacker has no problem to join the network. On the third scenario, if access
point is using ‘Shared Key Authentication’, which is based on encrypted
challenge-response mechanism, the job of attacker becomes a bit tough, but not
impossible.

· Spoofing Threat:
Another major threat in wireless networks is ‘MAC Address Spoofing’ which
alters the manufacture assigned MAC address to any other value. This is
conceptually different than traditional IP address spoofing where an attacker
sends data from any arbitrary source address and does not expect to see a response
to their actual source IP address. An attacker may choose ‘MAC Address
Altering’ for several reasons, e.g. to bypass access control list, to impersonate an
already authenticated user or disguising his/her presence on the network.

· 802.11 Beacon Flood Threat:

This technique requires generating thousands of counterfeit/fake 802.11 beacon
frames and then transmits them on the network. Beacon frame contains the
information about SSID of the network. Hence, it becomes difficult for the client
to choose correct SSID to find a legitimate AP. There are several tools available
to generate and transmit the fake beacon frames. The famous tool for such a
activity is Fake-AP (for both Windows and Linux).
 · Authentication/ De Authentication Flood Threat:
In this, the attacker broadcasts the association or authentication request frames
from the fake addresses to either access point (infrastructure mode) or to clients
(ad-hoc mode). So, access point or client sends reply and keep the information
about that request for some time in memory and wait for response, which is never
going to come. Thus they are loaded with false authentication/ de-authentication
requests and legitimate entities are put on hold for sometime, hence denying
services to them. Air Jack and Void 11 are the tools which are used to achieve this
effect.

· Threat from Unauthorized Devices:

In case of wireless networks, unauthorized access are not only limited to clients,
but it is also applicable to access points. Sometimes, an authorized person, due to
intruder/malicious users does not plant these access points. Once planted, this
rouge access point is configured to operate on higher broadcasting power and
poses itself as a valid access point. Sometimes, the legitimate users plant access
point to improve their coverage. Attackers use wireless networks analyzing tools
for this purpose. If the access point is established within firewalled network, it
creates a backdoor within that network.

· Jamming Threat:
One of the most famous security threats for wireless networks is jamming. In this,
the attacker operates on the same frequency and channel of the target network.
He/she operates at higher power, thus disabling the actual access point.
Sometimes, the network arrives at standstill position and user fears that network is
attacked. This may happen because other equipments use microwave signals, e.g.
microwave oven or remote controls, cordless phones, etc.

· ‘Man in the Middle’ Threat:

Wireless networks are also prone to ‘Man in the Middle’ attack. In this, an
attacker sends management frames to client and force them dissociate from valid
access point and prompt them to join another fake access point setup by an
attacker posing as valid access point.

In this article, various security threats of wireless networks are discussed. We have also
tried to analyze them and see ‘how different software tools help the attacker to do attack
in wireless networks’. Intelligent access points can have better control and can impose
better security constraints. In future, we may have clients with secure authentications by
default and the intelligent access points having the user profile and working pattern
known. Hence, it will be able to differentiate the attacker from a normal user. Hence, it
becomes necessary to have an standardized hardware and software combined solution to
overcome these security threats in wireless networks.