Module II: Wireless Threats and Attacks

1. Wireless Threats and Attacks

Definition: Wireless networks are increasingly being used to communicate sensitive data.
However, they come with inherent security vulnerabilities due to their nature of being
broadcasted over the air. Wireless networks, if not properly secured, are prone to various
types of attacks.

Types of Wireless Threats:

• Eavesdropping (Packet Sniffing): Attackers can intercept wireless signals to listen in
on unencrypted data, capturing sensitive information such as usernames, passwords,
and credit card numbers.
• Man-in-the-Middle (MITM) Attacks: Attackers position themselves between the
sender and the receiver and intercept or alter the data being transmitted.
• Rogue Access Points: Unauthorized access points set up by attackers to intercept
traffic. These rogue access points often have names that are similar to legitimate ones
to trick users into connecting to them.
• Denial of Service (DoS): Attackers overload wireless networks with excessive traffic,
causing legitimate users to experience disruption or loss of service.
• Jamming: Attackers flood the radio frequency (RF) spectrum with noise, making it
impossible for legitimate devices to connect to the network.
• Evil Twin Attacks: Attackers create fake access points with identical names to
legitimate networks, fooling users into connecting to them. Once connected, attackers
can intercept data or inject malware into devices.

2. Cracking WEP (Wired Equivalent Privacy)

Definition: WEP is a now-outdated encryption protocol originally designed to secure wireless
networks. It has several known vulnerabilities that make it highly insecure.

Cracking Process:
• Weak Initialization Vectors (IVs): WEP uses a 24-bit IV, which is relatively short. This
makes it easier for attackers to predict and break the encryption after capturing
enough packets.
• Tools for Cracking: Tools like Aircrack-ng and Kismet are commonly used to crack
WEP. These tools exploit the weakness in the IV to break the encryption and gain
access to the network.
Countermeasures:
• Avoid WEP: Replace WEP with WPA2 (Wi-Fi Protected Access 2) or WPA3 encryption,
which are much more secure.
• Longer Keys: Use encryption methods with longer key lengths and more robust
protocols like AES.
3. Denial of Service (DoS) Attacks
Definition: A Denial of Service attack occurs when an attacker disrupts the normal functioning
of a network by overwhelming it with traffic, rendering the service unavailable to legitimate
users.
Types of DoS Attacks:
• Flooding Attacks: Overloading a network or a system with excessive requests, causing
it to slow down or crash. Examples include SYN flood, Ping of Death, and UDP flood
attacks.
• Jamming Attacks in Wireless Networks: Wireless DoS attacks target the radio
frequency spectrum, where the attacker sends interference signals to disrupt the
communication between devices.
• Rogue Device Injection: Attackers can inject rogue devices that flood the network,
making it unresponsive to legitimate devices.

Impact:
• Loss of Service: Critical services can become unavailable, leading to operational
disruption.
• Security Breach: DoS attacks can be a diversion for other malicious activities, such as
data exfiltration or network infiltration.

Mitigation:
• Rate Limiting: Implement mechanisms to limit the number of requests a server can
handle at any given time.
• Intrusion Detection Systems (IDS): Use IDS to detect abnormal network traffic
patterns that could indicate a DoS attack.
• Redundancy: Build redundancy into network infrastructure to ensure availability even
under attack.

4. Network Attacks
Definition: Network attacks target the underlying infrastructure of a network, such as routers,
switches, and the protocols that govern how data is transmitted between devices.

Types of Network Attacks:

• ARP Spoofing (Address Resolution Protocol): Attackers send false ARP messages over
a local network, associating their MAC address with the IP address of a legitimate
device, allowing them to intercept traffic or perform MITM attacks.
• DNS Spoofing: Attackers corrupt a DNS cache with false entries to redirect traffic to
malicious websites. This is often used for phishing attacks or malware distribution.
• Routing Attacks: Manipulating routing tables to redirect network traffic. Attackers can
take control of network traffic, redirecting it to malicious destinations.
• Session Hijacking: The attacker steals an active session token and impersonates a user
to gain unauthorized access to systems.
Impact:

• Loss of Confidentiality: Sensitive data may be intercepted or redirected.

• Loss of Integrity: Attackers may manipulate data in transit.

Mitigation:
• Use of Secure Protocols: Employ secure protocols like HTTPS, SSH, and IPSec to
prevent MITM attacks.

• Static ARP Tables: Configure static ARP tables to avoid ARP poisoning.
• DNSSEC: Deploy Domain Name System Security Extensions (DNSSEC) to protect
against DNS poisoning.

5. Fault Attacks
Definition: Fault attacks are a category of physical attacks that involve introducing errors or
faults into a system to force it to behave incorrectly, exposing its vulnerabilities.

Examples:
• Voltage Faults: Manipulating the voltage supplied to a system to cause computation
errors.

• Clock Faults: Changing the clock speed of a processor to induce malfunctions.

Impact:
• Fault attacks can lead to unauthorized access to encryption keys or leakage of sensitive
information. They are often used in conjunction with cryptographic attacks.

Mitigation:
• Error Detection: Implement error-detection codes that can identify and correct faults
in computation.
• Robust Hardware Design: Use tamper-resistant hardware to mitigate the risk of fault
attacks.

6. Side-Channel Attacks
Definition: Side-channel attacks exploit physical emanations from a system, such as power
consumption, electromagnetic emissions, or timing behavior, to extract sensitive information
like cryptographic keys.
Types:
• Power Analysis: Measuring fluctuations in power consumption to uncover
information about the cryptographic operations being performed.
• Timing Attacks: Observing the time it takes a system to perform operations, such as
encryption, to deduce secret information.
• Electromagnetic (EM) Analysis: Intercepting electromagnetic signals emitted by a
device to gain insights into its operations.
Impact:
• Leakage of Sensitive Information: These attacks can lead to the compromise of
cryptographic keys and other confidential data.

Mitigation:
• Noise Injection: Adding artificial noise to power consumption or timing operations to
obscure side-channel data.
• Constant-Time Algorithms: Implement cryptographic algorithms that execute in
constant time to prevent timing attacks.

• Shielding: Using physical shielding to block electromagnetic emissions.