Systems and Security : Attacks, Threats, and Vulnerabilities

1.4 Wireless Attacks and It's Indicators

Wireless attacks are security breaches that occur on wireless networks and devices. Some common types of wireless attacks include:

Evil twin: This is when a malicious actor creates a fake wireless access point that looks identical to a legitimate one. The attacker uses this access point to intercept sensitive information transmitted over the network.

Rogue access point: This is an unauthorized wireless access point that has been installed on a network. Rogue access points can be used to steal sensitive information or launch attacks on the network.

Bluesnarfing: This is a type of Bluetooth attack where an attacker accesses and steals information from a target's Bluetooth-enabled device.

Bluejacking: This is a less malicious form of Bluetooth attack where an attacker sends unsolicited messages to nearby Bluetooth-enabled devices.

Disassociation: This is an attack where an attacker sends disassociation packets to a wireless network, disconnecting legitimate users from the network.

Jamming: This is an attack where an attacker sends disruptive signals to a wireless network, causing it to stop functioning.

Radio frequency identification (RFID) and near-field communication (NFC) attacks: These attacks target wireless technologies used for contactless payment systems and other applications.

NFC (Near-field communication) is a technology for short-range wireless data exchange. It allows for communication between two devices that are close to each other, typically less than 10 cm apart. In an NFC attack, the attacker seeks to exploit vulnerabilities in the communication between the two devices in order to access sensitive information or take control of one of the devices.

This can be done through techniques such as cloning the NFC-enabled device, intercepting the communication between the devices, or compromising the security of the NFC-enabled device. It is important to take steps to secure NFC-enabled devices and communications to protect against these types of attacks.

Initialization vector (IV) attack: This is an attack on wireless encryption protocols that can compromise the confidentiality and integrity of transmitted data.

On-path attack (previously known as man-in-the-middle attack/ man-in-the-browser attack)

A man-in-the-middle (MITM) or on-path attack is a type of network attack where the attacker intercepts communication between two parties in order to eavesdrop, modify, or redirect the traffic. In a MITM attack, the attacker is positioned between the sender and the receiver, allowing them to read, modify, or even block the communication between the two. This type of attack is often facilitated by exploiting vulnerabilities in network protocols, using rogue access points or wireless hotspots, or compromising endpoints through malware or phishing attacks. The goal of a MITM attack can vary from stealing sensitive information to modifying the content of the communication for malicious purposes.

Layer 2 attacks

1. Address Resolution Protocol (ARP) poisoning
2. Media access control (MAC) flooding
3. MAC cloning

Layer 2 attacks are a type of network attack that target the data link layer (layer 2) of the OSI model. They take advantage of weaknesses in the data link layer protocols to gain unauthorized access to the network.

1. ARP poisoning: ARP poisoning involves corrupting the ARP cache of a device by associating the attacker's MAC address with the IP address of another device on the network. This allows the attacker to intercept and manipulate network traffic intended for the other device.

2. MAC flooding: MAC flooding is an attack where the attacker sends a large number of packets to the switch, with different source MAC addresses. The switch will keep a table of these addresses and will eventually run out of memory, causing the switch to become overwhelmed and stop functioning.

3. MAC cloning: MAC cloning is an attack where the attacker copies the MAC address of a legitimate device on the network. This allows the attacker to gain unauthorized access to the network and launch further attacks.