Chapter 2 - 06 - Understand Wireless Network-specific Attacks - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician
Information Security Attacks

Exam 212-82

Bluetooth Attacks

Bluesmacking

T

"}

Bluejacking

Bluesnarfing

DoS attack, which

The art of

with
random packets, causes
the devices to crash

over Bluetooth to
Bluetooth-enabled
devices, such as
mobile phones and
laptops

The
i
from a
wireless device
through a Bluetooth
connection

BlueSniff
Proof of concept
code for a
Bluetooth
utility

Bluebugging
Remotely accessing
a
device and
using its features

h 4

BluePrinting

Btlejacking

The art of collecting
information about
Bluetooth-enabled
devices, such as

Detrimental to BLE
devices, it is used to

manufacturer,
device model, and
firmware version

bypass security
mechanisms and
listen to

information being
shared

KNOB Attack
Exploiting a
vulnerability in
Bluetooth to
eavesdrop all the

data being shared,

such as keystrokes,
chats, and
documents

MAC

Spoofing
Attack

Intercepting data
intended for other
Bluetooth-enabled
devices

Man-in-the-Middle
/Impe

Modifying data
between Bluetoothenabled devices
communicating in a
Piconet

Bluetooth Attacks
The following are some Bluetooth device attacks:
=

Bluesmacking: A Bluesmacking attack occurs when an attacker sends an oversized ping
packet to a victim's device, causing a buffer overflow. This type of attack is similar to an
Internet Control Message Protocol (ICMP) ping-of-death attack.

Module 02 Page 331

Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician
Information Security Attacks

Exam 212-82

=

Bluejacking: Bluejacking is the use of Bluetooth to send messages to users without the
recipient's consent, similar to email spamming. Prior to any Bluetooth communication,
the device initiating the connection must provide a name that is displayed on the
recipient's screen. As this name is user-defined, it can be set to be an annoying message
or advertisement. Strictly speaking, Bluejacking does not cause any damage to the
receiving device. However, it may be irritating and disruptive to the victims.

=

Bluesnarfing: Bluesnarfing is a method of gaining access to sensitive data in a Bluetoothenabled device. An attacker within the range of a target can use specialized software to
obtain the data stored on the victim’s device. To perform Bluesnarfing, an attacker
exploits a vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to
exchange

information.

The

attacker

connects

with

the

target

and

performs

a GET

operation for files with correctly guessed or known names, such as /pb.vcf for the
device’s phonebook or telecom /cal.vcs for the device’s calendar file.
=

BlueSniff: BlueSniff is a proof-of-concept code for a Bluetooth wardriving utility. It is
useful for finding hidden and discoverable Bluetooth devices. It operates on Linux.

=

Bluebugging: Bluebugging is an attack in which an attacker gains remote access to a
target Bluetooth-enabled device without the victim’s awareness. In this attack, an
attacker sniffs sensitive information and might perform malicious activities such as
intercepting phone calls and messages and forwarding calls and text messages.

=

BluePrinting: BluePrinting is a footprinting technique performed by an attacker to
determine the make and model of a target Bluetooth-enabled device. Attackers collect
this information to create infographics of the model, manufacturer, etc. and analyze
them to determine whether the device has exploitable vulnerabilities.

=

Btlejacking: A Btlejacking attack is detrimental to Bluetooth low energy (BLE) devices.
The

attacker can

sniff, jam,

and take

control

of the data transmission

between

BLE

devices by performing an MITM attack. Following a successful attempt, the attacker can
also bypass security mechanisms and listen to the information being shared. To
implement this attack, the attacker must use affordable firmware-embedded equipment

and minor software coding.
=

KNOB attack: A Key Negotiation of Bluetooth (KNOB) attack enables an attacker to
breach Bluetooth security mechanisms and perform an MITM attack on paired devices
without being traced. The attacker leverages a vulnerability in the Bluetooth wireless
standard and eavesdrops on all the data being shared in the network, such as
keystrokes, chats, and documents. A KNOB attack is especially detrimental to two
Bluetooth-enabled devices sharing encrypted keys. The attack is launched on shortdistance communication protocols of Bluetooth negotiating the encryption keys
required to be shared between nodes to establish a connection.

=

MAC spoofing attack: A MAC spoofing attack is a passive attack in which attackers spoof
the MAC address of a target Bluetooth-enabled device to intercept or manipulate the
data sent to the target device.

Module 02 Page 332

Certified Cybersecurity Technician Copyright © by EG-Council

All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician
Information Security Attacks

*

Exam 212-82

Man-in-the-Middle/impersonation attack: In an MITM/impersonation attack, attackers

manipulate the data transmitted between devices communicating via a Bluetooth
connection (piconet). During this attack, the devices intended to pair with each other
unknowingly pair with the attacker’s device, thereby allowing the attacker to intercept
and manipulate the data transmitted in the piconet.

Module 02 Page 333

Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician

Exam 212-82

Information Security Attacks

RFID Attacks

D)

Vels

(=}

v’ Attackers perform reverse engineering by gaining access to the chip and reading its memory
contents optically to retrieve the PIN, biometric data, personal information, etc.

Power Analysis
Attack

v’ Atype of side-channel attack that enables attackers to crack passwords by analyzing the
power-consumption patterns of a network device

r

Eavesdropping

v’ Attackers can easily access RFID tag data by eavesdropping on the legitimate transmission

between the tag and RFID reader

RFID Attacks (Cont’d)
MITM

Attack

Itis similarto eavesdropping; the only differenceis that there is no physical
medium in eavesdropping, whereasman-in-the-middle attackers establish
independent connections withinterrogators, tags, and the RFID back-end
system

DoS Attack
E

Attackers flood the RFID system by providing more data thanit
may handle normally, bringing the whole system to a halt

RFID Cloning/Spoofing
Involvescapturing
the data from a legitimate RFID tag
and then creatinga clone of it using a new chip

RFID Attacks
Reverse Engineering

Radio Frequency Identification (RFID)s systems are susceptible to reverse engineering as their
hardware and software components may be easily analyzed and reproduced. To perform
reverse engineering, attackers must detect the vulnerabilities and security flaws in the target
RFID systems.

Module 02 Page 334

Certified Cybersecurity Technician Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician
Information Security Attacks

Exam 212-82

From RFID systems, one may gain information visually by physically opening or breaking the
components and searching for common parts. Through physical inspection, it is possible to find
identifiers such as manufacturer or product codes printed on the device or specifications of the
RFID system.

Attackers may perform reverse engineering by gaining access to the chip and reading its
memory contents optically to retrieve PINs, biometric data, personal information, etc. The
reverse engineering of an RFID tag requires in-depth knowledge of logic gates, electronics, and
cryptography.
Power Analysis Attack
Power analysis is a type of side-channel attack that enables attackers to crack passwords by
analyzing the power-consumption patterns of a network device. The power-consumption
patterns change when an RFID card receives correct and incorrect password bits. By performing
a power analysis attack, attackers may discover the correlation between the power
consumption and internal state of a device.
Attackers perform

power analysis attacks by using a directional antenna

and an oscilloscope.

These devices analyze and collect the information leaked by a device during cryptographic
operation. The attackers then perform static analysis on the collected information to identify
the secret key.
Eavesdropping
Eavesdropping is one of the primary threats to organizations using RFID technology. Attackers
can easily access RFID tag data by eavesdropping on the legitimate transmission between a tag
and an RFID reader. As RFID signals have a range of several meters around the receiver,
attackers may use special antennas and receiving equipment to eavesdrop on radio signals
transmitted from the reader and tag.
MITM

Attack

An RFID system is vulnerable to main-in-the-middle (MITM) attacks because the tags are small

and inexpensive. Furthermore, many RFID tags send and receive data in cleartext. An MITM
attack is similar to an eavesdropping attack; the only difference is that there is no physical
medium in eavesdropping, whereas in MITM attackers establish independent connections with
interrogators, tags, and the RFID back-end system. In an MITM attack, messages are
transmitted between victims, making them believe that they are communicating with each
other directly; however, the entire conversation is controlled by the attacker. To perform this
attack, attackers intercept the communication between the reader and/or tag by falsely
claiming to be an authentic reader or tag.
DoS Attack

A DoS attack is a type of attack in which services are reduced or made unavailable to valid
users. This type of attack is easy to accomplish but difficult to guard against. To perform a DoS
attack on an RFID system, attackers flood the RFID system by providing more data than it may
handle normally, bringing the whole system to a halt. DoS attacks may be performed in various
ways: hacking the RFID tag, RFID reader, and back-end server.
Module 02 Page 335

Certified Cybersecurity Technician Copyright © by EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician
Information Security Attacks

Listed below are some
systems.

Exam 212-82

of the situations in which a DoS attack may be performed
may

physically destroy or remove

on RFID

=

To avoid tracking, attackers
object.

tags attached

to an

=

To prevent the check-out of a particular item, attackers may inactivate the tags in a
warehouse in the supply chain.

=

Attackers may prevent tags from being read.

=

Attackers may jam the return signals from tags if they have a powerful signal generator.

RFID Cloning/Spoofing
RFID cloning involves
it using a new chip.
changing the Tag ID
is different from the
RFIDler, etc. to clone

Module 02 Page 336

capturing the data from a legitimate RFID tag, and then creating a clone of
That means, that data from one RFID tag is copied into another tag, by
(TID) but the form factor and data may remain the same. The cloned copy
original RFID tag and it may be easily detected. Attackers use Proxmark 3,
RFID tags.

Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.