Chapter 2 - 06 - Understand Wireless Network-specific Attacks - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Bluetooth Attacks T Bluesmacking Bluejacking DoS attack, which The art of with random packets, causes the devices to crash over Bluetooth to Bluetooth-enabled devices, such as mobile phones and laptops Bluesnarfing The i fro...

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Bluetooth Attacks T Bluesmacking Bluejacking DoS attack, which The art of with random packets, causes the devices to crash over Bluetooth to Bluetooth-enabled devices, such as mobile phones and laptops Bluesnarfing The i from a wireless device through a Bluetooth connection BlueSniff Proof of concept code for a Bluetooth utility Bluebugging Remotely accessing a device and using its features h 4 BluePrinting Btlejacking The art of collecting information about Bluetooth-enabled devices, such as Detrimental to BLE devices, it is used to device model, and firmware version information being shared manufacturer, bypass security mechanisms and listen to KNOB Attack Exploiting a vulnerability in Bluetooth to eavesdrop all the data being shared, such as keystrokes, chats, and documents MAC Spoofing Attack Intercepting data intended for other Bluetooth-enabled devices Modifying data between Bluetooth- enabled devices communicating in a Piconet Bluetooth Attacks The following are some Bluetooth device attacks: = Bluesmacking: A Bluesmacking attack occurs when an attacker sends an oversized ping packet to a victim's device, causing a buffer overflow. This type of attack is similar to an Internet Control Message Protocol (ICMP) ping-of-death attack. Module 02 Page 331 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 = Bluejacking: Bluejacking is the use of Bluetooth to send messages to users without the recipient's consent, similar to email spamming. Prior to any Bluetooth communication, the device initiating the connection must provide a name that is displayed on the recipient's screen. As this name is user-defined, it can be set to be an annoying message or advertisement. Strictly speaking, Bluejacking does not cause any damage to the receiving device. However, it may be irritating and disruptive to the victims. = Bluesnarfing: Bluesnarfing is a method of gaining access to sensitive data in a Bluetoothenabled device. An attacker within the range of a target can use specialized software to obtain the data stored on the victim’s device. To perform Bluesnarfing, an attacker exploits a vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information. The attacker connects with the target and performs a GET operation for files with correctly guessed or known names, such as /pb.vcf for the device’s phonebook or telecom /cal.vcs for the device’s calendar file. = BlueSniff: BlueSniff is a proof-of-concept code for a Bluetooth wardriving utility. It is useful for finding hidden and discoverable Bluetooth devices. It operates on Linux. = Bluebugging: Bluebugging is an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim’s awareness. In this attack, an attacker sniffs sensitive information and might perform malicious activities such as intercepting phone calls and messages and forwarding calls and text messages. = BluePrinting: BluePrinting is a footprinting technique performed by an attacker to determine the make and model of a target Bluetooth-enabled device. Attackers collect this information to create infographics of the model, manufacturer, etc. and analyze them to determine whether the device has exploitable vulnerabilities. = Btlejacking: A Btlejacking attack is detrimental to Bluetooth low energy (BLE) devices. The attacker can sniff, jam, and take control of the data transmission between BLE devices by performing an MITM attack. Following a successful attempt, the attacker can also bypass security mechanisms and listen to the information being shared. To implement this attack, the attacker must use affordable firmware-embedded equipment and minor software coding. = KNOB attack: A Key Negotiation of Bluetooth (KNOB) attack enables an attacker to breach Bluetooth security mechanisms and perform an MITM attack on paired devices without being traced. The attacker leverages a vulnerability in the Bluetooth wireless standard and eavesdrops on all the data being shared in the network, such as keystrokes, chats, and documents. A KNOB attack is especially detrimental to two Bluetooth-enabled devices sharing encrypted keys. The attack is launched on shortdistance communication protocols of Bluetooth negotiating the encryption keys required to be shared between nodes to establish a connection. = MAC spoofing attack: A MAC spoofing attack is a passive attack in which attackers spoof the MAC address of a target Bluetooth-enabled device to intercept or manipulate the data sent to the target device. Module 02 Page 332 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks * Exam 212-82 Man-in-the-Middle/impersonation attack: In an MITM/impersonation attack, attackers manipulate the data transmitted between devices communicating via a Bluetooth connection (piconet). During this attack, the devices intended to pair with each other unknowingly pair with the attacker’s device, thereby allowing the attacker to intercept and manipulate the data transmitted in the piconet. Module 02 Page 333 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks RFID Attacks D) Vels (=} v’ Attackers perform reverse engineering by gaining access to the chip and reading its memory contents optically to retrieve the PIN, biometric data, personal information, etc. Power Analysis Attack v’ Atype of side-channel attack that enables attackers to crack passwords by analyzing the power-consumption patterns of a network device r Eavesdropping v’ Attackers can easily access RFID tag data by eavesdropping on the legitimate transmission between the tag and RFID reader RFID Attacks (Cont’d) MITM Attack Itis similarto eavesdropping; the only differenceis that there is no physical medium in eavesdropping, whereasman-in-the-middle attackers establish independent connections withinterrogators, tags, and the RFID back-end system DoS Attack E Attackers flood the RFID system by providing more data thanit may handle normally, bringing the whole system to a halt RFID Cloning/Spoofing Involvescapturing the data from a legitimate RFID tag and then creatinga clone of it using a new chip RFID Attacks Reverse Engineering Radio Frequency Identification (RFID)s systems are susceptible to reverse engineering as their hardware and software components may be easily analyzed and reproduced. To perform reverse engineering, attackers must detect the vulnerabilities and security flaws in the target RFID systems. Module 02 Page 334 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 From RFID systems, one may gain information visually by physically opening or breaking the components and searching for common parts. Through physical inspection, it is possible to find identifiers such as manufacturer or product codes printed on the device or specifications of the RFID system. Attackers may perform reverse engineering by gaining access to the chip and reading its memory contents optically to retrieve PINs, biometric data, personal information, etc. The reverse engineering of an RFID tag requires in-depth knowledge of logic gates, electronics, and cryptography. Power Analysis Attack Power analysis is a type of side-channel attack that enables attackers to crack passwords by analyzing the power-consumption patterns of a network device. The power-consumption patterns change when an RFID card receives correct and incorrect password bits. By performing a power analysis attack, attackers may discover the correlation between the power consumption and internal state of a device. Attackers perform power analysis attacks by using a directional antenna and an oscilloscope. These devices analyze and collect the information leaked by a device during cryptographic operation. The attackers then perform static analysis on the collected information to identify the secret key. Eavesdropping Eavesdropping is one of the primary threats to organizations using RFID technology. Attackers can easily access RFID tag data by eavesdropping on the legitimate transmission between a tag and an RFID reader. As RFID signals have a range of several meters around the receiver, attackers may use special antennas and receiving equipment to eavesdrop on radio signals transmitted from the reader and tag. MITM Attack An RFID system is vulnerable to main-in-the-middle (MITM) attacks because the tags are small and inexpensive. Furthermore, many RFID tags send and receive data in cleartext. An MITM attack is similar to an eavesdropping attack; the only difference is that there is no physical medium in eavesdropping, whereas in MITM attackers establish independent connections with interrogators, tags, and the RFID back-end system. In an MITM attack, messages are transmitted between victims, making them believe that they are communicating with each other directly; however, the entire conversation is controlled by the attacker. To perform this attack, attackers intercept the communication between the reader and/or tag by falsely claiming to be an authentic reader or tag. DoS Attack A DoS attack is a type of attack in which services are reduced or made unavailable to valid users. This type of attack is easy to accomplish but difficult to guard against. To perform a DoS attack on an RFID system, attackers flood the RFID system by providing more data than it may handle normally, bringing the whole system to a halt. DoS attacks may be performed in various ways: hacking the RFID tag, RFID reader, and back-end server. Module 02 Page 335 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Listed below are some systems. Exam 212-82 of the situations in which a DoS attack may be performed may physically destroy or remove on RFID = To avoid tracking, attackers object. tags attached to an = To prevent the check-out of a particular item, attackers may inactivate the tags in a warehouse in the supply chain. = Attackers may prevent tags from being read. = Attackers may jam the return signals from tags if they have a powerful signal generator. RFID Cloning/Spoofing RFID cloning involves it using a new chip. changing the Tag ID is different from the RFIDler, etc. to clone Module 02 Page 336 capturing the data from a legitimate RFID tag, and then creating a clone of That means, that data from one RFID tag is copied into another tag, by (TID) but the form factor and data may remain the same. The cloned copy original RFID tag and it may be easily detected. Attackers use Proxmark 3, RFID tags. Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser