Hacking Wireless Networks
- Bluetooth operates at a frequency of 2.45GHz and divides the bandwidth into narrow channels to avoid interference with other devices that use the same frequency.
- Bluetooth has been shown to be vulnerable to attack. One early exploit is Bluejacking. It allows an individual to send unsolicited messages over Bluetooth to other Bluetooth devices.
- Bluesnarfing is the theft of data, calendar information, or phone book entries. This means that no one within range can make a connection to your Bluetooth device and download any information they want without your knowledge or permission.
Table FF.8. Wireless Standards and Frequencies
IEEE WLAN Standard
Over-the-Air Estimates
Frequencies
802.11b
11Mbps
2.40002.2835GHz
802.11a
54Mbps
5.7255.825GHz
802.11g
54Mbps
2.40002.2835GHz
802.11n
540Mbps
2.40002.2835GHz
- The 802.11b 802.11g and 802.11n systems divide the usable spectrum into 14 overlapping staggered channels whose frequencies are 5MHz apart.
- Direct-sequence spread spectrum (DSSS) This method of transmission divides the stream of information to be transmitted into small bits. These bits of data are mapped to a pattern of ratios called a spreading code.
- Frequency-hopping spread spectrum (FHSS) This method of transmission operates by taking a broad slice of the bandwidth spectrum and dividing it into smaller subchannels of about 1MHz.
- WPA uses Temporal Key Integrity Protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and adds an integrity-checking feature which verifies that the keys haven't been tampered with. WPA improves on WEP by increasing the IV from 24 bits to 48. Rollover has also been eliminated, which means that key reuse is less likely to occur.
|
Mode |
WPA |
WPA2 |
|---|---|---|
|
Enterprise mode |
Authentication: IEEE 802.1x EAP |
Authentication: IEEE 802.1x EAP |
|
Encryption: TKIP/MIC |
Encryption: AES-CCMP |
|
|
Personal mode |
Authentication: PSK |
Authentication: PSK |
|
Encryption: TKIP/MIC |
Encryption: AES-CCMP |
|
Service |
EAP-MD5 |
LEAP |
EAP-TLS |
EAP-TTLS |
PEAP |
|---|---|---|---|---|---|
|
Server Authentication |
No |
Uses password hash |
Public key certificate |
Public key certificate |
Public key certificate |
|
Supplicant Authentication |
Uses password hash |
Uses password hash |
Smart card or public key certificate |
PAP, CHAP, or MS-CHAP |
Any EAP type such as public key certificate |
|
Dynamic Key Delivery |
No |
Yes |
Yes |
Yes |
Yes |
|
Security Concerns |
Vulnerable to man-in-the-middle attack, session hijack, or identity exposure |
Vulnerable to dictionary attack or identity exposure |
Vulnerable to identity exposure |
Vulnerable to man-in-the-middle attack |
Vulnerable to man-in-the-middle attack |
Virus and Worms
|