- Replay Attack
- Evil Twin/Rogue AP
- WPS Attack
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
An example of this would be an attacker capturing part of a communication stream and then
later sending that communication stream to the server while pretending to be the client.
Rogue Access Points
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator or has been created to allow an attacker to conduct a man-in-the-middle attack
If you notice an unauthorized wireless access point attached to your network, you should unplug the Ethernet cable from the wireless access point.
Port Security can prevent the installation of rogue access points.
Evil Twin is a term for a rogue, or counterfeit, Wi-Fi access point that appears to be a legitimate one offered on the premises. These WAPs have been set up by a hacker to eavesdrop on wireless communications among Internet surfers.
Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
Wireless jamming can easily occur on a network because wireless traffic traverses over an otherwise easily accessible medium, air.
A frequency can be clogged with large amounts of illegitimate traffic, preventing the access point from identifying legitimate traffic.
Can also happen accidentally, as many commercial products operate on the 2.4GHz frequency.
WPS can utilize a pin which is inherently unsecure and easily brute-forced. This type of attack is possible because of the simple nature of the pin.
A WPS pin is considerably easy to brute-force as it is just made of several digits.
A WPS pin can be broken in just a few hours.
Bluejacking and Bluesnarfing
Bluejacking is when unsolicited messages are sent to Bluetooth-enabled phones.
Bluesnarfing allows hackers to gain access to data stored on a Bluetooth enabled phone using Bluetooth wireless technology without alerting the phone’s user of the connection made to the device.
Only specific older Bluetooth enabled phones are susceptible to bluesnarfing.
NFC is a short ranged wireless communication, that can be tampered with like any other wireless communication.
Has the benefit of being shorter range, and thus harder to intercept.
Many attacks can be performed against an NFC communication:
Eavesdropping: Simply listening in to traffic.
Replay: Data is replayed to emulate older traffic.
MitM: An attacker intercepts NFC traffic, changes or monitors it, and forwards it to its final destination.
A disassociation attack, (also known as a deauthentication attack) is when an attacker manages to cause a user’s connection to Wi-Fi to get broken, or deauthenticated.
The attacker can accomplish this by spoofing the legitimate user’s MAC address and sending a deauthentication (think logging out) frame to the wireless access point.
There have been multiple cases of public businesses performing these attacks on their guests in an attempt to for them to pay for the business’ Wi-Fi.