Known Attacks

Known Attacks

Identifying known attacks requires research of security-related Web sites, papers, and trade journals. Although currently known attacks are few in number, relative to wired systems, they are likely to grow as wireless systems become more prevalent and provide a richer target for the attacker community. The known attacks we cover here are specific to the wireless portions of the system. The Web servers, backend servers, and gateways are all subject to known attacks specific to their hardware platform, operating systems, and ancillary applications. The importance of specifically examining known attacks separate from theoretical attacks is that known attacks are likely to be attempted by an attacker when targeting a wireless system. Therefore, known attacks deserve a higher priority when making trade-offs during the next I-ADD phase.

Device Theft

Device theft is just as it sounds, the physical theft of the device by an attacker. Fortunately, this is not a concept new or unique to wireless devices or systems, so the need for protection of wireless devices and systems against physical theft is intuitive to device and system manufacturers. Unfortunately, devising devices or systems resistant to theft is very difficult.

Several mitigations can be employed to minimize the threat. We will not spend much time stating the obvious, such as locking and alarming rooms that house equipment.

The Man in the Middle

The attacker, by interjecting herself between the user and the server, accomplishes the well-known man-in-the-middle network attack. This interjection is done by gaining physical access to the logical or physical path between the user and the server, such as sitting at the user or server's access point to the network. Alternatively, this can be used to spoof the user to the server and the server to the user. In both scenarios, the attacker has complete access to the communications between the user and the server.

War Driving

In the 1980s, malicious types began war dialing, calling phone numbers at random in an attempt to locate unprotected modems and gain access to networks. The early 2000s version of war dialing is war driving, roaming around with a laptop, wireless NIC, and an antenna and attempting to gain access to wireless networks. As we have discussed, the vast majority of wireless networks deployed do not use WEP or use WEP without implementing RSA's Fast Packet Keying solution to (more or less) security. With a $100 150 wireless NIC set in promiscuous mode and a cheap parabolic grid antenna from Radio Shack, hackers have gained access to thousands of wireless networks across the United States. In populated areas, war drivers have used simple GPS applications in combination with the wireless NIC and antennae and have successfully mapped the location of thousands of wireless networks to which they can gain access. No esoteric software or hardware is required. A software application called AirSnort has the ability to analyze the intercepted WEP traffic and, after collecting enough data, even determine the root password for the wireless system.

Denial of Service

Denial of service is a class of attacks that take many forms, from subtle to obvious. An obvious denial of service attack against a wireless system would be to sever the coax cable on the tower between the transceiver and the antenna. This definitely would deny service to anyone wanting to use that particular tower. A more subtle attack would be to tie up the system with service requests or to spread a bogus e-mail such as "New and Destructive Virus," explaining that you should e-mail everyone you know so that they can protect themselves. The desired result is that the system becomes so bogged down with these e-mails that legitimate traffic cannot be accommodated.

Another popular denial of service attack is the "Please help, my child is dying." An e-mail is sent saying that someone, usually a hapless child, is suffering from a terrible affliction. The e-mail goes on to say that a corporation has agreed to provide X amount for every e-mail it receives regarding this child, so please forward this e-mail to everyone you know so that this child can be saved. The desired result is to overwhelm the corporation's servers and cause them to crash.

The DoCoMo E-Mail Virus

As of the writing of this chapter, there have been two similar virus attacks against Japan's DoCoMo cellular system. These attacks are viruses that can be downloaded into multifunction cellular phones. The viruses cause the user's phone to automatically dial a number, such as 911, tying up both the cellular and 911 systems. With little imagination, you can see how this type of activity can have far-reaching and dire consequences.

 



Wireless Security and Privacy(c) Best Practices and Design Techniques
Wireless Security and Privacy: Best Practices and Design Techniques
ISBN: 0201760347
EAN: 2147483647
Year: 2002
Pages: 73

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net