SY0-501 Section 3.4-Explain types of wireless attacks.

Wireless networking, more commonly termed as Wi-Fi, is the technology that opens your PDA or laptop computer to the world. However this technology is quite vulnerable to many exploits. A malicious intruder can use the most basic software to detect and capture the signal of your wireless device, along with usernames, passwords, emails and other data you would prefer to keep confidential.

An intruder doesn’t have to be inside of your home or office building to manipulate a wireless signal. For example, they could be sitting outside in their car sniffing out your data all while enjoying a sandwich. Before they have a chance to complete the meal, the intruder can learn just who you work for, how to access the companynetwork or even transfer money out of your bank account if the right security is not implemented.

Being that wireless technology is so vulnerable, it is important that you take various measures to protect your personal information.

Access control attacks

These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls.

Confidentiality attacks

These attacks attempt to intercept private information sent over wireless associations, whether sent in the clear or encrypted by 802.11 or higher layer protocols.

Integrity attacks

These attacks send forged control, management or data frames over wireless to mislead the recipient or facilitate another type of attack (e.g., DoS).

Authentication attacks

Intruders use these attacks to steal legitimate user identities and credentials to access otherwise private networks and services.

Availability attacks

These attacks impede delivery of wireless services to legitimate users, either by denying them access to WLAN resources or by crippling those resources.

Near field communication

Near field communication (NFC) is a technology that requires a user to bring the client close to the AP in order to verify (often through RFID or Wi-Fi) that the device is present. It can also be used to “bump” phones and send data from one to another.

Replay attacks

Replay attacks are becoming quite common. They occur when information is captured over a network. A replay attack is a kind of access or modification attack. In a distributed environment, logon and password information is sent between the client and the authentication system. The attacker can capture the information and replay it later. This can also occur with security certificates from systems such as Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system and circumvent any time sensitivity.

Figure 3.2 shows an attacker presenting a previously captured certificate to a Kerberosenabled system. In this example, the attacker gets legitimate information from the client and records it. Then the attacker attempts to use the information to enter the system. The attacker later relays information to gain access.

FIGURE 3.2 A replay attack occurring

If this attack is successful, the attacker will have all of the rights and privileges from the original certificate. This is the primary reason that most certificates contain a unique session identifier and a time stamp. If the certificate has expired, it will be rejected and an entry should be made in a security log to notify system administrators.


attacks Wireless Application Protocol (WAP) is a technology designed for use with wireless devices. WAP has become a data transmission standard adopted by many manufacturers, including Motorola and Nokia. WAP functions are equivalent to TCP/IP functions in that they’re attempting to serve the same purpose for wireless devices. WAP uses a smaller version of HTML called Wireless Markup Language (WML), which is used for Internet displays. WAPenabled devices can also respond to scripts using an environment called WMLScript. This scripting language is similar to the Java programming language.

The ability to accept web pages and scripts allows malicious code and viruses to be transported to WAP-enabled devices. The gateway converts information back and forth between HTTP and WAP as well as encodes and decodes between the protocols. This structure provides reasonable assurance that WAP-enabled devices can be secured. If the interconnection between the WAP server and the Internet isn’t encrypted, packets between the devices may be intercepted, referred to as packet sniffing, creating a potential vulnerability. This vulnerability is called a gap in the WAP (the security concern that exists when converting between WAP and SSL/TLS and exposing plain text). It was prevalent in versions of WAP prior to 2.0.

WPS attacks

To simplify network setup, a number of small office and home office (SOHO) routers use a series of EAP messages to allow new hosts to join the network and use WPA/WPA2. Known as Wi-Fi Protected Setup (WPS), this often requires the user to do something in order to complete the enrollment process: press a button on the router within a short time period, enter a PIN, or bring the new device close-by (so that near field communication can take place). Near field communication (NFC) is a technology that requires a user to bring the client close to the AP in order to verify (often through RFID or Wi-Fi) that the device is present. It can also be used to “bump” phones and send data from one to another. Unfortunately, WPS attacks have become commonplace, as the technology is susceptible to brute-force attacks used to guess the user’s PIN. Once an attacker gains access, they are then on the Wi-Fi network. For that reason, we suggest that you disable WPS in devices that allow it (and update firmware in those where it is a possibility).