Wireless Hacking Tools

Category: IT,Computer,Technology,Programming Free PDF
Tag: Security
Description

Wireless Hacking Tools Author: Michael Roche

mroche@wustl.edu Abstract: This paper is a survey of wireless attack tools focusing on 802.11 and Bluetooth. It includes attack tools for three

major categories: confidentiality, integrity, and availability. Confidentiality attack tools focus on the content of the

data and are best known for encryption cracking. Integrity attacks tools focus on the data in transmission and

include frame insertion, man in the middle, and replay attacks. Finally, availability attack tools focus on Denial of

Service (DoS) attacks. Table of Contents

1.0 Introduction

1.1 Wireless Attack Tools

2.0 Confidentiality Attacks

2.1 Confidentiality Attack Tools

3.0 Integrity Attacks

3.1 Integrity Attack Tools

4.0 Availability Attacks

4.1 Availability Attack Tools

5.0 Bluetooth Attacks

5.1 Bluetooth Attack Tools

Summary

References

List of Acronyms

1.0 Introduction There are three main principles to computer network security. They are confidentiality, integrity, and availability.

All three concepts are needed, to some extent, to achieve true security. Not using all three concepts in the security

of the network will leave it vulnerable to attacks. Attackers strive to compromise one or more of the three main

security principles.

[1] The basic definition of confidentiality is assuring that sensitive information will be kept secret and access limited to

the appropriate persons. In network security, confidentiality can be achieved with data encryption. Data encryption

scrambles plaintext data into unreadable cipertext data.

Integrity can be defined as unimpaired, complete, undivided, or unbroken. In network security this means that the

message has not been tampered. No portion of the message has been removed, rearranged, or changed. The basic

security measure to ensure integrity is to generate a cryptographic checksum of some sort to guarantee the message

is unaltered.

Finally, availability means that data should be accessible and usable upon demand by an authorized user or process.

An availability attack consists of some sort of Denial of Service (DoS) attack. A DoS attack prevents the user or

device from accessing a particular service or application.

Wireless Hacking Tools http://www.cse.wustl.edu/~jain/cse571-07/ftp/wireless_hacking/

2 of 12 12/19/2007 5:16 PM

Having strong network security does not mean one can prevent the network from being attacked. It simply means

that the security mechanisms implemented are just that secure and have not been broken yet. Computer and network

security is constantly evolving. Strong security mechanisms must also evolve. As older mechanisms are broken or

cracked, new ones must be developed. 1.1 Wireless Attack Tools Many of the wireless attack tools are developed to compromise 802.11 networks. The popularity and widespread

use of Wi-Fi gives the attacker a platform in which they can cause the most disruption. As other technologies gain

popularity and usefulness, the more attack tools are developed for those technologies.

The wireless attack tools can be categorized, for the most part, as one that attacks the confidentiality, integrity, or

availability of a network. This paper is organized as follows: first confidentiality attacks will be discussed and

examples of wireless hacking tools will be given in section two. Then integrity attacks and availability attacks will

follow in sections three and four. Specific Bluetooth attacks and hacking tools will be discussed in section five.

Back to Table of Contents 2.0 Confidentiality Attacks The confidentiality attacks attempt to gather private information by intercepting it over the wireless link. This is

true whether the data is encrypted or sent in the clear. If the data is encrypted, these attacks would include breaking

the encryption and finding the key. Additionally, eavesdropping, key cracking, access point (AP) phishing, and man

in the middle attacks are including in this category.

Eavesdropping is intercepting or sniffing the transmitted network traffic. This is capturing the bits transmitted on

the physical layer, but many commercial programs will format the data into a user friendly way. This makes

understanding the data much easier. If encryption is used, one will only see the encrypted data while sniffing. There

are other tools available to crack certain encryption techniques. These tools also are considered confidentiality

attack tools.
Beyond simply capturing and displaying the packets from the physical layer, many of the sniffing programs have

filters and plugins installed that have the ability to manipulate the data creating a man in the middle attack. For

example, a sniffing program can have a filter running that will replace the https (secure website) with http

(non-secure). As a result, the victim's authentication would appear in the clear across the physical layer. The

eavesdropper would be able to see both the username and password for the login.

Another example of a man in the middle attack would be to downgrade the encryption used. It is possible to

rollback the Microsoft Challenge-handshake Authentication Protocol (MSCHAP2) encryption to MSCHAP1,

which is a weaker encryption, and then rollback further to plain text for Microsoft's Point to Point Tunneling

Protocol over a Virtual Private Network. This involves using a man in the middle attack tools to alter the handshake

messages between the client and server.