Wireless and Cellular Networks

Wireless Networks:

• Li-Fi: Uses light for communication, boasting speeds that surpass Wi-Fi.

• Zigbee: A low-energy wireless protocol tailored for IoT devices.

• Satellite: Leverages orbiting satellites for communication.

Zigbee Personal Area Network (PAN)

• Description: A short-range wireless PAN technology tailored for automation, machine-to-machine communication, remote control, and IoT device monitoring.

• Security Features:

  • Supports both centralized and decentralized security models.
  • Relies on securely transmitted symmetric keys (typically encrypted in-transit).

• Potential Vulnerability: During the pre-configuration phase, there's a brief window when a single key might be transmitted without protection.

• Use Cases: Commonly found in IoT and smart home hubs (Amazon Echo, Philips Hue Lights)

Bluetooth & IEEE 802.15

Definition: Bluetooth falls under the IEEE 802.15 standard, commonly known as a Personal Area Network (PAN).

Usage:

• Bluetooth connects devices such as cell phone headsets, mice, keyboards, GPS, and many other gadgets.
• Bluetooth has historically been a target for various exploits, making it a significant wireless security concern. Bluetooth's many vulneraries can be seen with a quick "Bluetooth exploit" Google search.

Connection Setup:

• Devices connect via pairing, where a primary device scans for other devices on the 2.4GHZ radio frequency.

• Pairing typically uses a 4-digit code. This is not primarily a security feature, but rather to prevent accidental connections.

Mobile System Attacks: Bluetooth Vulnerabilities

---

Bluejacking (Annoyance)

Definition: Bluejacking is akin to a digital prank, similar to the real-world "ding-dong-ditch."

How it works:

• Tech-savvy individuals push unsolicited messages to other Bluetooth users within proximity.

• The intent is often to annoy or playfully engage them.

• This exploits a loophole in Bluetooth's messaging options.

Bluejacking is more about mischief than causing harm.

---

Bluesnarfing (Data Theft)

Definition: A serious threat where unauthorized users wirelessly connect to early Bluetooth devices to illicitly access and manipulate data.

How it works:

• The attacker stealthily connects to the device without the owner's knowledge.

• Once connected, they can download and even alter data.

Bluesnarfing directly jeopardizes user data and privacy.

---

Bluebugging

Definition: A more advanced form of Bluesnarfing where attackers gain comprehensive remote control over a Bluetooth device.

How it works:

• The attacker exploits vulnerabilities to control various features and functionalities.

• This can involve activating microphones, using the phone as a surveillance tool, or manipulating device settings.

Bluebugging provides attackers with an alarming amount of control over the victim's device.

SSID Broadcast

Definition: The SSID (Service Set Identifier) is the name of a wireless network.

• Broadcast Mechanism: Wireless networks periodically announce their SSID using a beacon frame.

  The beacon frame regularly advertises the network's SSID.

• Automatic Detection: When the SSID is broadcast, any device with an "automatic detect" setting can discover and potentially connect to the network.

• Hidden SSID: Concealing the SSID is a technique known as "security through obscurity." While it might deter casual users, the SSID can still be detected via client traffic by those who know how to look.

---

TKIP (Temporal Key Integrity Protocol)

Definition: TKIP was introduced as a safer alternative to WEP without necessitating hardware replacements.

• Implementation: Incorporated into the 802.11 standard under the designation "WPA" (Wi-Fi Protected Access).

  While TKIP/WPA was an improvement over WEP, it was later surpassed by more secure protocols.

---

CCMP (Counter Mode with Cipher Block Chaining Message Code Protocol)

Definition: Developed to succeed both WEP and TKIP/WPA, offering a more robust encryption method.

• Technical Details: Utilizes the AES encryption algorithm with a 128-bit key.

• WPA2: Introduced CCMP as its encryption scheme, based on AES. Marked a significant improvement over WEP and WPA.

  WPA2 with CCMP/AES became the gold standard for Wi-Fi security.

---

Authentication Protocols

---

1. EAP (Extensible Authentication Protocol)

Definition: An authentication framework rather than a fixed protocol.

Features:

• Provides flexibility, allowing integration of new authentication methods without replacing existing connection technologies.

  Think of EAP as a framework that accommodates various authentication mechanisms.

• Its extensibility enables the addition of new authentication capabilities to existing hardware without major changes.

---

2. PEAP (Protected EAP)

Definition: An enhanced version of EAP, providing additional protection.

Features:

• Encapsulates various EAP methods within a TLS (Transport Layer Security) tunnel, ensuring secure communication.

PEAP offers increased security by wrapping EAP methods in a protective TLS layer.

---

3. LEAP (Lightweight EAP)

Definition: Cisco's version of EAP, introduced as an alternative security measure for WPA.

Features:

• Served as Cisco's response to TKIP for WPA.

• It was introduced before TKIP became a standard in the 802.11i/WPA2 system.

Though LEAP was an interim solution, it had known vulnerabilities. Use more modern and secure methods.

---

MAC Filtering

Definition: A security mechanism that allows or denies network access to wireless clients based on their MAC addresses.

Key Features:

• Authorized List: Wireless Access Points (WAPs) maintain a list of permitted MAC addresses, ensuring only authorized devices can connect.

• Information: Even if a device knows the SSID, it cannot access the network without a MAC address on the approved list.

• Enhanced Security: MAC filtering adds an extra layer of protection by ensuring only pre-approved devices can join the network.

While effective, MAC filtering is not foolproof. Attackers can spoof MAC addresses.

---

Captive Portals

Definition: A web page displayed to newly connected users before they are granted broader access to network resources.

Features:

• Redirection: Newly connected clients are automatically redirected to the captive portal page.

• Access Control: Often used in public Wi-Fi hotspots (like hotels, airports, or cafes) to ensure users accept terms of service, enter login credentials, or make payments before accessing the internet.

• Example: A page that appears when you connect to a public network is typically a captive portal.

• Additional Security: Helps network administrators control user access, monitor activity, and protect network resources.

Antennas

---

Antenna	Direction	Description	Commonly Used For	Picture
Monopole	Omnidirectional	Single pole antenna. Can send and receive signals in all directions perpendicular to the line of the antenna.	Mobile communication, car radios.
Panel (Patch)	Directional	Flat directional antenna for specific indoor directions.	Indoor wireless access points where directed coverage is needed.
Dipole	Omnidirectional	Antenna with two poles. Provided with most wireless routers and APs. Generates powerful signals in restricted space.	General purpose wireless coverage in homes and small offices.
Loop	Omnidirectional	An antenna made from a loop of conductor with spacing to its center.	Shortwave radios, RFID, some TV antennas.
Cantenna	Directional	A highly directional waveguide antenna made from an open-ended metal can.	DIY projects for boosting Wi-Fi signals, especially for long-range Wi-Fi.
Yagi	Directional	High-gain directional antenna with a dipole, reflector, and multiple directors.	TV receptions and long-distance point-to-point links.
Parabolic	Directional	Dish-shaped antenna that focuses RF energy into a narrow beam. Used for long distances and/or weak sources.	Satellite communications and long-haul microwave links.