Wireless and Mobile Device Threats
By Shelley M. Latreille
This is a paper that I wrote for my Wireless Networking Class!
Threats that severely impact wired networks also severely impact wireless and mobile networks. There are three threats that can harm both wireless and mobile networks. These threats include data theft threats, device control threats, and system access threats. Data theft threats can include malicious threats such as sniffing (snooping), malicious applications or malware, browser exploits, wireless phishing, and lost or stolen devices. Device control threats can include malicious threats such as unauthorized and modified clients (jailbreaking), ad hoc connections and software-based access points, endpoint attacks, Bluetooth Wi-Fi hacks, and NFC (Near Field Communication) and proximity hacking. System access threats can include malicious threats such as DoS (Denial of Service) attacks, evil twin access points, and rogue access points (Doherty, 2016).
A data theft threat is the theft of data. A hacker will compromise and / or gain access to a device that is using a wireless or mobile network. Hackers, such as these, are more interested in targets of opportunity. They are less interested in initiating attacks on specifically targeted organizations. When executing data theft, hackers search for PII (Personally Identifiable Information). Hackers use PII to identify, contact, and / or locate an individual. Hackers can also use the PII obtained from the individual to obtain business data. Hackers are particularly interested in the credentials for personal and / or business accounts, business and / or personal information, and remote access software for business networks. They also look for access to data and phone services. Two examples of data theft threats on wireless and mobile networks are browser exploits and wireless phishing (Doherty, 2016).
Browser exploits harm wireless and mobile networks. Browser exploits are code that will permit a hacker to misuse flaws and vulnerabilities in browsers and their extensions, websites, applications, and /or third-party plugins, such as JavaScript, ActiveX, and Flash. When a flawed or vulnerable browser visits an infected website, it permits the attacker to take control of the browser. Browsers are used to access the Internet. They provide a way to interact with content such as websites, images, videos, and social media. Browsers interact with websites and applications that might be infected with malicious malware, viruses, code, and other security threats. An exploitation of code takes advantage of unintentional flaws in browser software. A hacker can use an exploit to access networks, elevate privileges, and move laterally through systems. They can damage and / or steal data and money. Hackers can also use packages of exploits, which are called exploit kits. A hacker can penetrate a browser’s defenses when it has one bug in its code or one misconfiguration. This causes a vulnerability to develop which allows the hacker to break into the browser. Hackers will use exploits to collect user credentials, distribute ransomware, execute malware, install malicious crypto mining software, and elevate privileges (Keshet, 2020).
Wireless phishing has similarities to traditional phishing. Wireless phishing can include victims being sent legitimate looking emails that may ask for a credit card number and other sensitive data. The email could also fool a victim into giving up their digital identity, such as an email or social media account. The victim could be forwarded to a fraudulent website where they may be asked for sensitive data. Hackers will also use wireless rogue access points and evil twins to obtain data and information from a victim. A rogue access point is an access point that has been set up and installed on a network with out the IT Department’s approval. An evil twin rogue access point will impersonate a legitimate access point. Hackers force users off the real access point and get them to log into an evil twin rogue access point. The victim will be asked to re-enter their network credentials onto the evil twin rogue access point. Once this occurs, the hackers will have all the information they need to log into the real network using the victim’s credentials. This can be the cause of huge data leaks and thefts for organizations (Shure, 2019).
A device control threat occurs when a hacker attempts to control the actual device. When a hacker can control a device, they will have access to the data it contains. They will also be able to use the device to initiate other attacks and / or control device permissions so that access to targets of greater value can be obtained. An example of a target that is of greater value would be an internal server. Device control threats are performed through lily padding. Lily padding occurs when a hacker “hops” from one device to the next. Each hop will get the hacker closer to their target. Two examples of device control threats on wireless and mobile networks are endpoint attacks and Bluetooth Wi-Fi hacks (Doherty, 2016).
During an endpoint attack, a system or wireless client is attacked instead of a server. User systems are a network’s entry point. Examples of user systems include smartphones, computers, laptops and fixed-function devices. Endpoint attacks can also involve shared folders, NAS (network-attached storage), and hardware such as server systems. Hackers will use the victim’s system to run malicious threats on the wireless network, such as internal or external threats, malware or non-malware, data theft, and system disruptions. Hackers can also gain access to systems when those systems have administrative rights when they shouldn’t, systems that aren’t kept up to date, and systems that haven’t implemented advanced authentication (Dasgupta, 2019). Hackers can also use tools to attack wireless networks, such as Metasploit. Metasploit is used by hackers to probe Wi-Fi clients for vulnerabilities. Once the vulnerabilities are exposed and exploited, the Wi-Fi client is controlled and / or monitored by the hacker (Doherty, 2016).
Bluetooth Wi-Fi hacks occur when Bluetooth is hit by a cyber-attack. Bluetooth technology allows devices, such as smartphones, tablets, portable speakers, digital assistants, wearable fitness trackers, and home security equipment to wirelessly connect to one other through a network. Almost all devices connected via Bluetooth are vulnerable to cyber-attacks. An example of a Bluetooth cyber-attack is Blueborne. Blueborne is spread through the air, which allows hackers to access devices through their Bluetooth. When Bluetooth is activated on a device, hackers can take control of the device and spread malware. The user is unaware that this is occurring. Once the infected device comes into range of another Bluetooth enabled device, the virus will spread from one device to another (Miller, 2019).
System access threats occur when a hacker is interested in gaining access to a network. A hacker may desire to break a network and / or disrupt network access. They may desire to perform these actions to obtain political and / or financial gain. Another reason for this could be that a hacker has received an insult and / or injury and they want to retaliate. Two examples of system access threats on wireless and mobile networks are DoS attacks and rogue access points (Doherty, 2016).
A DoS attack occurs when legitimate users can’t access information systems, devices, or other network resources. This will be due to hackers committing malicious acts, which aren’t allowing the user to access these network resources. Resources and services that can become inaccessible during this attack include email, websites, online accounts, or any other services that rely on the user’s computer or network. A DoS attack causes a flood of traffic until the user’s computer or network can’t respond or crashes. This causes the user to lose access to their computer or network. These attacks can cost individuals and companies a lot of money while services and resources are not accessible to them. When a hacker floods the user’s computer or network with traffic, the hacker sends several requests to the target and it becomes overloaded with this traffic. These service requests are not legit and possess fake return addresses, which mislead the computer or network when it tries to authenticate all the requests. As the bogus requests are continually processed, the computer or network becomes inundated with the requests, which creates a DoS condition (CISA, 2019).
A rogue access point is a wireless access point that has gained unauthorized access to a secure network. The unauthorized access is obtained without authorization from the network team or IT Department. Unauthorized rogue access points will allow the wireless network to be used as a backdoor to access the wired network. Unauthorized rogue access points can be innocently placed in an organization by employees. They may simply want to increase the strength of the wireless signal in their office. Wi-Fi devices brought in by employees can be insecure and bypass network security. Vulnerable authorized access points can be used to perform skyjacking attacks. The access point can be used by remote hackers to change the authorized access point into a malicious rouge one by taking control of it. A hacker can enter an organization’s office and surreptitiously plant an unauthorized rogue access point and cause the network to see it as an authorized access point. Rogue access points can fool MAC addresses that are used by authorized access points. They can also be used to mimic a WLAN’s (Wireless Local Area Network’s) SSID (Service Set Identifier) (Success Center, 2018).
Wireless and mobile networks must avoid the above security threats. To accomplish this, they must always be protected. Employees, organizations, and IT Departments must also be educated on current threats and how to protect devices. Employees should ensure that they know where their devices are so that none get lost or stolen. Devices should have screen locks, password protection, remote locks, data wipes, GPS location and tracking, and stored data encryption. With protection, awareness, and knowledge, devices and networks can be successfully protected against security threats (Doherty, 2016).
References
CISA. (2019, November 20). Security Tip (ST04-015): Understanding Denial-of-Service Attacks. Retrieved
from CISA Cyber + Infrastructure: US Department of Homeland Security:
https://www.us-cert.gov/ncas/tips/ST04-015
Dasgupta, S. (2019, October 9). Ransomware, Phishing and Endpoint Attacks: The Top 3
Cyberthreats [Blog Post]. Retrieved from Security Boulevard / Security Bloggers Network:
https://securityboulevard.com/2019/10/ransomware-phishing-and-endpoint-attacks-the-top-3-cyberthreats/
Doherty, J. (2016). Wireless and Mobile Device Security (1st ed.). Burlington, MA: Jones & Bartlett Learning.
Keshet, Y. (2020, January 28). Browser Exploits – Legitimate Web Surfing Turned Death Trap [Blog
Post]. Retrieved from Cynet:
https://www.cynet.com/blog/browser-exploits-legitimate-web-surfing-turned-death-trap/
Miller, A. (2019, December 17). How to Protect Yourself From Bluetooth Hacking. Retrieved from Vector Security: https://www.vectorsecurity.com/blog/how-to-protect-yourself-from-bluetooth-hacking
Shure, V. (2019, January 10). Phishing at the Confluence of Digital Identity and Wi-Fi Access.
Retrieved from Ruckus:
Success Center. (2018, November 08). What are rogue Access Points (AP)? Retrieved from SolarWinds:
https://support.solarwinds.com/SuccessCenter/s/article/What-are-rogue-Access-Points-AP
