Overview of wireless security¶
Wireless Security is a ubiquitous discipline in the huge knowledge system of information security. In modern society, electronic products depend largely on various wireless technologies, such as:
- Near Field Communication (NFC)
- Bluetooth (BLE)
- Radio Frequency (RF)
- Industrially Controlled Wireless Transmission (ZigBee)
- Wireless LAN (WiFi)
- Cell Phone Cellular Network (Cellular)
- Satellite Positioning (GPS)
- Satellite Communication (SATCOM)
As various devices increasingly depend on wireless technology, security aspects including transmission, authentication, and encryption in wireless communication is becoming more and more relevant. Therefore, using wireless communication technologies and ensuring its security is a matter of contemplation by every professional in R&D, product, and security research.
Wireless Attack Methods¶
Wireless attacks start from an attempt to intrude in the wireless channel and finally enable the attacker to connect to the channel and implement signal control. The attacker can go deeper by performing penetration tests with the established connection. Security evaluations should be carried out against the following attack methods.
Wireless Packet Sniffing¶
The attacker uses a monitoring equipment with the same working frequency as the target wireless system to collect total wireless packets, perform reverse analysis and finally to decipher the data. For example, a wireless adapter is used to monitor WiFi, a Bluetooth sniffing device is used to monitor Bluetooth, and an SDR device is used to monitor wireless keys. After deciphering the wireless packet data with a proper method, the attacker could learn of the working principles of the entire wireless system and identify the key wireless instructions.
Wireless Signal Replay¶
If the wireless communication protocol of the target system does not contain a replay-proof mechanism such as time stamping or randomization, the attacker may intercept legitimate instructions of the target system and then replay them to manipulate the system. For example, if the attacker has intercepted the door-opening instruction of a wireless key, he could then open the target car door without using the key by simply replaying the instruction.
Wireless Signal Deception¶
Through the means of wireless monitoring and deciphering, the attacker may learn of the packet structures, critical keys and verification methods of the target wireless protocol, and with the above knowledge, the attacker can construct legitimate wireless packets verifiable by the target protocol to influence the working of the target wireless system.
Wireless Signal Hijacking and DoS attack¶
The attacker blocks the target’s network in the protocol layer or the communication layer, pulls the target from a legitimate network into a controlled simulated network, and then carry out multiple attacks by hijacking upstream and downstream wireless traffic.