Exploits Data Communications Benjamin W. Siegel VCU Information Systems

Overview Information Systems Exploits 2/24

Beaconing I am online!! online!! I am online!! Exploits 3/24

Probe Requests and Responses Are you my Access Point? Exploits 4/24

Probe Requests and Responses Yes Exploits 5/24

Wireless Authentication Here is my authentication Exploits 6/24

Wireless Authentication That Checks out Exploits 7/24

Wireless Authentication Can we connect Exploits 8/24

Wireless Authentication Yes here is your ID Exploits 9/24

Wireless Authentication ~DATA~ Exploits 10/24

Probe and Authentication Summary Probe Request “ SSID” Probe Response “ SSID” Authentication Request Authentication Success Association Request Association Response Data Exploits 11/24

Deauthentication Attack What is does? Denial of Service Attack “Jams” all Traffic in range How it works unencryptedUtilizes unencrypted management frames against an access point to kick clients off- line Why first stageUsually the first stage of a man in the middle attack Will redirect traffic to the attackers machine Exploits 12/24

Deauthentication Attack Association Request Data Association Response Deauthenticate Deauthenication Management Frame Exploits 13/24

Deauthentication Management Frame Exploits 14/24

Live example Yes Always! Exploits 15/24

Application Layer Vulnerability ‘remembers’Operating system ‘remembers’ your home or last access point Convenience ‘remembered’Accepts any affirming probe requests with a ‘remembered’ BSSID Connects to the strongest signal Vulnerability Exploits 16/24

Evil Access Point and Application Layer Vulnerability Exploits 17/24 Evil Access Point ServicesWhat they do

Are you my access point? probe request I am online!! online!! Point? Are you my Access Point? Access Point? Exploits 18/24 Evil Access Point

Yes, I am. response Yes Yes, I am your AP Exploits 19/24 Evil Access Point

Application Layer Vulnerability Yes Here is my authentication Exploits 20/24 Evil Access Point

Application Layer Vulnerability Yes Cool, I don’t care Exploits 21/24 Evil Access Point

Application Layer Vulnerability Yes Can we connect? Exploits 22/24 Evil Access Point

Probe Requests and Responses Yes Always! Exploits 23/24 Evil Access Point

Application Layer Vulnerability Yes Always! ~Data~ Exploits 24/24 Evil Access Point

Questions? VCU Information Systems