![]() ![]() A regular civilian would have little concern about their pattern of life (POL) unless they were being specifically targeted. ![]() I created the table with the SOFREP community in mind. If you’re interested in learning more, you can find lots of videos on Youtube and Vimeo, or just Google the “tool” in question. For those readers that want to know how the threat/vulnerability/tool cycle works for this subject, I’ve created a table below. ![]() This list is just meant to inform you of some of the freely available, open-source tools that anyone can download and run. I thought the SOFREP readership might enjoy seeing a list of some of the vulnerabilities associated with using WiFi and some of the tools at our disposal to abuse this ubiquitous service. With some of the automated tools and scripts these days, even a kid can do it. Some of you are thinking, “But wait, my sessions are encrypted with SSL or TLS, and I have the little green lock in my URL bar telling me I’m safe.” Every time I hear this, I smile because there are various ways to conduct a “man-in-the-middle” (MITM) attack and bypass these security mechanisms. An adversary can determine one’s actual and virtual “pattern of life” (POL), credentials passed via web-based communications techniques and more. ![]() The consequences of a successful attack are more significant when operational. When working overseas, the 802.11/WiFi attacks surface and vulnerabilities increase. Or, even more insidious, he can exploit your wireless traffic in real time since he knows the encryption key. Even if the café you work at uses a password to connect, don’t you think an attacker knows the same password? All he has to do is sit in the café and collect wireless frames being transmitted, and then later decrypt all the traffic offsite. Identify theft through credential harvesting when on public WiFi is the most common threat one faces today. Personally identifiable information (PII) and proprietary information can be stolen, services can be poisoned, software can be corrupted, and hardware can be controlled by the attacker. Wireless can be abused and exploited at various layers to include the RF (Radio Frequency) spectrum, hardware, and application-level services. The number and types of attacks available to anyone with a laptop and web connection is significant. Think of it as the doggie door of network security most people cannot get through the door, however, some can and some do. As with other frequently used network services, WiFi was not designed with security in mind. It is the gateway to collection, exploitation, and attacks that may not have been available had you been on a wired network. Operational and personal use of 802.11/WiFi is a weak link in terms of OPSEC and being able to keep yourself safe from identity theft. Everything you thought you knew about WiFi is flawed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |