SlideShare a Scribd company logo

AP Takeover Attacks

Eric Goldman
Eric Goldman

This is a short presentation about access point (AP) takeover attacks. It gives a brief overview of methods and the reasons hackers may want to use these attacks, it then provides some examples. A full paper on this topic is available at http://www.ericgoldman.name

Technology
1 of 9
Theory and Strategies for Takeover Attacks Presented by Eric Goldman – http://www.ericgoldman.name
This is an excerpt from a larger presentation which covered numerous AP exploit strategies and specified attacks. You can find more of my presentations on SlideShare and at my main website, http://www.ericgoldman.name. Please feel free to post questions or comments about this presentation. A full academic paper on this topic is available on my website. More papers & presentations at http://www.ericgoldman.name 2
 AP is a gateway between wireless and wired networks; all wireless traffic passes through  As a result it is usually the most valuable target on the WLAN for Snooping or DoS  Wireless hardware is more vulnerable than wired equivalents because it must support more protocols and features, which are relatively young and/or under development  Fun target because there are so many different ways to attack an AP More papers & presentations at http://www.ericgoldman.name 3
 Gain unauthorized access to the network ◦ Attacker wants to get the rest of the network, but too timely to break all security procedures  Monitor traffic and steal user data ◦ Steal valuable information about users or company  Make money ◦ By controlling AP you can insert your own ads on every page and replace other adds with your own ◦ Examples: dd-wrt + NoCatSplash or a web proxy More papers & presentations at http://www.ericgoldman.name 4
 Multiple management interfaces may exist, with different security (console, web, ssh, etc)  Setting misconfigurations, groups of settings, or improper implementation of settings  Steal login information by cracking or finding in-the-clear authentication (web, telnet)  Physical access- administration allowed w/o password when direct connected, reset device More papers & presentations at http://www.ericgoldman.name 5
 Effects 8 different devices, 3 versions of IOS  Vulnerability is in Web Management Interface  When you switch from global password control to local user list with individual passwords in the web interface all login security is disabled  As a result, anyone can easily access the admin interface without having any login information or credentials More papers & presentations at http://www.ericgoldman.name 6
 Router allows admin password to be modified, but there is a undocumented hardcoded account there as well  Hardcoded accounts: U= super, P=5777364  Accessible from both LAN/WLAN  Traced back to hardware developer in Taiwan, 5777364 is their phone number ◦ May affect other vendors who use their hardware ◦ Was still in later firmware upgrades for Netgear ◦ Vendor solution: make a new hardcoded account More papers & presentations at http://www.ericgoldman.name 7
 APs are a more valuable target than a single client node; attack more users and resources  Wireless network equipment, especially budget consumer products often are poorly designed and coded  Attacking AP can cut off many users from access, can make any connectivity difficult  Taking over an AP can allow the attacker to accomplish many different objectives More papers & presentations at http://www.ericgoldman.name 8
 Cisco. (2006, September 20). Cisco Security Advisory: Access Point Web-browser Interface Vulnerability. Retrieved April 6, 2009, from Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml  Hackers come up with new methods to hack Wi-Fi networks. (2008, March 21). Retrieved April 6, 2009, from Internet Security: http://www.internet- security.ca/internet-security-news-010/hackers-coming-up-with-new-ways-to- hack-wi-fi-networks.html  Knienieder, T. (2004, June 3). Netgear WG602 Wireless Access Point Default Backdoor Account Vulnerability. Retrieved April 6, 2009, from Secuirty Focus: http://www.securityfocus.com/bid/10459/info  Mateti, P. (2005). Hacking Techniques in Wireless Networks. Retrieved April 6, 2009, from Wright State University: http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mat eti-WirelessHacks.htm#_Toc77524669  Megidish, G. (2008, August 17). Getting Paid For Others’ Work. Retrieved April 6, 2009, from SecuriTeam: http://blogs.securiteam.com/index.php/archives/1128  Bellardo, J., & Savage, S. (2003). 802.11 Denial-of-Service Attacks:vulnerabilities and practical solutions. San Diego, California: Department of Computer Science and Engineering, University of California at San Diego. More papers & presentations at http://www.ericgoldman.name 9

Recommended

Evil Twin Demonstration
Evil Twin DemonstrationEvil Twin Demonstration
Evil Twin DemonstrationEric Goldman
 
Security and safety in the modern vehicle
Security and safety in the modern vehicleSecurity and safety in the modern vehicle
Security and safety in the modern vehicleRakuten Group, Inc.
 
Fix: Netgear Extender Firmware Update Failure
Fix: Netgear Extender Firmware Update Failure Fix: Netgear Extender Firmware Update Failure
Fix: Netgear Extender Firmware Update Failure makeyourownbuzz
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disasterAdrian Sanabria
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 

Recommended

Evil Twin Demonstration
Evil Twin DemonstrationEvil Twin Demonstration
Evil Twin DemonstrationEric Goldman
 
Security and safety in the modern vehicle
Security and safety in the modern vehicleSecurity and safety in the modern vehicle
Security and safety in the modern vehicleRakuten Group, Inc.
 
Fix: Netgear Extender Firmware Update Failure
Fix: Netgear Extender Firmware Update Failure Fix: Netgear Extender Firmware Update Failure
Fix: Netgear Extender Firmware Update Failure makeyourownbuzz
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disasterAdrian Sanabria
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Peak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering valuePeak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering valueJonas Söderström
 
Evil Twin
Evil TwinEvil Twin
Evil Twinn|u - The Open Security Community
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013Edouard de Lansalut
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slidesguest1c1a9a
 
wifi
wifiwifi
wifiAmmar WK
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 

More Related Content

Viewers also liked

Peak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering valuePeak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering valueJonas Söderström
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (12)

Peak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering valuePeak IT: why digital may stop delivering value
Peak IT: why digital may stop delivering value
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to AP Takeover Attacks

Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slidesguest1c1a9a
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4Mr Smith
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012WordCamp Sydney
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptxAlmaOraevi
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 

Similar to AP Takeover Attacks (20)

Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
 
wifi
wifiwifi
wifi
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for Business
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analytics
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptx
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 

Recently uploaded

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

AP Takeover Attacks

  • 1. Theory and Strategies for Takeover Attacks Presented by Eric Goldman – http://www.ericgoldman.name
  • 2. This is an excerpt from a larger presentation which covered numerous AP exploit strategies and specified attacks. You can find more of my presentations on SlideShare and at my main website, http://www.ericgoldman.name. Please feel free to post questions or comments about this presentation. A full academic paper on this topic is available on my website. More papers & presentations at http://www.ericgoldman.name 2
  • 3. AP is a gateway between wireless and wired networks; all wireless traffic passes through  As a result it is usually the most valuable target on the WLAN for Snooping or DoS  Wireless hardware is more vulnerable than wired equivalents because it must support more protocols and features, which are relatively young and/or under development  Fun target because there are so many different ways to attack an AP More papers & presentations at http://www.ericgoldman.name 3
  • 4. Gain unauthorized access to the network ◦ Attacker wants to get the rest of the network, but too timely to break all security procedures  Monitor traffic and steal user data ◦ Steal valuable information about users or company  Make money ◦ By controlling AP you can insert your own ads on every page and replace other adds with your own ◦ Examples: dd-wrt + NoCatSplash or a web proxy More papers & presentations at http://www.ericgoldman.name 4
  • 5. Multiple management interfaces may exist, with different security (console, web, ssh, etc)  Setting misconfigurations, groups of settings, or improper implementation of settings  Steal login information by cracking or finding in-the-clear authentication (web, telnet)  Physical access- administration allowed w/o password when direct connected, reset device More papers & presentations at http://www.ericgoldman.name 5
  • 6. Effects 8 different devices, 3 versions of IOS  Vulnerability is in Web Management Interface  When you switch from global password control to local user list with individual passwords in the web interface all login security is disabled  As a result, anyone can easily access the admin interface without having any login information or credentials More papers & presentations at http://www.ericgoldman.name 6
  • 7. Router allows admin password to be modified, but there is a undocumented hardcoded account there as well  Hardcoded accounts: U= super, P=5777364  Accessible from both LAN/WLAN  Traced back to hardware developer in Taiwan, 5777364 is their phone number ◦ May affect other vendors who use their hardware ◦ Was still in later firmware upgrades for Netgear ◦ Vendor solution: make a new hardcoded account More papers & presentations at http://www.ericgoldman.name 7
  • 8. APs are a more valuable target than a single client node; attack more users and resources  Wireless network equipment, especially budget consumer products often are poorly designed and coded  Attacking AP can cut off many users from access, can make any connectivity difficult  Taking over an AP can allow the attacker to accomplish many different objectives More papers & presentations at http://www.ericgoldman.name 8
  • 9. Cisco. (2006, September 20). Cisco Security Advisory: Access Point Web-browser Interface Vulnerability. Retrieved April 6, 2009, from Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml  Hackers come up with new methods to hack Wi-Fi networks. (2008, March 21). Retrieved April 6, 2009, from Internet Security: http://www.internet- security.ca/internet-security-news-010/hackers-coming-up-with-new-ways-to- hack-wi-fi-networks.html  Knienieder, T. (2004, June 3). Netgear WG602 Wireless Access Point Default Backdoor Account Vulnerability. Retrieved April 6, 2009, from Secuirty Focus: http://www.securityfocus.com/bid/10459/info  Mateti, P. (2005). Hacking Techniques in Wireless Networks. Retrieved April 6, 2009, from Wright State University: http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mat eti-WirelessHacks.htm#_Toc77524669  Megidish, G. (2008, August 17). Getting Paid For Others’ Work. Retrieved April 6, 2009, from SecuriTeam: http://blogs.securiteam.com/index.php/archives/1128  Bellardo, J., & Savage, S. (2003). 802.11 Denial-of-Service Attacks:vulnerabilities and practical solutions. San Diego, California: Department of Computer Science and Engineering, University of California at San Diego. More papers & presentations at http://www.ericgoldman.name 9