Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 292
Web Links: 1
Visitors: 3680361

Who's Online

Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow Conference Proceedings arrow Conference Proceedings arrow Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck
Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck
User Rating: / 0
PoorBest 
Written by Cedric Blancher   
Side Story
Practical Attacks on a Proximity Card

Proximity cards' are commonly used as high-tech replacements for magstripe cards or metal keys: you hold the card within a few inches of the reader, and the door clicks open. They are interesting because they are routinely used to control access to property or services. These cards contain electronic circuitry that authenticates them to the reader using a radio link.

Many such systems are designed with no security at all. This means that the only barrier to entry is the complexity of the protocol spoken over the air. Commercial prox cards use full-custom ICs that represent millions of dollars in development costs. I will describe the protocol used by the Motorola Flexpass cards, and then I will explain how to build a device capable of `cloning' such a card for under a hundred dollars. This is the same idea as taking a wax impression of a key, but you can do it over a distance of inches or feet, without removing the card from its owner's wallet.

Techniques to fix this are obvious and will only be mentioned briefly. A proximity card is really just a particular type of passive RFID tag. applications of these attacks to other kinds of RFID tags will also be discussed. Some knowledge of communications theory would be useful but is not required.

Read More >>



This presentation aims at showing WiFi trafic injection applications in order to practically demonstrate weaknesses of commonly deployed WiFi environments, aka WEP or open networks such as hotspots, for network itself and also for stations connected to it. A practical point of vue is adopted instead of giving another "WiFi is insecure" theorical brief.

The first part will briefly present 802.11 basics so everyone can understand the whole stuff (management vs. data, how injection works, consequences of injection, etc.) and is ready to understand consequences and thus applications. WiFi adapters, drivers (e.g. hostap) and tools will also be shortly introduced.

The second part will develop practical injection cases, with references to existing tools. The very last topic (WiFi stations attacks) will be developped to show how one can just compromise a random host on a WiFi network without even being associated.

* DoS using management traffic (disassoc, beacons)
* WEP cracking methods
* Captive Portal (commercial hotspots) breakthrough
* WiFi station attacks

The third part will focus on how recent protection schemes, aka WPA and WPA2/802.11i, can prevent or mitigate such kind of attacks and give a conclusion to the presentation.
Download: pdf Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck

Download: pdf Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck