an empirical study on wireless network security for retailers
DESCRIPTION
An Empirical Study on Wireless Network Security for Retailers. Khai Tran. Introduction. Retail merchants have been incorporating wireless solutions into their networks to increase efficiency and enhance the customer experience in order to increase margins. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/1.jpg)
An Empirical Study on Wireless Network Security for Retailers
Khai Tran
![Page 2: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/2.jpg)
Introduction Retail merchants have been incorporating wireless
solutions into their networks to increase efficiency and enhance the customer experience in order to increase margins. Apple – wireless handheld devices that provided credit
authorization Starbucks – free Wi-Fi access for AT&T customers or
those who wish to pay a fee $3.99 for two hours Home Depot – wireless handheld devices are used
throughout the store to perform inventory, price changes, and various other tasks.
In doing so, some merchants are potentially opening up their doors to unlawful access by hackers who intend to do harm.
![Page 3: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/3.jpg)
Lowe’s and TJX
Lowe’s - 2003 Loosely protected wireless connection in
Southfield, MI branch led to intrusion Trio of hackers (Brian Salcedo, Adam Botbyl, Paul
Timmons) installed “hacking” software and were able to access Lowe’s stores in CA, KS, SD, and other states
TJX - 2005 Two Miami-area Marshalls stores were
compromised due to a breach in their unsecured wireless network
Intruders had access to millions of credit card numbers due to weak data encryption
![Page 4: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/4.jpg)
Purpose
Are Retailers Still Using WEP? Goals:
Scan wireless networks of retailers to determine if networks are secured and what type of security
As a Proof of Concept, setup a personal WLAN and attempt to crack WEP and WPA passwords to determine feasibility of attacks
![Page 5: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/5.jpg)
WEP (Wired Equivalent Privacy) Introduced in 1997 to secure
802.11 wireless networks Several weaknesses detected in
2001 Simple Initialization Vector (IV)
24-bits Repeats after about 5000 packets
Single shared key Susceptible to eavesdropping
Declared by IEEE in 2004 as failing to meet security requirements
![Page 6: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/6.jpg)
WPA/WPA2 (Wifi Protected Access) Introduced in 2003 to replace
WEP IV is increased from 24 to 48 bits
Re-use of keys is unlikely 256 bit keys as opposed to 128
2^128 Implements TKIP (Temporal Key
Integrity Protocol) to support pre-WPA
![Page 7: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/7.jpg)
Tools Used for Passive Scans OCZ Neutrino netbook
Window XP SP3 Intel Atom (N270) 1.60 GHz, 2.0 GB RAM RealTek RTL8187SE Wireless LAN PCIE
WirelessNetView software Created by Nir Sofer Version 1.26 www.nirsoft.net Why was WirelessNetView chosen for passive
scans?
Cities scannedSacramento Citrus HeightsRoseville OrovilleChico
![Page 8: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/8.jpg)
Sample Scan with WirelessNetView
![Page 9: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/9.jpg)
Scan Results 65 retail networks were scanned over a
period of two weeks
Security Less than 17% (11) were still using WEP to secure
their network Of the 17%, only three (0.5%) were Big Box
retailers while all the others were small local retail shops
Most retailers have adopted WPA
No Security Just over 26% (17) had no security on their
network 13 of these 17 were Big Box retailers
![Page 10: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/10.jpg)
What is BackTrack?
Created by Mati Aharoni and Max Moser Supported by Linux community www.remote-exploit.org Live Linux distro based on Slackware and available
as a Live CD or on USB boot Includes tools such as kismet, metasploit, wireshark Used for pen testing, network security and analysis
![Page 11: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/11.jpg)
Tools Used For Cracking Dell Latitude D820
Window XP SP2 Intel Core 2 (T7200) 2.00 GHz, 2.0 GB RAM Intel PRO/Wireless 3945ABG
2Wire 3800HGV-B Uverse Router WEP, WPA, WPA2
BackTrack version 3 airmon-ng airodump-ng aireplay-ng aircrack-ng macchanger
![Page 12: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/12.jpg)
Steps to Cracking WEP Spoof MAC address Turn wireless card into monitoring
mode Scan available networks and capture
packets Inject ARP-request packets into
network to generate traffic Feed data to aircrack-ng for password
cracking
![Page 13: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/13.jpg)
Check Wireless Driver
![Page 14: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/14.jpg)
Spoof MAC
Covering your tracks…
![Page 15: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/15.jpg)
Search Available Networks#airodump-ng wifi0
![Page 16: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/16.jpg)
Capture Packets On Target Network airodump-ng -c 3 -w smacs --bssid 00:21:7C:4E:89:51 wifi0
![Page 17: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/17.jpg)
Inject Packets & Attempt to Crack aireplay-ng -3 –b 00:21:7C:4E:89:51 –h 00:11:22:33:44:55 wifi0 aircrack-ng -b 00:21:7C:4E:89:51 smacs-01.cap
![Page 18: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/18.jpg)
WEP Cracking Demonstration Linksys Wireless-G Router
(WRT54G) SSID - 693TEST MAC – 00:1D:7E:35:AA:6D
![Page 19: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/19.jpg)
Cracking WPA Requires deauthentication from AP and re-authentication
![Page 20: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/20.jpg)
WPA-PSK Cracking Service
![Page 21: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/21.jpg)
www.wpacracker.com
![Page 22: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/22.jpg)
Conclusion
Big Box Retailers Most have either adopted WPA to
secure their network or provided public portals for user authentication
Small & Local Retail Shops A small number are still using WEP
or no security at all
![Page 23: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/23.jpg)
Afterthoughts Residential Wireless Networks
A lot of networks are still using WEP Scan of Nord Ave
182 networks detected 36% (65) are using WEP Out of the 182 networks, 29 are obvious
2WIRE### routers 27 of these are using WEP
2006 survey by A. Bittau, M. Handley, and J. Lackey
400 networks scanned in London 76% WEP, 20% WPA, 4% 802.11i
2,539 networks scanned in Sattle 85% WEP, 14% WPA, 1% 802.11i
![Page 24: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/24.jpg)
2WIRE WEP Networks
![Page 25: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/25.jpg)
Questions?
![Page 26: An Empirical Study on Wireless Network Security for Retailers](https://reader036.vdocuments.net/reader036/viewer/2022062516/56812c76550346895d91189c/html5/thumbnails/26.jpg)
References Andrea Bittau, Mark Handley, Joshua Lackey, "The Final Nail in WEP?s
Coffin," sp, pp.386-400, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.
Highspeed internet access at Starbucks. (2009). Retrieved from http://www.starbucks.com/retail/wireless.asp
Kjell J. Hole, Erlend Dyrnes, Per Thorsheim, "Securing Wi-Fi Networks," Computer, vol. 38, no. 7, pp. 28-34, July 2005, doi:10.1109/MC.2005.241
Carsten Maple, Helen Jacobs, Matthew Reeve, "Choosing the Right Wireless LAN Security Protocol for the Home and Business User," ares, pp.1025-1032, First International Conference on Availability, Reliability and Security (ARES'06), 2006
Carmen Nobel. (November 21, 2005). Home Depot Tackles Network Challenge. Retrieved from http://www.eweek.com/c/a/Mobile-and-Wireless/Home-Depot-Tackles-Network-Challenge/
Kevin Poulsen. (November 12, 2003). Wireless hacking bust in Michigan. Retrieved from http://www.securityfocus.com/news/7438
Kim Zetter. (October 26, 2007). TJX Failed to Notice Thieves Moving 80-GBytes of Data on its Network. Retrieved from http://www.wired.com/threatlevel/2007/10/tjx-failed-to-n/
Kim Zetter. (July 17, 2009). 4 Years After TJX Hack, Payment Industry Sets Security Standards. Retrieved from http://www.wired.com/threatlevel/2009/07/pci/
Songhe Zhao, Charles A. Shoniregun, "Critical Review of Unsecured WEP," services, pp.368-374, 2007 IEEE Congress on Services (Services 2007), 2007
www.nirsoft.net/about_nirsoft_freeware.html http://it.slashdot.org/story/09/12/07/2322235/WPA-PSK-Cracking-As-a-
Service www.aircrack-ng.org