1 / 26

An Empirical Study on Wireless Network Security for Retailers

An Empirical Study on Wireless Network Security for Retailers. Khai Tran. Introduction. Retail merchants have been incorporating wireless solutions into their networks to increase efficiency and enhance the customer experience in order to increase margins.

martha-fleming
Download Presentation

An Empirical Study on Wireless Network Security for Retailers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Empirical Study on Wireless Network Security for Retailers Khai Tran

  2. Introduction • Retail merchants have been incorporating wireless solutions into their networks to increase efficiency and enhance the customer experience in order to increase margins. • Apple – wireless handheld devices that provided credit authorization • Starbucks – free Wi-Fi access for AT&T customers or those who wish to pay a fee $3.99 for two hours • Home Depot – wireless handheld devices are used throughout the store to perform inventory, price changes, and various other tasks. • In doing so, some merchants are potentially opening up their doors to unlawful access by hackers who intend to do harm.

  3. Lowe’s and TJX • Lowe’s - 2003 • Loosely protected wireless connection in Southfield, MI branch led to intrusion • Trio of hackers (Brian Salcedo, Adam Botbyl, Paul Timmons) installed “hacking” software and were able to access Lowe’s stores in CA, KS, SD, and other states • TJX - 2005 • Two Miami-area Marshalls stores were compromised due to a breach in their unsecured wireless network • Intruders had access to millions of credit card numbers due to weak data encryption

  4. Purpose Are Retailers Still Using WEP? Goals: Scan wireless networks of retailers to determine if networks are secured and what type of security As a Proof of Concept, setup a personal WLAN and attempt to crack WEP and WPA passwords to determine feasibility of attacks

  5. WEP (Wired Equivalent Privacy) • Introduced in 1997 to secure 802.11 wireless networks • Several weaknesses detected in 2001 • Simple Initialization Vector (IV) • 24-bits • Repeats after about 5000 packets • Single shared key • Susceptible to eavesdropping • Declared by IEEE in 2004 as failing to meet security requirements

  6. WPA/WPA2 (Wifi Protected Access) • Introduced in 2003 to replace WEP • IV is increased from 24 to 48 bits • Re-use of keys is unlikely • 256 bit keys as opposed to 128 • 2^128 • Implements TKIP (Temporal Key Integrity Protocol) to support pre-WPA

  7. Tools Used for Passive Scans • OCZ Neutrino netbook • Window XP SP3 • Intel Atom (N270) 1.60 GHz, 2.0 GB RAM • RealTek RTL8187SE Wireless LAN PCIE • WirelessNetView software • Created by Nir Sofer • Version 1.26 • www.nirsoft.net • Why was WirelessNetView chosen for passive scans? • Cities scanned Sacramento Citrus Heights Roseville Oroville Chico

  8. Sample Scan with WirelessNetView

  9. Scan Results • 65 retail networks were scanned over a period of two weeks • Security • Less than 17% (11) were still using WEP to secure their network • Of the 17%, only three (0.5%) were Big Box retailers while all the others were small local retail shops • Most retailers have adopted WPA • No Security • Just over 26% (17) had no security on their network • 13 of these 17 were Big Box retailers

  10. What is BackTrack? • Created by Mati Aharoni and Max Moser • Supported by Linux community • www.remote-exploit.org • Live Linux distro based on Slackware and available as a Live CD or on USB boot • Includes tools such as kismet, metasploit, wireshark • Used for pen testing, network security and analysis

  11. Tools Used For Cracking • Dell Latitude D820 • Window XP SP2 • Intel Core 2 (T7200) 2.00 GHz, 2.0 GB RAM • Intel PRO/Wireless 3945ABG • 2Wire 3800HGV-B Uverse Router • WEP, WPA, WPA2 • BackTrack version 3 • airmon-ng • airodump-ng • aireplay-ng • aircrack-ng • macchanger

  12. Steps to Cracking WEP • Spoof MAC address • Turn wireless card into monitoring mode • Scan available networks and capture packets • Inject ARP-request packets into network to generate traffic • Feed data to aircrack-ng for password cracking

  13. Check Wireless Driver

  14. Spoof MAC • Covering your tracks…

  15. Search Available Networks #airodump-ng wifi0

  16. Capture Packets On Target Network • airodump-ng -c 3 -w smacs --bssid 00:21:7C:4E:89:51 wifi0

  17. Inject Packets & Attempt to Crack • aireplay-ng -3 –b 00:21:7C:4E:89:51 –h 00:11:22:33:44:55 wifi0 • aircrack-ng -b 00:21:7C:4E:89:51 smacs-01.cap

  18. WEP Cracking Demonstration • Linksys Wireless-G Router (WRT54G) • SSID - 693TEST • MAC – 00:1D:7E:35:AA:6D

  19. Cracking WPA • Requires deauthentication from AP and re-authentication

  20. WPA-PSK Cracking Service

  21. www.wpacracker.com

  22. Conclusion • Big Box Retailers • Most have either adopted WPA to secure their network or provided public portals for user authentication • Small & Local Retail Shops • A small number are still using WEP or no security at all

  23. Afterthoughts • Residential Wireless Networks • A lot of networks are still using WEP • Scan of Nord Ave • 182 networks detected • 36% (65) are using WEP • Out of the 182 networks, 29 are obvious 2WIRE### routers • 27 of these are using WEP • 2006 survey by A. Bittau, M. Handley, and J. Lackey • 400 networks scanned in London • 76% WEP, 20% WPA, 4% 802.11i • 2,539 networks scanned in Sattle • 85% WEP, 14% WPA, 1% 802.11i

  24. 2WIRE WEP Networks

  25. Questions?

  26. References • Andrea Bittau, Mark Handley, Joshua Lackey, "The Final Nail in WEP?s Coffin," sp, pp.386-400, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006. • Highspeed internet access at Starbucks. (2009). Retrieved from http://www.starbucks.com/retail/wireless.asp • Kjell J. Hole, Erlend Dyrnes, Per Thorsheim, "Securing Wi-Fi Networks," Computer, vol. 38, no. 7, pp. 28-34, July 2005, doi:10.1109/MC.2005.241 • Carsten Maple, Helen Jacobs, Matthew Reeve, "Choosing the Right Wireless LAN Security Protocol for the Home and Business User," ares, pp.1025-1032, First International Conference on Availability, Reliability and Security (ARES'06), 2006 • Carmen Nobel. (November 21, 2005). Home Depot Tackles Network Challenge. Retrieved from http://www.eweek.com/c/a/Mobile-and-Wireless/Home-Depot-Tackles-Network-Challenge/ • Kevin Poulsen. (November 12, 2003). Wireless hacking bust in Michigan. Retrieved from http://www.securityfocus.com/news/7438 • Kim Zetter. (October 26, 2007). TJX Failed to Notice Thieves Moving 80-GBytes of Data on its Network. Retrieved from http://www.wired.com/threatlevel/2007/10/tjx-failed-to-n/ • Kim Zetter. (July 17, 2009). 4 Years After TJX Hack, Payment Industry Sets Security Standards. Retrieved from http://www.wired.com/threatlevel/2009/07/pci/ • Songhe Zhao, Charles A. Shoniregun, "Critical Review of Unsecured WEP," services, pp.368-374, 2007 IEEE Congress on Services (Services 2007), 2007 • www.nirsoft.net/about_nirsoft_freeware.html • http://it.slashdot.org/story/09/12/07/2322235/WPA-PSK-Cracking-As-a-Service • www.aircrack-ng.org

More Related