Introduction to security
on mobile platforms
introduction
The increasingly strong and omnipresent introduction of
mobile terminals such as smartphones and tablets, as well as
the amount of personal and professional information they
contain as a valuable asset for users and organizations, make
them a succulent goal for several types of attackers and
criminals who seek ways to orchestrate and launch digital
threats that have the consequence of obtaining all kinds of
benefits, especially economic, to companies and
organizations.
The old paradigm of digital security of personal computers
and corporate servers now more than ever needs to be
expanded to accommodate terminals that have the same
data as the previous ones, but which are also extremely
susceptible to threats of physical origin, such as thefts ,
losses, manipulations ... and that have as a final result a
compromise at the level of digital security, privacy, etc. For
this reason we must also pay special attention to provide a
certain level of security so that when these things happen
our information is not compromised.
Taking into account that they are environments oriented to
the use of applications, we will see that this is one of the
main focuses in terms of security problems. Fortunately, and
as we will see throughout this and other units, apart from
many threats and vulnerabilities, we also have many tools to
protect our devices.
II. goals
During the different teaching units of the present course
we will deal with different specific aspects of the security of
the mobile ecosystems that have more depth in both the
personal and the professional sector today. These are:
Windows Phone, Android and iOS.
However, in order to properly delve into the advanced and
specific content, we will first know the basics of digital
security and the methodology and basic objectives that it has
when it comes to protecting digital devices, such as mobile
terminals, and the information they contain. These devices.
We will understand the interrelation that exists between
mobile terminals and their entire ecosystem, including what
types of attackers focus on them and what motivates
them. We will also see the direct repercussions on our
security that this ecosystem entails when having certain
policies or being the preferred environment for certain types
of audience.
We will see the direct relationship between digital security
and physical security for the particular case of mobile
terminals, and what may be the consequences of a physical
commitment at the level of digital information that the
terminal contains.
We will visit the most conflictive points that, in general, in
terms of security, have all the mobile platforms in common,
starting from the previous premise that physical security can
be easily compromised by theft or loss, and it is necessary to
protect the data.
III. Fundamentals of security
Each mobile platform needs an independent analysis of its
characteristics, not only at the level of device architecture
and software; the ecosystems of applications to which the
terminals are connected, as well as the policies by which they
are governed, play a fundamental role in the user's level of
security and final privacy. Each of them has different
strengths and weaknesses. Before this analysis, it is
convenient to review some basic concepts of security and
vocabulary that will help to understand the basis on which
other concepts that we will see later are supported.
3.1. Five conceptual pillars of security
As regards threats and security issues, there are basically
five key elements that should be understood. These serve as
a basic model on which most tasks and objectives related to
security management and threats to it are articulated. These
concepts are not intended to be an absolute reference and
are subject to interpretation, but they serve as a learning
model to understand the causes and consequences of the
different threats, as well as the motivations of the actors that
create them or the typology of the victims. they are affected
by them.
3.1.1. Prevention
The first task that has a security manager (understood as a
manager any professional who has different positions within
the security sector of an organization chart, not only to
operators and technicians, but to managers / executives) and
one of the that more time and energy consumes is
prevention.
Threat probabilities
The prevention of threats implies any task or process that
must be done periodically and whose realization has as a
consequence a decrease in the probabilities of threat .
The threat probabilities try to provide quantitative
references (that is, as concrete and measurable as possible),
to measure the probabilities that certain threats will impact
us or our company.
Applying the traditional case of antivirus, which is a
security tool known to all, the fact that we have an installed
antivirus considerably reduces the chances that any of the
malware threats that are already known by malware labs
could impact our systems. In addition, every time that we
are updating the antivirus with new malware definitions, we
are keeping those probabilities as low as possible, since new
threats constantly appear and the fact of remaining static
would actually imply a loss of protection and an increase in
the probabilities of that a threat impacts us.
Vector
Prevention also involves applying and enforcing certain
policies or directives on the use and configuration of systems,
so that users can not open the door (open new vectors ) to
certain threats or they can not cause security problems.
intentional or unintentional form.
By "vectors" we mean each and every one of the elements
that are exposed to threats and that increase the chances
that an attack will succeed or a threat becomes effective. A
possible vector can be a hardware element, software,
configurations, or even the user himself and his level of
safety awareness.
The fact of having a dissatisfied employee within our own
network, and this one using its privileges and access rights to
systems to cause damages, could also be recognized as a
vector.
In the event that our website on the Internet was
manipulated by third parties (what is known as
"defacement") and a vulnerability was used in the control
panel of our server that allowed us to enter and modify our
files without asking for the password, we would say that the
assault vector has been an unpatched vulnerability.
In order for the computer systems (and our mobile
terminals) to be useful and able to provide us with service, it
is necessary that they have programs, services, personal
data, etc., but each of them involves a contact surface with
possible threats or vulnerabilities, which they can make use
of this contact surface to start or progress correctly a
malware attack, carry out a data theft by an assault with an
"exploit", etc.
A common example of input vector is the fact of not
applying restriction policies to users when installing software
on their mobile terminals. This increases the chances of
attack, and any of these apps, if it hides malicious functions,
would serve as an entry vector for the threat to become
effective.
Apply techniques of release restrictions to terminals, such
as "jailbreak" to iOS terminals or "rooting" to Android
terminals, increases the probabilities because it increases the
possible input vectors, since there is specific malware for
terminals in those conditions. For example, in the particular
case of iOS, many times during the jailbreak process an SSH
service is installed that remains open with a known username
and password, thus creating a new vector with a high risk of
being exploited by an external attacker. Also, since terminals
have fewer restrictions when jailbroken, more damage could
be done or more data could be stolen.
In the case of mobile terminals in corporate environments,
it is possible to use centralized remote management
solutions, so that certain configuration parameters, policies
and limits can be managed by system administrators or
security administrators of companies , to improve the
prevention of threats and above all avoid data theft in the
event that a terminal is stolen. We will see more about this in
the following teaching units.
Valid vectors can also be recognized as certain
circumstances or situations such as social engineering or
phishing, which tries to trick users into getting private
information directly, or passwords that allow access to data
and private systems. In the case of phishing, an attacker
manages to take the user to a website that pretends to be
from a legitimate entity, such as a bank, etc., which they
would then use to steal our money from the account. In this
case we would say that the vector of the attack that has
allowed this theft has been a phishing attempt that has
succeeded in deceiving the user.
3.1.2. Detection
The concept is self-explanatory. Threat detection is the
next logical step in the tasks of a security manager.
It can not be assumed that simple threat prevention will
keep them away. It is appropriate to assume that at all times
the prevention mechanisms have not been sufficient and
some type of attack or contact with a threat could be taking
place. In fact, in many vectors, which we can not control
completely, it is important to have detection mechanisms.
Again, we can resort to the traditional example of antivirus,
or to more complex detection mechanisms that are used in
the mobile terminals of employees of organizations and
companies such as the analysis of real-time data traffic.
In the particular case of mobile platforms, it is the norm of
their manufacturers to have anti-malware mechanisms and
manual reviews of third-party applications that are available
in their application markets, commonly called "markets" or
"stores". There are also complaint mechanisms on the part of
users who believe they have experienced security / privacy
problems to call the attention of the owners of the platforms
with respect to a certain application, so that it can be revised
in a more detailed way if necessary.
3.1.3. Mitigation
If our routine procedures and / or tools detect a threat, or
the analysis of the information that these provide us
suggests it, comes into play the set of techniques, tools, or
even the architectural design that has been made in order
to mitigate a threat.
Normally, this section also includes techniques for
recovering lost data or damaged systems after the threat,
although they do not apply immediately until they have been
eradicated. Some mechanisms to mitigate the consequences
of a threat can be as simple as having a correct backup
policy that is carried out periodically and kept in a safe place.
Changing passwords by identifying a threat could also be
considered a mitigation mechanism. In some types of
threats, such as the theft of passwords by phishing, it is
essential to perform this type of task.
In the case of computer networks in corporate
environments, the security architecture plays an important
role, since, if the different computers in a network are
conveniently isolated from each other, a threat that impacts
one of them is less likely to expand and expand. increase the
damage.
In the case of mobile terminals, a security mechanism that
is constantly in operation and that is thought of as a
contingency is the so-called sandboxing , a technology that
keeps separate and supervised the different processes that
run in the terminal, and that tries to prevent and limit any
potentially malicious operation that attempts to make a
software, based on the premise that it has already been
installed in our systems and that, at the moment, we can not
do anything else until its elimination is possible .
3.1.4. Elimination
The elimination of threats is the logical step and the primary
objective of a security manager at the moment in which it
has been detected. The elimination would include actions
such as giving the order to an antivirus to try to extract
malware from our system, closing a service or uninstalling
software that has vulnerabilities for which a solution is not
yet known.
3.1.5. Anticipation
Although this last point is not always included in the
policies and information security strategies of a company or
organization, it is increasingly interesting and necessary to
pay attention to this point because, whether active or
passive, it is present in security tools and solutions.
There are companies and organizations dedicated to the
research and development of new technologies for the fight
against digital security threats, and for the active
investigation of new threats, so that they can be identified,
analyzed, understood and mitigated as soon as
possible. Most are antivirus laboratories and security
companies, but there are also institutions and technology
centers dedicated to pure research. The knowledge
generated by these organizations is what allows companies
to have more and better means to fight against these
threats, either by acquiring specific software or hardware
solutions that are based on this knowledge, new and
constant definitions in their antivirus systems , etc.
In large corporations such as banks, it is common to find
their own groups of security researchers dedicated
exclusively to finding the threats of malware, phishing, etc.,
which could potentially cause damage to the banking
business before they can affect them, or at least minimizing
the response time and avoiding impact on large numbers of
users.
3.2. Five fundamental tasks of security managers
Now that we have identified five basic aspects in terms of
security (prevention, detection, mitigation, elimination,
anticipation) we propose a model also with five elements that
help to understand what are the responsibilities and tasks of
security personnel, not only the technician of field, but also in
the executive / strategic field.
Again, this model is only indicative and does not pretend to
be an absolute reference.
1. Apply, plan and coordinate the deployment of the
aforementioned mechanisms (especially prevention and
detection).
2. Check the proper functioning and efficiency of all possible
mechanisms, ensuring that they are available when they
are needed, and that they perform their function correctly.
3. Constantly seek the reduction in response times and
application of these mechanisms, to minimize the
damage.
4. Analyze risks of the different decisions, operations and
strategies that are adopted in the organization, as well as
the new needs that these may generate.
5. Provide strategic knowledge in the decision making and
establishment of priorities with respect to all the previous
objectives, based on the analysis of point 4.
3.3. Demography and basic modeling of
attackers and threats
To understand exactly what type of threats we face, it is
necessary to have a conceptual map that, roughly,
represents all risk situations and the actors that cause
them. This, in the panorama of mobile platforms, is of special
interest, since the demography of the attackers depends a lot
on the type of users that typically use one platform or
another.
3.3.1. By motivation
Imagine the landscape of security in mobile ecosystems as
a coordinate axis. Observing the panorama from this first
axis (the interests of the attackers, what they want to
achieve from the victims or through them), we can observe:
3.3.1.1. Curiosity
They are the attackers motivated by the maxim "because I
was there". They want to experiment and try things driven by
the curiosity of getting some fetish in the form of private
alien data. Even if they commit crimes, there is no typically
criminal motivation. They are not motivated by money and,
therefore, even when they compromise a device of a
company, they do not exploit the information with the
purpose of industrial espionage or economic benefit of
another type.
3.3.1.2. Personal fame
They are criminals who aim to become famous by displaying
trophies as personal data of systems they have committed,
leaving marks for others to follow and take them as a
reference. This type of attackers already begins to cause
problems since, to exhibit the achievement of their feat, they
will share the stolen data with others or publish them
directly, thus compromising the security and privacy of
systems, people and organizations.
3.3.1.3. Tangible personal benefit
This type of attackers looks for a more tangible type of
benefit. As far as mobile ecosystems are concerned, the
attack vector that most attempts to exploit (although it is not
the only one) consists in convincing us to install an
application that promises from simple funny images or jokes
to the possibility of spying on other users, and that in reality
they are mere claims and covers (in many cases the claims
are false) so that the attacker gets a hidden benefit through
the installation of his application in the terminal of the victim.
This is the case of applications such as "la torro
molona" (more information can be read in this article by José
C. Agudo and Miguel Ángel Cardenete published in the blog
of Chema Alonso, recommended reading: http://
www.elladodelmal.com /2014/01/la-estafa-de-la-linternamolona-que.html ).
3.3.1.4. Revenge / Retaliation
Personal vendettas and reprisals of all kinds, the revenge
of employees, etc., would enter here. The most likely vectors
to meet their objectives are the theft of terminals or entry
into networks and systems of the company from within. As
these are threats focused on a single objective, they do not
usually use the public parts of the ecosystem to attack (that
is, they typically do not publish an app in the corresponding
"market" in the hope that it will reach its victim).
The consequences of a successful attack of this type are
usually the publication of all the stolen data, with the
maximum possible diffusion to humiliate a private individual
invading their privacy or to damage an institution by airing
corporate data that damage its reputation or its value in the
market.
3.3.1.5. Institutional benefit
As we already know and demonstrate every day more
clearly, governments and government agencies, handling
large amounts of high-tech budget, develop their own threats
to massively control users of all kinds and obtain large
amounts of information applicable to intelligence and
defense. A very possible vector for this type of threat are
backdoors installed in the terminals by the manufacturers,
coerced by the governments.
In this sense we have discovered things like different models
of Samsung terminals have a mechanism that allows access
from the 3G connection directly to the data of the user's
memory card (see more details in this article, recommended
reading: http: / /muyseguridad.net/2014/03/15/samsunggalaxy-have-a-backdoor- door ).
3.3.2. By personal / professional sector
Except in cases where there are motivations against a
certain person or entity for the purpose of social protest,
revenge, etc., an attacker or group of attackers can set goals
according to the level of organization and resources they
have.
For example, by means of a massive campaign of
distribution of a malware that would allow the attacker to
perform some type of theft or espionage, if this campaign is
carried out against the bulk of the general public, small
benefits could be obtained from a user, but these would be
repeated multiple times. times of massive handling.
On the contrary, groups with greater organization and
capacities may prefer to organize direct attacks on larger
companies or institutions with the idea of making greater
efforts and using more resources, but at the same time with
the hope of obtaining greater benefits, such as, for example,
case of Carbanak, considered the biggest cybernetic theft in
history, and directed directly against the banking institutions
of several Eastern countries (see this article for
recommended reading: https://securelist.com/the-greatbank-robbery-the -carbanak-apt / 68732 ).
Therefore, we could classify the attackers and their threats
in corporate or personal.
3.3.3. By ecosystem
At this point we are going to relate threats to the three
main mobile ecosystems today. As always, this analysis is not
intended to be an absolute reference and there may be cases
completely outside of these trends, but they can be taken as
guidance to understand the challenges and advantages that
each mobile platform poses to its attackers.
3.3.3.1. Android
Given that Android is by far the most widespread smartphone
operating system, especially in the domestic sector, and since
several studies report that the malware created against
Android exceeds 95% of all known mobile malware, it is safe
to say that the ecosystem Android concentrates the largest
amount of digital criminal activity against mobile ecosystems
(see https://securelist.com/analysis/publications/66978/
mobile-cyber-threats-a-joint-study-by-kaspersky-lab-andinterpol/ ).
To a large extent, another cause is the ease with which you
can publish a mobile app in the Android market, since it is
enough to have a Google account, which does not check
personal data and does not offer a real guarantee that there
is a known and reliable identity behind the developer of the
app.
This lack of control over the quality and security of
applications is being reviewed and improved by Google,
applying new mechanisms such as "google play bouncer",
although it does not yet have high reliability when it comes
to detecting malicious applications, as exemplified by this
article of recommended reading in hispasec: http://
unaaldia.hispasec.com/2012/07/malware-logra-eludir-denuevo-el.html .
Security deficiencies
In addition to the demographic and ecosystem issues of
applications that favor the existence of security threats in the
form of malware and the like, the internal design of Android
has demonstrated numerous security deficiencies throughout
its development that increase the risk even more.
While this is normal in any platform and have been solving
their problems in successive versions, there has been an
extensive trace of terminals that, having a more modest
technical specifications, can not properly handle newer
versions of Android. These terminals are left with old versions
of the operating system; they will never receive software
updates and, therefore, they will not be able to see their
vulnerabilities resolved.
This phenomenon is what is known as "fragmentation" of
the Android ecosystem.
Android is not as accepted as other platforms at the
corporate level, but it still has a significant market share, so
it can not be ruled out that it is an objective of interest for
attackers who seek to impact against companies.
The most recent version of Android (Lollipop) introduces
many changes and improvements both in terms of security
and integration level with the needs of the company, so it is
called to improve their situation regarding their problems
mentioned in this section ( http : //www.zdnet.com/pictures/
android-5-0-lollipop-embraces-the-enterprise .
3.3.3.2. iOS
While it is not the ecosystem with the largest market share,
iOS is the second option (see the IDC report at: http://
www.idc.com/prodserv/smartphone-os-market-share.jsp )
and therefore It is of less general interest to the attackers,
but still interesting enough from the point of view of the
number of users that can be impacted by a threat.
Even so, the fact that the iOS ecosystem has strict identity
control policies for application developers, and that economic
fees are paid to be able to develop, hinders the fact that any
low level organizational attacker (solo people, small groups
with few resources) dares to try to make any type of attack
or threat through the ecosystem of applications, either
against the home user or against the corporate user, so that
the incidents, although they exist, are scarce comparatively
speaking .
By trend, iOS enjoys a good implementation at the business
level (58% of companies according to McAffee report: http://
fortune.com/2013/04/14/android-gets-97-of-malware-appleios -58-of-enterprise / ), among other things because its
architectural design is safer and because its portfolio of
management tools and control designed for the company
(such as a good integration with MDM servers, which we will
see in other teaching units) It is broad, clear, concise and
well thought out to cover those needs.
In case of other security problems not so directly related to
digital attackers, such as the theft or loss of the terminal, iOS
also offers a cryptographic mechanism to protect all of the
data that, while not perfect, is one of the more advanced in
terms of mobile ecosystems (we will see later in the
corresponding didactic unit).
3.3.3.3. Windows Phone
Windows Phone is also a widely used option in corporate
environments, although the possibility of installing
applications from unknown sources increases the
probabilities and possible vectors, but it would be somewhere
between iOS and Android since it is not as popular. Its
implementation is less and, therefore, less attractive to
cybercriminals.
As regards an Android system, if it has not been
conveniently prepared for corporate use with the latest
available technologies and robust configurations and policies,
it also presents more probabilities of exploitation through
malicious apps, extraction of data in case of theft,
etc. although its tendency is to approach the security level of
iOS through a process of continuous improvement.
Although no absolute conclusions should be drawn at any
time, the trend indicates that companies and organizations
that bet on iOS enjoy a high level of reliability in terms of
apps or physical security as potential vectors of threat, and
that is why that the criminals with corporative objectives (in
tendency, it is not possible to generalize) look for other
points of entry, outside the mobile terminals.
3.4. Interrelation between physical
security and digital security
When it comes to terminals and mobile ecosystems, there
are borders that blur with respect to traditional ideas that are
customary to apply in networks of computers and
servers; circumstance especially given by the fact that
mobile terminals have absolute mobility, and are not
physically tied to an office or similar. Therefore, the principles
of physical security that are normally applied in a workplace
and that by extension fell to the security of the devices that
were inside it, now become insufficient.
It is generally accepted that the most important asset that an
individual or person owns in their devices is their
information. With it, an attacker can take economic
advantage or harm us in some other way. In the case of
individuals, digital reprisals are increasingly common,
stealing photos and other sensitive and committed
information to publish on-line. In the case of corporations,
traditional industrial espionage is exacerbated with new
digital tools, and information gaps relating to customers'
credit cards become a very serious risk that must be avoided
(see cases of data theft). customer credit cards, such as the
company Target, in this release from the same company,
recommended reading:https://corporate.target.com/about/
shopping-experience/payment-card-issue-faq ).
As we can suppose, the repercussions in the "real" world
from a "digital" commitment are inevitable in cases like
these.
We can also observe the inverse case, where a
commitment that begins being "physical", such as theft or
loss (even if temporary) of terminals, can serve as an entry
vector for a theft of digital data by a malicious actor. In the
event that said data or the terminal is encrypted and said
encryption is protected using mechanisms such as the PIN
and personal keys (which we will see below), the probabilities
are minimized. And hence the importance of analyzing how
security mechanisms are implemented, which we will review
later.
IV. Passcodes
Few things are so critical nowadays that the information
that users keep on their mobile devices (personal data,
passwords, bank details, digital certificates, etc.) is
compromised. In case of loss or theft of a smartphone or
tablet, the owner does not want for anything that the
information stored in it ends up in the hands of another
person. And one of the first barriers to avoid it is the
activation of the screen lock of the device using
a passcode .
As of today, the main mobile platforms implement three
different types of passcodes:
PIN
It is the typical personal code of four numerical digits also
used to unblock the SIM cards or allow the payment by
means of a credit card. They are very easy to remember, but
nevertheless, in the case of mobile devices, the PIN should
be disused, since it is a four-digit number (0000-9999) very
vulnerable to attacks by brute force. As we will see later, if
the device falls into the hands of a person with certain
computer skills will have no problem in hacking. Obviously
that will depend on the device model.
Password
another type of passcode is the password; more secure than
the PIN, but being of variable length and selected by the user
may have similar weaknesses. It is an alphanumeric
passcode that can also contain special characters. To
guarantee an optimal level of protection, every password
should have a minimum length of between 8 and 10
characters, contain uppercase and lowercase letters,
numbers and some special character. For this reason many
platforms, applications, services, etc., require that the
passwords chosen by users comply with certain patterns
(length and type of characters).
Sliding pattern
The third type of passcodes is relatively modern, since it
appeared with the use of capacitive touch screens, although
it is not as safe as a good password. It is about defining a
sliding pattern on the screen of the device in order to join
some (minimum four) of the nine points shown (3x3). At the
code level each of the points is numbered from left to right
and top to bottom (0-8), so the pattern is coded indicating
the points by which the finger is passed. A pattern can pass
over one of the nine points more than once, but only the first
step will be considered.
Two example patterns
The first would be coded as 104358 and the second as
104257368.
Keep in mind that the shorter the pattern used (in most
cases at least four points have to be added), the weaker the
protection. Therefore you must use patterns that pass
through almost all the points of the mesh, and thus have a
passcode of between 7 and 9 numeric digits. Obviously, the
longer and more complex the pattern the safer it is.
[1]: https://possiblywrong.wordpress.com/2012/07/28/
security-of-the-android-pattern-lock
4.1. Expiration and reuse history
A security measure sometimes adopted by mobile
platforms and usually do many services that authenticate
users through passcodes, is to provide the passcodes
selected by users with a useful life time. In this way, after
said time, the user is obliged to change his passcode. Oddly
enough, this measure can provide many advantages, since it
prevents users from using the same password for most of
their accounts, devices, etc .; and as a consequence, in case
of spoliation of the passcodes of the database of another
service, an attacker does not obtain access to your device, to
another application or service, etc.
Following this same line, sometimes a security measure is
added, forcing users to not be able to repeat a previously
used passcode when making a change. In this case the
operating system, the application, etc., keep a record with
the last n passcodes used by the user and before making a
change, check if it is a reused passcode. Obviously, from the
user's point of view, these measures will be making life a bit
more complicated, but you have to think that they are
introduced for your safety.
4.2. Maximum attempts of use
With the intention of preventing an attacker from guessing
a passcode based on performing n authentication attempts
(brute force attack), mobile platforms usually limit the
number of failed attempts that can be made. In this way,
reaching that maximum number of unsuccessful attempts,
the device will normally be blocked; although nowadays there
are also cases in which you can configure a total autodeletion of the device's memory as an advanced security
measure.
4.3. Attacks
The simplest attack, and that a priori may seem a bit silly,
is based on studying the physical marks that are on the
screen of the device to attack. It is called Smudge Attack ,
and is usually carried out by taking a picture of the screen of
the device and playing with the colors, brightness, and the
negative of it. Although it may not seem like it, you can get
very good results.
Unfortunately, apart from the stains that users leave on the
screens of their devices, there are also many known bugs
that mobile platforms have and that allow an attacker to skip
passcode verification. Not all bugs allow the same level of
access, and practically none of the total access; but likewise,
some allow access to the user's contacts, others to the call
history, to the photos stored in memory or to the calling
application. So once again, we see that it is convenient to
keep our devices updated and protected from most of these
bugs.
Many versions of mobile platforms have been and are
vulnerable to brute force attacks due to other
vulnerabilities. Some Apple devices allow you to perform a
brute force attack by using a physical keyboard connected to
the device (or software that emulates it). After several failed
attempts the iOS operating system disables the virtual
keyboard of the device, but not the physical keyboard
connected to it. Having the delete option enabled after 10
failed attempts could make the attack difficult. However,
vulnerability CVE-2014-4451makes this security measure
useless. This video https://www.youtube.com/watch?
v=meEyYFlSahk It shows how an attacker can unlock an
iPhone in about 30 seconds using the IP BOX tool based on
the vulnerabilities just discussed.
4.4. Biometric alternative
One of the safest alternatives to passcodes, and which we
have already started to see frequently in the market, is the
use of biometrics; face recognition, fingerprint, iris, voice,
etc. Although for now, the most used in mobile devices to
unequivocally identify the user are the fingerprint sensors.
The two pioneers in this field were the Apple Touch ID and
the Samsung Finger Scanner , in that order. Two capacitive
readers that provide a high level of security and
usability. Being capacitive can not be deceived by the use of
photographs, and they are also able to distinguish
fingerprints even when the finger is dirty, painted or stained
(always up to a certain point, of course).
In terms of security, it is very important that the
implementation of a system of this type is carried out taking
into account the sensitivity of the data handled. It is not the
same to store a password that unlocks a Smartphone that
stores the data that identifies the fingerprint of a person,
which could be used to perform very critical operations. For
this reason, the user's biometric data must be stored in
secure memory areas. Obviously, the ideal would be to save
some information related to the biometric data, allowing the
user to be authenticated, but ensuring that the inverse
operation can not be performed and obtain the fingerprint
from the stored data.
In the case of the Touch ID, Apple does not save the
fingerprint image, but keeps a mathematical representation
of it. In addition, as we will see later (Teaching Unit 5), this
data is stored in the secure enclave ( Secure Enclave )
inside the chip A7 and later, which are only consulted by the
chip itself and not by the operating system (iOS) or the
applications.
In the case of the Finger Scanner, Samsung also keeps a
partial pattern of the fingerprint, so that a fingerprint can be
recognized unequivocally. As we will see in Unit 3, this
information is stored in the Trusted Execution
Environment (TEE) and in no case does it leave
it. The TEE is the hardware-based security mechanism that
uses the Android platform.
4.4.1. Applications
The fact of unlocking a smartphone or tablet using your
fingerprint allows the device to automatically identify you as
a person, since a biometric feature is unique to each user
and a passcode can be shared with more people. Therefore,
from this moment a wide range of possibilities opens up
when it comes to providing security to certain operations, or
improving the usability of the system.
In the case of Samsung, the first utility that was given to
the fingerprint scanning system, apart from unlocking the
devices, was to authenticate the user in his Samsung
account. From that moment, many other services followed
the example, which provides security and usability. LastPass
(online password manager) is a concrete case of using the
Finger Scanner to authenticate the user in a third party
application / service. In contrast, FingerSecurity is the first
application that allows you to use the Finger Scanner to
protect the installed applications that you choose. Finally, and
in all safety, the star use case is the ability to pay for your
purchases with PayPal only by passing your fingerprint
through the reader of your device.
V. Blocking, deletion and progressive disabling
In case of loss or theft of a device, and depending on the
information it contains, a good security measure would be to
block and / or remotely delete it. Both iOS and Android, such
as Windows Phone, implement the possibility of performing a
remote erasure of the devices that run these operating
systems. In this way, once the decision is made, the data
that was saved in the device will not be compromised.
However, the moment in which the user realizes that he
does not have his mobile device and makes sure that it has
been lost or stolen, perhaps it is too late and the attacker has
extracted the data from the device. For this reason, an
additional security measure would be necessary. This
measure consists in having a policy from which the device is
blocked and / or deleted locally in case the platform detects a
certain number of failed attempts when entering the
passcode. In the case of the iOS platform, in most of its
versions you can configure this measure; and this is applied
once the operating system detects 10 consecutive and failed
attempts to introduce the passcode. In Android there is also
the measure, but it is usually applied after 20 failed
attempts.
Even so, it seems that these security measures are not
sufficient, so in some cases the following intermediate
security measure also applies. This measure consists of,
before blocking or deleting the device entirely, perform a
series of temporary blocks based on the number of failed
attempts made by the user. For example, in iOS, after a user
makes six failed attempts the device is blocked for 1
minute. In case of making a seventh fault it will be 5
minutes, after the eighth 15 minutes, and after nine
unsuccessful attempts it will be blocked for 1 hour. Finally, if
a tenth failure is made, the device will be blocked or deleted,
depending on how it is configured.
This last measure (the progressive disabling of the device)
is a good way to prevent, or rather hinder, attacks by brute
force. But it will never be as effective as applying the
blocking mechanism. The case of the erase mechanism is
different, since we do not prevent access to the device by an
attacker, but leave the device configured as it comes from
the factory. This means that our data will not be
compromised, but our device can be used. In this case, we
must bear in mind that, in case of recovering the device, or
not having really lost it, it would be advisable to have a
backup to restore the system as we had before.
SAW. Application stores
The appearance of mobile platforms iOs, Android and
Windows Phone, among others, brought us the appearance of
what we know today as Stores of applications. The official
place of each of the mobile platforms to be able to download
(free or paying) applications compatible with your operating
system. These applications can be developed either by the
manufacturer itself or by other companies, or even by
independent developers. This opened a gateway to the
system that was soon taken advantage of by the
attackers. In this way, we have moved from an approach
based on the use of remote exploits to another based on the
escalation of privileges within the devices.
Each of the stores has its own policies and security
measures, but what is common to all is that if they want to
keep the platforms safe, their owners must be able to
identify the developers of the applications and check the
integrity of the same, as well as analyze the applications that
are trying to publish. For this we must distinguish between
two different control mechanisms: the use of digital
signatures and the use of application approval
mechanisms. From now on, we will use the cases of the most
popular stores to describe their behaviors.
6.1. Signature of applications
All applications available in the Apple Store must be
signed by its developers using digital certificates issued by
Apple. In this way, Apple verifies the identity of the
developers and guarantees the integrity of the applications
that are to be published. In this case the security lies in the
verification of the certificates.
In the case of Microsoft ( Windows Phone
Marketplace ), this also requires that all the binaries of the
applications to be distributed are signed, but with a
particularity, and that is the same who signs the applications
that the developers have previously sent him.
Google requires that all applications that are published
on Google Play must be signed by its developers using
digital certificates, as it uses the certificates of the
developers to identify them. However, these certificates are
not verified at any time. In fact every developer self-signs his
certificate. Obviously, this way of working does not provide
the security measures that are expected of a system that
uses digital certificates. In fact, it does not provide any
security. Certificates are only used to relate applications of
the same developers and their updates.
6.2. Approval mechanisms
In iOS and Windows Phone, closed stores are used, totally
controlled by Apple and Microsoft respectively. In these cases
the developers must send their applications to validate by the
owners of the stores and wait for them to be approved for
distribution. Applications are not published if they do not
exceed exhaustive controls at the level of security, usability,
performance, etc.
In Android we have an open store, so practically any
application can be published for download. As we have said
before, Google only requires developers to use a digital
certificate, which is self-signed, and thus perform a first level
of control by comparing certificates. Therefore, taking into
account the inefficiency of its security measures, Google Play
may have malicious applications available for
download. However, this situation is being fixed by the
application of other a posteriori security measures, such
as Bouncer .
6.2.1. Bouncer
Bouncer is a software scanner, created by Google, to search
for potentially malicious applications within Google Play. This
scanner can analyze new applications, existing applications in
the store, updates of the same and even accounts of the
developers. Once Bouncer starts an analysis, first of all it
looks for malware , spyware and Trojans known. Then it
analyzes the behavior of the applications in search of
suspicious behaviors, and compares them with other
applications previously analyzed to detect possible hot
spots. All applications run on the Google infrastructure
simulating their execution on an Android device. In this way,
malicious behavior is sought. As we have also
commented, Bouncer analyzes new developer accounts to
help prevent developers that previously generated malicious
or offensive applications from returning to Google Play.
VII. Encryption algorithms and
security protocols
Mobile devices, like any other device connected to the
Internet, must protect the information stored inside them, as
well as the information they transmit to other devices,
servers, etc. For this, hundreds of encryption algorithms have
been defined, which provide confidentiality of the data, and
hundreds of other security protocols, which provide, using
encryption algorithms among others, secure communication
channels.
However, all that glitters is not gold, since these
algorithms and protocols must be implemented for their use
using different programming languages, which, in many
cases, causes vulnerabilities that on paper did not exist. So it
is very important to always use libraries that have been
tested and used by a considerable community of experts in
the field, and make use of them properly; since unfortunately
there are too many cases where this has not been done well.
As for the cryptographic libraries available in the different
mobile platforms, these vary in each case:
Windows Phone
Windows Phone provides its own cryptographic library, with a
great variety of encryption algorithms, signature, etc. and
security protocols such as SSLv3 or TLSv1.2. They even
implement cryptography based on elliptical curves. The name
of the library is "Cryptography" and here https://
msdn.microsoft.com/en-us/library/windows/apps/xaml/
windows.security.cryptography.core.aspx can see each and
every one of the algorithms and protocols implemented.
Apple
Apple also provides its own cryptographic library, the
CommonCrypto library. In this way, Apple controls the
implementations of the protocols and algorithms used by the
applications on its platform, in the same way it tries to do in
all fields.
Android
The case of Android is totally different, where we have
several cryptographic libraries available, and some optimized
to work on the Google operating system. Some of the most
used are Android OpenSSL, Bouncy Castle, Spongy Castle (a
version of Bouncy Castle optimized for use on Android) and
Crypto.
7.1. Internal data encryption
Nowadays, practically all platforms for mobile devices
support the complete encryption of the memory of the
device, which provides an extra level of security before the
loss or theft of the same, since, if a thief / attacker manages
to access the data of the device through forensic techniques,
will not be able to understand them. In this case, the security
lies in the encryption algorithm and the length of the key
used.
For example, in the case of iOS, the AES encryption
algorithm is used and the length of the keys is 256 bits,
which provides a high level of security. In the case of
Android, the same algorithm is also used, but the length of
the keys is 128 bits; combination that is also safe today [6].
On the other hand, it is also important to note that both
platforms keep encryption keys safe thanks to the use of
protected areas of the device through hardware. These
secure environments store the keys and also perform the
cryptographic operations, so that the keys do not have to be
extracted at any time. Only the operating system can order
its use and as long as the screen of the device is unlocked.
As for the security copies made by a device, in most
platforms it can also be done using data encryption. In this
way, if the copy is stored in the cloud, and for some reason is
compromised, no one who does not have the password of the
user that generated it will be able to read the data.
Finally, to say that the security of the data is always
subject to an attacker not knowing the passcode used. In this
case it could be passed as the user and the data encryption
would not be worth anything.
7.2. Secure Sockets Layer (SSL) /
Transport Layer Security (TLS)
The SSL protocol , and its more modern version TLS , are
probably the most widely used secure general-purpose
protocols on the Internet today. These two protocols, and
some others ( PCT , S-HTTP , etc.), were designed to
provide security to TCP connections that
use HTTP , FTP , IMAP , LDAP , etc. protocols . However,
unfortunately, there are too many applications that misuse
the implementations of these protocols, or the libraries that
poorly implement their operation, leaving security holes.
SSL / TLS creates a secure channel (session) between two
remote devices (client and server), independently of the
platform that is being used below, and in a transparent way
for the user. An SSL / TLS session can be composed of
multiple connections, and a single device can establish
multiple SSL / TLS sessions simultaneously.
Summary
By way of summary, SSL / TLS operates in the following
way:
•
It negotiates the use of a certain encryption algorithm
and safely exchanges a session key.
•
Establish a secure channel using the negotiated
encryption algorithm and the exchanged key.
•
Generates an authentication code [ Message
Authentication Code (MAC) ] for each fragment of the
data to be transmitted.
•
Transmit fragments and concatenated and encrypted
MACs.
Note that the MAC algorithm is used to provide data
integrity.
Digital certificate
Normally the SSL / TLS server is configured with a digital
certificate (pair of asymmetric keys). In this way the client
can verify that the server is using said certificate during the
negotiation protocol. But keep in mind that anyone can
generate a certificate with an associated key pair, and the
fact that the server is using the key pair associated with the
presented certificate does not guarantee anything. For this
reason, the servers must use certificates issued (signed) by
trusted certifying entities (CA), in which the clients trust
(they are configured with a list of the CAs they trust).
Man In The Middle (MITM)
Therefore, the security of SSL / TLS connections to an active
attacker depends on the correct validation of the certificates
used by the servers in the establishment of these
connections. But unfortunately this has not been taken into
account in many cases. In article [7] you can see how the
validation of SSL / TLS certificates has been hacked / mocked
in many security-critical applications and libraries. Therefore,
in those cases, an active attacker will be able to intercept the
data transmitted through the network by either of the two
parties involved in the communication [ Man In The
Middle attack (MITM) ].
The main cause of these vulnerabilities is the bad design of
the APIs of the SSL / TLS implementations (such as OpenSSL
or GnuTLS) and the data transport libraries (such as cURL),
since in many cases they provide a set confusing of
configurations and options that have to be used by
developers.
7.2.1. Attacks in SSL / TLS
7.2.1.1. MITM (Man In The Middle)
In an MITM attack , the attacker intercepts the traffic
generated by the device towards the server and from the
server to the device, and from there can adopt three
different attitudes: be a passive attacker and only "listen" to
the communication between the two parties, Intercept data
from the server to modify or replace it with malicious data to
be injected into the application, or redirect traffic to a
destination controlled by it.
7.2.1.2. POODLE (Padding Oracle On Downgraded Legacy Encryption)
Assuming that version 3.0 of the SSL protocol is vulnerable
and communications can be decrypted
( CVE-2014-3566 ). The POODLE attack [8] takes advantage
of two situations. The first is that many superior
implementations of SSL, or TLS, are still compatible with that
version of SSL. And the other is that when a secure
connection attempt fails, the connection is established using
an older version of the protocol. Therefore, if an attacker is
capable of causing a connection failure, it can also end up
forcing the use of SSL 3.0 and performing the relevant
attack.
Unfortunately, in this article https://www.imperialviolet.org/
2014/12/08/poodleagain.html theyreport that some TLS
implementations are also vulnerable to the POODLE
attack. Therefore, it is important to note that any version of
the SSL / TLS protocol smaller than TLS 1.2 [9] can be
cryptographically broken.
7.2.2. Countermeasures
Because the vulnerabilities found in the SSL / TLS protocols
have not been few, many have been the techniques or
mechanisms proposed to avoid security problems.
A specific example is that of Google, who has implemented
a mechanism to control updates of its own components,
more specifically the Security Provider. As of Android version
5.0, Google Play services check whether the device's Security
Provider is updated before establishing an SSL / TLS
connection. In this way, known problems of previous versions
of these protocols are avoided.
7.2.2.1. Nogotofail
Nogotofail is an open source tool developed by Google,
which is used to verify the level of security of applications
and devices against the known vulnerabilities of SSL / TLS
protocols.
It is an automatic, powerful and scalable tool, which is
available to be used in multiple platforms, such as Android,
Windows, Windows Phone, Linux, Chrome OS, OS X or iOS.
Nogotofail is useful for three purposes mainly:
•
Find bugs and vulnerabilities
•
Check corrections and detect backward steps.
•
Understand what applications or devices are generating.
For more information you can access the project
page https://github.com/google/nogotofail
7.2.2.2. Pinning
Because the weakest point of the SSL / TLS protocols is the
certification chain, the pinning technique has emerged in
order to prevent an application from being tricked by the use
of a fraudulent certificate.
This technique simply consists of saving the pins of the
valid certificates of certain servers. These pins are usually
hardcoded in applications and are nothing more than a
cryptographic summary (hash) of the public key (and
algorithm information used) included in the certificates. The
time that the certificates are remembered is determined by
the updates of the application.
This technique is not a problem in itself, but because in the
first implementations an application must have hardcoded all
the certificates that it trusts, in the long term it will be
unsustainable and will provide very little flexibility and
p o w e r. F o r t h i s r e a s o n t h e n e e d t o i m p l e m e n t
a dynamic pinning , that is, to add and remove certificates
without having to update the applications, has arisen .
7.2.2.3. HSTS (Strict Transport Security)
HSTS [10] is a security mechanism that allows web servers
to declare themselves accessible only and exclusively through
secure connections. Once a web server is configured with
HSTS, it will use a special field in the HTTP response header
called "Strict-Transport-Security" to inform clients.
7.3. VPN (Virtual Private Networks)
A VPN network allows to establish a secure connection
through the Internet between two private networks, which
could be thousands of kilometers away, so that they look like
one. In one of the networks is the client and in the other a
VPN server, and between them an encrypted tunnel is
created through which the data travels. This technology is
widely used to connect two or more branches of a company,
or simply so that the workers of the company can work from
anywhere in the world as if they were physically in it.
Another purpose for which this technology is also being
widely used is to avoid regional blockades on the
Internet. There are applications (for example, Hello Free
VPN) that allow you to connect a device to your VPN servers
for free, and thus navigate as if we were in any of the
countries where they have servers. However, one must take
into account a characteristic of VPN networks, and that is
that by default they filter all the traffic generated by the
device. So if you enter a service such as Netflix or YouTube
nothing happens, but if you enter your bank account or use
any other service that handles sensitive information you may
not want those applications handle such data.
Today there are a variety of VPN protocols, however not all
are equally safe or provide the same characteristics. For
example, the PTPP protocol is insecure, since its encryption
algorithm has been broken and an attacker can access our
data traffic. Regarding the most used and safe VPN protocols,
we must highlight two, the IPsec and OpenVPN protocols, the
latter based on the SSL / TLS protocol, which are supported
by most mobile platforms. In fact IPsec is natively compatible
with Windows Phone, Android and iOS. In terms of security,
both protocols authenticate the two parties of the
communication (client and VPN server) by user and
password, or digital certificates, depending on how the server
is configured.
VIII. Summary
Nowadays, mobile platforms are oriented to the use of
applications and not so much to the use of web
platforms. Therefore, other security problems have arisen /
increased. The main problem that has existed for a long time
on the Internet is the existence of malware, viruses and
Trojans; software that is installed on our devices and
performs malicious and / or fraudulent actions behind our
backs. Before, this software came to our devices via Web
platforms, which was not easy for the attackers; but
nowadays, with the use of so many applications they have it
much easier. The applications themselves can be the
malware, virus or Trojan of turn. For this reason the stores of
applications have had to put strong measures to limit the
existence of this type of applications. Some have been
stricter,
Regarding the security of the information stored in a device
in case of loss or theft, there are two levels of
vulnerability. First of all, the passcode used to unlock the
screen of the device can be hacked, although the use of a
strong alphanumeric password can make a brute force attack
need a lot of time to succeed. However, regardless of
whether the attacker can get the passcode used or not, the
data is still stored on the device, so an attacker with the right
forensic equipment and enough patience can get it removed
unless it has disk encryption. full activated.
On the other hand, we have a wide variety of cryptographic
algorithms and security protocols to develop and protect
applications and devices. However, all these tools have a
weak point, and that is that on paper can be safe but when
implemented is easy to make mistakes. And that is exactly
what, unfortunately, is happening quite generally.
IX. Referencias
• Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM. Smudge
•
Attacks on Smartphone Touch Screens. 4th USENIX
Conference on Offensive Technologies; 2010.
Apple. Use Touch ID on iPhone and iPad. Disponible
en: https://support.apple.com/en-us/HT201371.
• Apple. About Touch ID security on iPhone and iPad.
•
•
•
•
•
•
•
•
Disponible en: https://support.apple.com/en-us/
HT204587.
PayPal. Pague de forma sencilla y más segura. Disponible
en: https://www.paypal-pages.com/samsunggalaxys5/es/
index.html.
MSec. Apple iOS Hardware Assisted Screenlock Bruteforce.
Disponible en: http://blog.mdsec.co.uk/2015/03/
bruteforcing-ios-screenlock.html.
Rouse M. Advanced Encryption Standard (AES); 2014.
Disponible en: http://searchsecurity.techtarget.com/
definition/Advanced-Encryption-Standard.
Georgiev M, Iyengar S, Jana S, Anubhai R, Boneh D,
Shmatikov V. The Most Dangerous Code in the World:
Validating SSL Certificates in Non-Browser Software. ACM
Conference on Computer and Communications Security;
2012. Disponible en: https://docs.google.com/document/
pub?
id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew.
Möller B, Duong T, Kotowicz K. This POODLE Bites:
Exploiting The SSL 3.0 Fallback; 2014. Disponible
en: https://www.openssl.org/~bodo/ssl-poodle.pdf.
Dierks T, Rescorla E. The Transport Layer Security (TLS)
Protocol Version 1.2.Request for Comments (RFC) 5246;
2008. Disponible en: https://tools.ietf.org/html/rfc5246.
Hodges J, Jackson C, Barth A. HTTP Strict Transport
Security (HSTS). Request for Comments (RFC) 6797;
2012. Disponible en: https://tools.ietf.org/html/rfc6797.
Egele M, Brumley D, Fratantonio Y, Kruegel C. An Empirical
Study of Cryptographic Misuse in Android Applications.
ACM SIGSAC Conference on Computer & Communications
Security; 2013.
Security in wireless
networks
introduction
Mobile devices and wireless networks form a unique
ecosystem, with characteristics and peculiarities that can
hardly be given in other cases. As its name suggests,
wireless networks do not use cables to transmit data, they
use air, a means of free access. Only this already leaves us a
somewhat special situation, and not easy to control.
In this unit we will see how some of the most widely used
and widely used wireless technologies nowadays in mobile
devices are protected against possible attacks and
illegitimate uses of them. Specifically, we will talk about Wi-Fi
networks, the most widely used wireless technology in the
world to provide Internet connectivity, and that has
presented many security problems in recent years, allowing
neighbors to connect to the Wi-Fi network you had at home
or others made you believe that you were connected to the
airport network when it was not like that. We will also talk
about the third and fourth generation mobile phone networks
(3G / 4G), which provide both voice and data connectivity,
and that fortunately have greatly improved their security
compared to the second generation (GSM). Another
technology widely used and implemented is Bluetooth, which
allows wireless devices to connect to each other, such as
headphones or hands-free with smartphones. Unfortunately,
these networks are not without problems, and we will see
them in due course. And, finally, the NFC networks (Near
Field Communication ), a relatively new and short-range
technology in wireless devices such as smartphones.
These networks have their particularities, but, undoubtedly,
they share one thing, and that is that in all of them there are
vulnerabilities and every day there are thousands of
attackers trying to take advantage of them.
II. goals
In this unit we will study the security in the most used
wireless networks in mobile devices nowadays: wifi, 3G / 4G,
Bluetooth and NFC. But, particularly, we will analyze which
security measures are implemented by each of the four
technologies and how they have evolved or changed over the
years. Also, we will try to identify the most known
vulnerabilities, both in previous versions and in the current
protocols, if any are known. And, finally, we will give some
details of how they can be attacked by exploiting some of the
mentioned vulnerabilities and also how, from the user's point
of view, we can avoid certain attacks.
III. Wifi
The IEEE 802.11 specification (ISO / IEC 8802-11) is an
international standard that defines the characteristics of a
wireless local area network (WLAN). Wifi (which means
"Wireless fidelity") is the name of the certification granted by
the Wi-Fi Alliance, previously WECA ( Wireless Ethernet
Compatibility Alliance ), a group that guarantees
compatibility between devices that use the 802.11
standard. Due to the misuse of the terms (and
for marketing reasons ) the name of the standard is confused
with the name of the certification. A Wi-Fi network is actually
a network that complies with the 802.11 standard. Devices
certified by the Wi-Fi Alliance are allowed to use this logo:
Since this technology allows connection to local networks
and the Internet without the use of cables, by extension it
becomes the means of data transmission par excellence in all
modern mobile devices, so it is convenient to analyze this
chapter in depth.
3.1.Terminology
To correctly advance the contents of this teaching unit, it is
necessary to previously explain some terms related to Wi-Fi
technology.
It is said that a Wi-Fi network is ad hoc when two or more
devices send the data packets in a decentralized manner,
expecting them to reach each and every one of the recipients
without an intermediate access point being in charge of
managing all the traffic. It is the typical case of two PCs that
connect to each other, as if they were connected by a cable
between them. This type of wifi networks is not what we
would see in domestic installations (where there are routers
with Internet access that centralize traffic and control access,
among other things) or in companies (where there may be
more complex networks of Wi-Fi hotspots connecting wireless
parts and wired parts).
An ad hoc network works when all the terminals involved
have previously agreed on a channel, a network name, a
security type and a valid security key.
Infrastructure mode, in contrast to ad hoc mode , is
typically found in wifi networks of homes and businesses. It
corresponds to a device that is responsible for "building" and,
optionally, announcing the existence of the Wi-Fi network
with certain given parameters of speed, type of security,
etc. The device that is responsible for raising the
infrastructure in a home or small installations is the router,
which in its current versions already integrates Wi-Fi
technologies.
For the purposes of this course, all the time of networks in
infrastructure mode will be talked about, since they are the
most common and those that allow to exploit 100% the
possibilities of wifi technologies and security mechanisms
used in them.
3.2. MAC
In the Wi-Fi networks, although there is no "physical" link
in the strict sense, as in its predecessors, the conventional
ethernet cable networks, there is a control of each and every
one of the terminals involved, so that each package of data is
marked by a recipient that allows each of the terminals
connected to the Wi-Fi network to know if a certain data
package is for him. For this, the concept of "MAC address",
inherited from ethernet networks, is still used to identify each
and every one of the devices that are connected to the Wi-Fi
network univocally.
BSSID
The BSSID, acronym for Basic Service Set Identifier , is the
name that receives the unique identifier of a device that has
created a Wireless network in infrastructure mode. In reality,
it is the "MAC address" of the device that is creating such a
network, so in the case of a router or a wireless access point,
it is common to exchange both words to express the same
meaning.
ESSID
The ESSID ( Extended Service Set Identifier ) is a friendly
name assigned to a Wi-Fi network so that users can identify
it easily and so that two networks in infrastructure mode can
not be confused when they coexist in the same radioelectric
space. Like the BSSID, this data must be included in all the
packets that are sent through the radioelectric spectrum to
identify them as part of that network. The code consists of a
maximum of 32 characters, which most of the time are
alphanumeric (although the standard does not specify it, so it
can consist of any character). All wireless devices that try to
communicate with each other must know and share the same
SSID, much easier to access and consult than other more
technical data, such as the BSSID.
Beacon frames
The Beacon frames contain all the information about the
wireless network and (unless expressly indicated by the
administrator of the network) are transmitted periodically to
announce the presence of the Wi-Fi network, as well as its
characteristics.
Beacon signal
A beacon signal consists of various data such as:
•
A MAC address header.
•
Timestamp or time with which the stations are
synchronized.
•
Beacon Interval or interval between transmissions.
•
SSID.
•
Network capabilities, such as ranges of speeds and types
of security supported.
Given that these beacon signals, constantly broadcast,
expose the existence of a Wi-Fi network, as well as its basic
characteristics, it is considered a small increase in security
risk, since a malicious actor can search for targets using a
Wi-Fi network scanner and Find such a network as a possible
victim. That is why, on certain occasions, network
administrators disable the sending of the network name
within the beacon signals for security reasons, leaving the
network partially invisible to a simple network polling, since
its name can not be guessed, it can only be detected (using a
Wi-Fi network scanner) that a network exists and that it has
data traffic.
Probe request
It is called probe request to the attempts of a Wi-Fi
terminal (PC, smartphone, etc.) to find out if a certain Wi-Fi
network with a name and characteristics that are known is
available at a certain moment.
This is used for a terminal to find a Wi-Fi network for which
it already knows the key (normally, the Wi-Fi network of the
user's router when it comes to their home, or of their
company network when it comes to the workplace).
3.3. Wifi network scanner
A wifi network scanner is a software that allows you to
capture all the existing information in the wireless radio
space, listing detected networks, their characteristics,
whether they are ad hoc or infrastructure, if there are
connected clients, how many are and what MAC address each
has , etc.
It is the basic tool for obtaining information and auditing to
know the status of a network or networks in an area. While
security auditors use Wi-Fi network scanners to identify and
correct risks, recognize the terrain to be audited, etc., a
malicious actor could use this tool to capture information
traveling through the network without proper encryption,
enumerate and identify Authorized users of a network,
choose possible victims, etc.
In Windows there are Wi-Fi network scanners
like NetStumbler , and in GNU / Linux the reference tools
are Kismet , or the Airodump-ng tool of the wifi security
application suite known as Aircrack-ng.
Screenshot of Netstumbler in operation
Screenshot of Kismet in operation
3.4. Non-efficient security mechanisms
The following security mechanisms can be considered nonefficient, in the sense that they can not successfully prevent
data theft or unauthorized access to the network.
3.4.1. Hiding the network
As we have said before, it is possible to disable the sending
of the name of the Wi-Fi network in the beacon signals,
making that no terminal can really connect to said network if
it did not previously know its name and is able to
demonstrate it by means of a probe request .
If a Wi-Fi network has disabled the sending of beacon
signals, it will still respond to a probe request that clearly
refers to it by name (ESSID), delivering at that moment a
visible response that could be detected by any other device
within reach and leaving it exposed during the process. This
happens in the same instant that a wifi device tries to
connect to a network that it already knows, and it is in range
at that moment; if a malicious actor was capturing network
traffic at that moment, he will have found out the name of
the network and can uncover it, or prepare complex attacks
against the network that require knowing his name in order
to be directed.
Tools like Kismet do this automatically, and if an exchange
attempt of connection of a client device happens, and then
the recognition and response by the router or access point,
Kismet informs the attacker through messages on the
screen. The network, which until now was marked
as , automatically goes to show the name that
the client's probe requests have revealed when connecting to
the network.
Another problem that exists with this mechanism is that a
malicious actor can crawl the network looking for probe
requests and get names of known networks in which our
terminal has been connected in the past, regardless of
whether these networks are available or not at a given
moment, since as a rule the terminals try to ask about the
ava i l a b i l i ty o f a l l t h e W i - F i n e t w o r k s t h e y k n o w,
launching probe requests that show a kind of history with all
the names of the known networks where we were in the
past.
3.4.2. Access control through MAC addresses
As we mentioned earlier, Wi-Fi devices share many features
of compatibility with ethernet networks, and the lower layers
of their design are, in effect, the same as in traditional
ethernet networks. That's why wifi devices also have a MAC
address, which in theory should serve to uniquely identify
each manufactured Wi-Fi device.
White or black list
The control of linking to a Wi-Fi network by checking its
MAC address with respect to a white or black list is inefficient
and relatively easy to circumvent. Wi-Fi devices have a
unique MAC address recorded in their internal memory, but
this MAC address is temporarily modifiable in a large number
of hardware combinations (chip that implements Wi-Fi
technology), software (driver that controls the
communication of the operating system with said hardware) )
and auxiliary tools.
In the case of blacklists where the MAC of our device has
been introduced, we only have to change to any other MAC
address.
In the case of whitelists where there is a delimited list of
MAC addresses that can enter the network, while the rest can
not, the procedure to circumvent the control requires to
previously find out a permitted MAC address of the whitelist,
which could be do in a previous phase of listening to the
network using a wifi network scanner.
Malicious actor
Once obtained one of the MAC addresses of one of the
legitimate clients that connect to the Wi-Fi network usually, a
malicious actor could alter the MAC address of his device to
c o p y t h a t o f t h e l e g i t i m a t e u s e r, t h u s b e c o m i n g
indistinguishable from the original for the systems of control
of the link layer, so it would be identified as allowed.
For more information, you can visit this article about the
MACCHANGER software for GNU / Linux: https://
iloo.wordpress.com/2009/11/28/macchanger-manipular-ladireccion-mac/
And, finally, like all the security mechanisms that work at
the link level, this alone does not prevent an attacker from
stealing data by listening to the transmissions between the
terminals connected to the network, even if said malicious
actor is not connected to the network. For this, more robust
additional security mechanisms are required, based on the
encryption of the data.
3.4.3. WEP
WEP, acronym for Wired Equivalent Privacy or " Wired
Equivalent Privacy " (sometimes misinterpreted as Wireless
Encryption Protocol), is the encryption system included in the
IEEE 802.11 standard as a protocol for wireless networks
that allows encrypting the information that is
transmitted. Presented in 1999, the WEP system was
designed to provide confidentiality comparable to that of a
traditional wired network and hence its name comes from,
although, from 2001, it was discovered that its security was
very fragile, several serious weaknesses were identified by
cryptographic analysts and nowadays a WEP protection can
be violated with easily accessible software in a few
minutes; therefore, it only serves as a mere deterrent to
unauthorized access to non-technical users.
WEP was disapproved as a wireless privacy mechanism in
2004, but is still documented in the current standard. We
review in detail its operation and the reason for its
vulnerability.
The secret key
WEP incorporates two levels of protection: a secret key and
another of encryption. The secret key is simply 5 or 13
characters that are shared between the access point and all
users of the wireless network. This key is of utmost
importance for WEP, since it is used to generate different
encryption keys from it, which are the ones that really
encrypt in a unique way each packet of information sent to
the network. The derivation of the encryption keys from the
secret key sought to ensure that, if a packet of data could be
deciphered in some way and find out the key with which it
was encrypted, the information of other packages could not
be deciphered or seen.
WEP defines a method to create a unique encryption key
for each packet using the 5 or 13 characters of the secret key
(previously shared), plus a pseudorandom prefix that is
changing for each packet. For example, let's assume that our
pre-shared WEP key is "abcde". Therefore, this "word" will be
concatenated with the pseudo-random value calculated for
each occasion, for example, "123" in the first case, to create
the encryption key "123abcde", which will be used to encrypt
the package. For the next package, the pre-shared key
"abcde" will still be used, but we will have another "prefix",
for example, "456", and the encryption key "456abcde" will
be created. This process will continue repeating during the
transmission of all the data, changing the prefix for each
package.
Encryption algorithm
Internally, the WEP security algorithm uses an encryption
algorithm called RC4 as a basis, as well as other operations
and previous calculations. The encryption algorithm RC4, in
turn, is supported by a mathematical operation at the binary
level called XOR. The XOR operation is a simple binary
comparison between two bits that results in another bit,
which takes the value 1 if the two bits are different, and 0 in
case both bits are equal, such that:
WEP is manipulable
From this example, it should also be taken into account
that, and this is where a serious problem derived from the
use of XOR would later be discovered to encrypt data, in the
same way that the result of the operation can be deduced by
comparing the first two columns A and B, the same can be
said of any of the original bits A or B . If we know the
value of one of the two original bits and the resulting
bit of the operation, we can deduce the other original
bit .
For example:
This is an important part of how and why WEP is
manipulable. RC4 is the encryption algorithm used to encrypt
the data sent through the waves. RC4 is a very simple and
fast encryption method that encodes each and every one of
the bytes of data sent in a packet. It does this through a
series of equations that have variables based on the
encryption key.
RC4 actually consists of two parts: the key planning
algorithm and the pseudorandom generation algorithm. Each
party is responsible for one step of the encryption process.
Key planning algorithm
The key planning algorithm, Key Setup Algorythm , is the
first part of the encryption process. From the first byte of the
key (including the initialization vector of the package, which
is three bytes), what the KSA does is to distribute and place
derived pseudo-random values in a matrix of values, thus
preparing the raw material with which then the PRGA will
generate a definitive flow key.
It is not an excessively complex process, simply some
mathematical operations are carried out, based on the preshared key, to obtain as a result a list of pseudorandom
values between 0 and 255. These values are going to be
used by the next RC4 element (the PRGA ) to obtain a bit
stream that will serve for the final encryption of the data.
It is important to remember that the KSA takes the bytes
of the key in order, one by one, to do its preparation
operations.
The pseudo-random generation algorithm or PRGA (for its
acronym in English Pseudo Random Generation Algorithm ) is
the part of the process of RC4 that generates a flow key for
each packet that is sent, based on the values that the KSA
has prepared to use them as a pseudo-random seed. This
bitstream will be the one used to encrypt the data of a given
packet, applying the XOR binary operation that we have
already seen.
As we have already mentioned, XOR only requires that we
know any of the two values involved in the operation to
know the third . In other words, if the clear text was
known, and since the encrypted data can be obtained with a
simple wifi network scanner, a malicious actor could deduce
the value that the PRGA has generated for that package.
It may seem that the assumption raised is not possible to
happen (an attacker will not know the data without
encrypting, precisely, that is why he is an attacker); however,
this helps break the cipher by statistical analysis.
Summary
In short, to encrypt a data packet:
Packet encryption process
The following graphic describes the process including the
systems for checking the integrity of the data:
Breaking WEP with its design weaknesses
Now that we understand the basic concepts of how WEP
works, let's review what are the main weaknesses that we
can unite to get information to break the encryption.
The initialization vector (IV) is sent as plain text with
the encrypted packet , because if not, the receiver has no
way of knowing what it is, and without it it could not know
with what final key of flow it must decipher a certain package
that receives . Therefore, anyone can easily discover this
information by capturing traffic with a Wi-Fi network scanner
and thus learn the first three bytes of the key used to
encrypt a packet.
Both the KSA and the PRGA have data leaks that can be
known and that take place in the first iterations of their
operation.
In the case of the KSA, we know what the loops of its
algorithm will do in the first three iterations; its algorithm
takes value by value the elements of the wifi key, to which
the three bytes of IV of the package that is being encrypted
have been put forward, to make the encryption key vary in
each packet. For the wifi key "abcde", and given a package
that has the IV "123", the wifi key for the packet will derive
from the expression "123abcde". We can not know what
values the KSA will take in the blue zone, but we can know
those of the red zone, since the IV is sent in clear, without
encrypting.
In the case of the PRGA algorithm, it always starts the first
iteration of its loop taking the values of the first element
from the list of pseudo-random values that the KSA has
prepared for it as a key. We do not know what value it is, but
it is the first one in the list of values and that its value will be
constant for the first iteration of the PRGA in each data
packet.
XOR allows knowing any third missing data when you have
any combination of two known data.
As we know, KSA aims to return an array of pseudorandom values from the Wi-Fi password of the package, and
this is done through a "shuffling" process. As the KSA was
designed, it has been found that there is a statistical
probability of 5% that the values of said matrix that are in
the positions S [0] S [1] S [2] S [3] do not change at all
after shuffling four times. In other words, a malicious actor
can predict the result of the KSA algorithm for those three
values with 5% of probabilities.
Although the data package is encrypted, we know that it
always contains internal headers of lower layers of transport
and communications, which are known and, although they do
not necessarily have to see WEP, accidentally introduce a
weakness in it. The first data value encrypted in a WEP wifi
packet is what is called the SNAP ( Subnetwork Access
Protocol ) header , which belongs to the IEEE 802.2
standard. Its value is always "AA" in hexadecimal, or 170 in
decimal.
This means, essentially, that once the first byte of
encrypted text is obtained by capturing packets with Wi-Fi
network scanners, it will be sufficient to do an XOR
against the value 170, and it will result in the first byte
of the flow key that has generated the PRGA.
In the WEP encryption process, it has been statistically
proven that, when an IV has a certain aspect, some
information can be deduced from it. It is what, in terminology
of wifi network cracking, is known as a weak initialization
vector and is recognized by a certain value in the first two
bytes that compose it (the third byte can be any value):
B + 3, 255
Where B is the byte of the Wi-Fi key that can be reached
with that package, due to the design weaknesses of KSA and
PRGA. Since we already know the first three bytes S [0] S
[1] S [2] because they are provided by the same IV, we
would begin to be interested in the bytes starting from the
position S [3], since it is from there where we would start to
find the wifi key configured by the network administrator. A
value of B = 3 would indicate a useful package to obtain the
first byte of the wifi key, a value of B = 4 would be useful for
the second byte, etc.
The value 255 of the second byte indicates that the KSA is
at a vulnerable point in the algorithm, so that package will
meet certain conditions that make it reveal useful
information to break the encryption.
Steps to follow
1. Now that these points are available, we are going to
unite them in the same way that a malicious actor would
do to crack the WEP security of the network.
2. Imagine that we are an attacker trying to enter our
network, and that we have a working Wi-Fi network
scanner with which we have captured an encrypted data
packet from our network. We obtain a package with an IV
that we identify as weak (3,255.7).
3. This IV indicates that the packet filters information
about the first byte of the Wi-Fi key.
4. With the bytes of the IV, you can perform the
calculation equations of the KSA until you reach the third
iteration, which is where the bytes of the IV end and the
bytes of the wifi key begin.
5. For the fourth loop of the KSA, where we do not have
everything necessary to follow the equations, we have to
resort to another weakness of the algorithms to obtain
more information to help us deduce what we lack: the
known data in the encrypted package.
6. Recall that the final step of the RC4 algorithm is to
make an XOR of the original data against the data
generated by the PRGA.
7. The first data byte always contains what is called the
"SNAP header", whose value is known and constant (170
in hexadecimal). Therefore, and given that XOR is a
bidirectional operation, we can take an encrypted packet
and deduct the first byte of the specific encryption key of
that package by simply doing an XOR against the value
170 in decimal.
8. Using a Wi-Fi network scanner to see what the value of
the first encrypted byte of the packet is, and doing XOR
against 170, we can get the value of PRGA against which
the original data was encrypted. As a result of knowing
the PRGA, we can do the PRGA equations backwards to
know the values that were fed from KSA, which will reveal
a variable of the KSA equation that was not apparently
visible, and that, once obtained , allows us to isolate the
only unknown left in KSA, which is the byte of the key for
that position; undoing the operations of the algorithm in
the opposite direction, we get to obtain the byte of the
desired key, and, once this step is done, we can capture
another data packet encrypted with weak IV and repeat
the process until all the bytes of the key have been
completed .
9. This mathematical condition, by which the data of the
wifi key is accessible behind equations with enough known
values to be solved, can only happen 5% of times,
specifically, when the first four elements of the matrix S []
( which is used by KSA to shuffle the key data in a
pseudo-random way) have not been affected after the
first shuffling operations performed by the algorithm.
Breaking WEP with advanced attacks
The design decisions that were made about the RC4
algorithm have made it a very vulnerable element in any
security mechanism that uses it. Much of other advanced
attacks that have subsequently been investigated, confirmed
and implemented by researchers are based on RC4
weaknesses.
Replay attack ARP
Replay attack ARP. Capture a valid encrypted packet that
arrives from the router, and that by its length it is clearly
known that it is an ARP-type packet, which can be perfectly
forwarded by the attacker as it arrives, although he can not
decipher it yet.
Being a 100% valid package, the network receives and
interprets the same as another valid ARP request. This, in
turn, causes the access point or router to respond to said
ARP request once more, with the difference that in each
packet sent the router changes the IVs with which it is
encrypting the packet, thus creating a new packet with
possibly useful information for the assailant.
The idea is to force the router to transmit large numbers of
weak IV packets by injecting legitimate looking traffic to
which the router must respond, speeding up the process of
collecting packets with weak IVs.
With these attacks, it is possible to obtain enough data to
break a WEP network with maximum encryption strength in
minutes.
Attack ChopChop
Attack ChopChop. This attack uses the responses of some
routers against malformed packets. It uses the information of
said answers to obtain information of complete PRGA, and in
this way to decipher, without knowing the Wi-Fi key, an
encrypted data package that was previously captured. For
more information, visit this article with the detailed theory:
http://www.aircrack-ng.org/doku.php?id=chopchoptheory
3.4.4. WPA (version 1)
Changes and improvements regarding WEP
WPA emerged to correct the limitations of WEP.
Its most normal variant is the WPA-PSK. Use the PSK
system, or pre-shared key. In it, all users of the wireless
network have the same Wi-Fi password that the user defines,
in the same way that it happened with WEP networks.
There is also a corporate WPA version known as WPAEnterprise. It offers additional security by requiring
identification with a name and password in special
authentication systems, such as RADIUS or 802.1X.
WPA introduced security improvements such as the fact
that passwords can be between 8 and 63 characters long,
unlike WEP, whose password was only 5 or 13 characters.
TKIP
But, undoubtedly, the biggest change was the introduction
of the TKIP ( Temporal Key Integrity Protocol ), which varies
the keys used in the Wi-Fi connection (not to be confused
with the Wi-Fi password) every so often. Although TKIP uses
the same algorithm internally as WEP (RC4), it constructs the
keys differently and more securely with respect to WEP,
that's why TKIP characterizes WPA1; basically, it is the new
way to build the unique packet encryption keys derived from
the wifi key.
TKIP solves the problem of reuse of the initialization
vectors of the WEP encryption that we have previously
seen. WEP periodically uses the same IV to encrypt the
data. TKIP is based on less repetitive patterns and longer
vectors.
TKIP also seeks to recover security in lower layers,
controlling cryptographically the link layer (MAC addresses)
whose security had not been implemented in WEP. Enabling
WEP encryption and MAC address control separately did not
work: ordinary MAC access control does not implement
cryptography of any kind, it simply checks the MAC of the
packets and allows or denies access based on it. Anyone can
know the list of allowed MACs by scanning the network
traffic, even before breaking the WEP encryption, making this
measure not very robust. Therefore, WPA needed to do
better control.
The TKIP process begins with a 128-bit temporary key that
is shared between the clients and the access points. It
combines the temporary key with the MAC address of the
client, thus achieving control of the link layer mentioned
above. Then, add a relatively long initialization vector of 16
octets (unlike the 3 octets of WEP) to produce the key that
will encrypt the data. This procedure ensures that each
station uses different encryption keys for data flows.
To avoid the use of weak IVs, a hashing of the
cryptographic parameters used in each packet is made, and
sequential numerical control of the packets sent, so that the
IV can not be used for many types of attacks that were
possible in WEP .
IEEE 802.3 SNAP header
Still vulnerable
WPA continues to use the RC4 algorithm to perform the
encryption, as it was used in WEP encryption. However, a big
difference with the WEP is that it changes the temporary keys
per 10,000 packages. This provides a dynamic distribution
method, which significantly improves the security of the
network and covers to a large extent the known
vulnerabilities of the RC4 algorithm, since it makes it very
difficult to obtain useful statistical information to try to
complete the encryption equations.
As already mentioned, WPA continues to use the RC4
encryption system. We have already seen in the WEP section
that RC4 has a fragile design, in the sense that it allows to
find the keys through statistical analysis. Although WPA tries
to compensate for these vulnerabilities, security problems of
a cryptographic origin appear again.
With enough traffic captured, the encryption can be
analyzed and broken, because, although not as much as in
WEP, useful information continues to leak to complete the
decryption equations and deduce the values used to build the
PRGA, configure the intermediate keys in the KSA, deduce
the algorithm of temporary key change and finally arrive with
all this to the wifi key.
After monitoring an access point for about a day and
capturing all traffic, a malicious actor can, using specialized
software, break the WPA1 encryption, similar to how you
would with WEP, but simply needing more time. WPA1 is
safer and much more dissuasive, since the technical level
required is even higher, but it is still vulnerable .
3.4.5. WPA2
WPA2 arose to definitively correct the weaknesses of the
ciphers used in WPA, so that the use of RC4 was finally
eradicated to prevent the accumulation of information by
capturing traffic to deduct anything.
Like WPA1, it maintains the two variants depending on who
and how the master password of the WPA2 network-Preshared key personnel fits with all the stations that connect
and WPA2-Enterprise, which offers additional security by
forcing identification with a name and password on special
authentication systems, such as RADIUS or 802.1X.
Changes and improvements regarding WPA version 1
The key point is that the backwards compatibility with the
old hardware is not maintained, thus allowing for more
complex algorithms that are close to the most advanced
encryption, integrity and authenticity control standards of the
moment.
Although the length between 8 and 63 characters is
maintained for the wifi password, the AES 128-bit encryption
replaces the insecure RC4 encryption, solving all the
problems derived from RC4, which allows to guess certain
cryptographic parameters through statistical analysis.
Increase the robustness of packet integrity control
The robustness of the packet integrity control is increased
by adding ( cipher block chaining message authentication
code ), replacing other simpler or more predictable
mechanisms of integrity checking such as the Michael
algorithm in WPA. The Michael algorithm was the strongest
that the WPA designers could create, under the premise that
it should work on the older wireless network cards; however,
it is susceptible to attacks, and WPA2 did not seek hardware
compatibility, so it was able to implement CBC-MAC.
With regard to the possibility of breaking the encryption, at
this time there is no known method that achieves it, for this
reason AES is considered the most robust and suitable
encryption for this type of networks [1] . There is only the
possibility of capturing the "4-way handshake", which is
exchanged between the device and the access point as an
authentication mechanism in a WPA2 network.
In the case of WPA2-PSK ( Pre Shared Key ), this 4-way
handshake should be understood as a copy of the original
lock on which a malicious actor could make checks of
different "keys" (passwords) to find the correct one. If a valid
handshake is captured with a Wi-Fi network scanner, we do
not obtain the password of the same, but the basic
information against which to check a possible password to
check or discard it, thus allowing brute-force attacks through
password dictionaries.
The choice and use of a robust password remains crucial
There are software tools that use the powerful graphic
processor of modern graphics cards as a mathematical
coprocessor to perform brute force attacks hundreds of times
faster than with ordinary PC, so the selection and use of a
robust password is still crucial.
WPA2-Enterprise enterprise Wi-Fi networks are not
vulnerable to dictionary attacks, since the RADIUS server will
ra n d o m l y g e n e ra t e t h e s e k e y s a n d c h a n g e t h e m
regularly. Legitimately connected devices must first be
authenticated by an individual username and password and
before receiving the password by a secure channel derived
from prior authentication (that is, although the
authentication server informs the device of the key in at that
moment, said key is encrypted so that only the device that
has been authenticated can decrypt it).
The use of WPA2-Personal means having the most robust
Wi-Fi security technology available today, mitigating all the
vulnerabilities and weaknesses described in this section for
WEP and WPA in any of its versions, as well as WPA2 in its
WPA2-Personal version.
[1] http://www.islabit.com/51272/seguridad-wi-fideberiamos-usar-wpa2-tkip-wpa2-aes-o-ambos.html .
IV. 3G / 4G networks
Most of the mobile devices that run the Android, iOS and
Windows Phone platforms connect to 3G / 4G networks to
have voice and data connections when they do not have a
Wi-Fi network within reach, which provides them with greater
security in the communications. However, everything has
weak points, and as the years go by they grow in number
and importance. Although the first thing that must be
highlighted is that, a priori and without further deepening,
the fourth generation (4G) mobile network, by design, is
more secure at the link level, but more insecure at the
network trunk level (the network of the operator) than its
predecessor, the third generation (3G) network and other
previous mobile networks. How could this happen? Well, very
simple. The main problem is given because the trunk of the
4G network is totally based on the use of the IP protocol
(Internet Protocol ). In contrast, in the 3G network, and its
predecessors, despite having other problems, its core is
based on the combined use of the IP protocol and the SS7
protocol ( Signaling System 7 ). Unfortunately, this design
can lead to problems for both the mobile operator and the
user indirectly, especially at the level of privacy and data
protection.
IP Protocol
The IP protocol is much more open and known than the
mobile protocols used in the past, and has been exploited
successfully by hackers for many years; In this way, the use
of IP opens the door to a series of potential threats in the 4G
mobile network. The IP protocol alone does not provide any
security measure, so even though the 4G architecture
provides security, mobile network operators have an essential
role in managing the security of these networks through their
design, implementation and operations. Mobile network
operators can not be complacent about security in the 4G
network and the need to actively protect multiple points of
entry into the network. The 4G network brings with it an
increase in the complexity of security management for
operators. However, by taking the necessary measures, they
can minimize the impacts of many of the security threats
hitherto known in this type of network.
KASUMI
The previous networks present other problems at the link
level due to the passage of years (outdated or insufficient
measures to date), to the greater knowledge we have of
these technologies, and to the power of the devices used
today. For example, in terms of cryptography, 3G networks
use KASUMI block encryption, which is implemented to
provide confidentiality in the UEA1 encryption algorithm and
integrity in the UIA1 algorithm (algorithm based on message
authentication codes). This encryption was already being
used in GSM and GPRS networks to provide confidentiality in
the encryption algorithms A5 / 4, A5 / 3, GEA4 and
GEA3. KASUMI uses a block size of 64 ...
Purchase answer to see full
attachment