Time
31 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello. My name is Dustin and welcome to wireless networks.
00:04
So first up is Bluetooth.
00:06
Bluetooth is one of the oldest wireless protocol still
00:09
broadly available today. It was actually created in the 19 nineties to synchronize data between phones and other battery powered devices. Today, it's probably used on phones for a variety of devices, including gaming controllers, headphones and keyboards.
00:26
Bluetooth requires a very small amount of power and can only function over about 30 feet with very low data transfer race.
00:37
So there are a few flaws and Bluetooth that could affect security.
00:40
First, there's the general software vulnerabilities. This could allow data theft, drive by malware downloads or almost anything else that you can think of. And how do we combat our secure this again? That's something we've talked about before. We always want to make sure we're patching and keeping our software up to date. Um,
00:59
another thing you can do for to combat this is
01:02
when you're not using Bluetooth. Turn it off on your phone.
01:04
It will prevent any of these attacks from occurring in the first place.
01:11
Another type of attack that Bluetooth this vulnerable to is eavesdropping. This really isn't a huge problem with most newer Bluetooth protocols as it's encrypted by default. But there are older Bluetooth devices that still use Bluetooth. Any of the one Siri's or the 2.0 Siris,
01:30
they're vulnerable. Thio Eavesdropping Attacks.
01:34
Malicious Attackers could then crash your devices or block them from receiving calls, or even drain your battery with, AH, denial of service attack.
01:42
In order to combat this threat,
01:45
make sure your Bluetooth is turned off when it's not news.
01:49
Bluetooth devices themselves so the actual devices like your headphones, your gaming
01:55
controllers. Air keyboards
01:57
can also have a variety of security flaws, including passing data to other devices allowing snooping, allowing multiple devices to connect to them. In order to combat this. Change your default pin on these devices and you guessed it turn off Bluetooth when not in use.
02:15
There are a variety of wireless protocols that have been created to support home automation systems, especially just over the last five years, but two of the most common R Z wave and zig B.
02:29
Both of these protocols use very low energy. Their data rates are also very low.
02:35
I believe it's 0.25 megabits per second for zig B and 0.1 megabits per second for Z wave.
02:43
Because of the functionality of these devices, they don't really mean to support high data transmission rates by default of both Z wave and zig be used a yes 1 28 bit encryption and are relatively secure.
02:58
The largest vulnerability of these networks for my research has been in the initial pairing stage of a device to the network. So when a device is being paired, it is possible that an attacker could intercept the key used of the network.
03:13
This would require the attacker to be present during the initial setup, which usually only takes milliseconds. The likelihood of this happening are relatively low,
03:23
but automating your home may introduce new vulnerabilities to network.
03:28
Most of these devices connect to a central hub with WiFi access onto the network,
03:32
so you can usually control them from anywhere. There is actually an episode of the podcast hackable from McAfee, where they actually hacked a WiFi network by accessing a couple of I O T devices, including a teapot in a coffee pot.
03:47
It didn't specify, but I believe both of these devices did connect directly to the Home wireless network.
03:53
But even with the wave and zig B, this could open up new doors that we haven't really thought about.

Up Next

Wireless Network Fundamentals for Security Practitioners

In this course, the instructor covers the basics about wireless protocols which includes LTE, Bluetooth, Z-Qave, and zigbee. The instructor also goes more in-depth with Aircrack-NG by discussing the tools used to test the wifi networks, explaining how to install the tools on various OS, and demonstrating an Aircrack-NG lab.

Instructed By

Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor