Kampung WiFi networks in order to amplify awareness among its ... very high data rates, high reliability, good efficiency and lower cost. ..... Publishing Company.
Wireless Network Attack: Raising the Awareness of Kampung WiFi Residents Syahrul Fahmy, Akhyari Nasir and Nooraida Shamsuddin Faculty of Computer, Media and Technology Management TATI University College 24000 Kemaman Terengganu, MALAYSIA
Abstract— The rapid growth of Information and Communication Technology has made people around the world spending more time on the Internet than ever before. Online activities are carried out on a daily basis from information searching to property purchasing. This trend is on the uprise with commercial Internet Service Providers offering affordable wireless broadband connection to all, including in rural areas. In some countries, free Internet access is given to residents through ‘hotspots’ such as Kampung WiFi in Malaysia. Although this means more people can connect to the information highway, it raises the issue of Information Security and Privacy – how secure are these networks? This paper aims to demonstrate the vulnerability of Kampung WiFi networks in order to amplify awareness among its Internet users with regards to security and privacy. Background of Kampung WiFi is presented in Section I while Section II presents wireless network implementation technologies namely WLAN, WMAN, WWAN. Review of classic network attacks including Malicious Associations, Identity Theft, Man-In-TheMiddle, Network Injection, Caffe Latte and Denial-of-Service is presented in Section III and Section IV demonstrates wireless network attacks using Cain & Abel, Wireshark and NetworkMiner. Finally, conclusion is made in Section V. It is hoped that this paper will highlight the importance of IT security and privacy in Kampung WiFi. Keywords- Kampung WiFi, IT Security, Information Privacy
I.
INTRODUCTION
The Kampung WiFi program was launched by the Ministry of Information, Communications and Culture in 2010 to bridge the digital divide between rural and urban communities in Malaysia [1]. It is a joint effort between the Communications & Multimedia Commission and several Communication Service Providers (CSPs). The cost of setting up Kampung WiFi varies from RM 15,000 – RM 30,000 each, depending on technology used i.e. fixed phone line, satellite, etc. Speed is anticipated to be up to 4Mbps within a 50 meter radius with different hardware setup depending to geographical locations. For areas with fixed line access, a router will be placed at a designated location (house, school, etc). In rural areas with limited (or lack of) fixed line access, a satellite tower is erected on high grounds (such as hills) to transmit WiFi signals. Currently there are more than 400 Kampung WiFi in Sarawak, 400 in Sabah, 350 in east-coast Peninsular and 500 in west-coast Peninsular.
Three criteria are used for setting up Kampung WiFi: the number of residents; distance to the nearest wireless infrastructure (3G/4G); and the availability of wired infrastructure (fixed lines). There are more than 16 million Internet users in Malaysia from its population of 26 million (2010 statistics) [2]. Although the figure is impressive, it prompts the question of information security and privacy. According to the Malaysian Computer Response Team, in 2009 alone there were 3,564 computer security incidents; 184,407 spam e-mails; and 1,889,165 incidents of botnet and malware infection [3]. It is anticipated that by the end of 2012, the number of Kampung WiFi will reach 4000. So, are these users aware of the danger that lurks within this service? How adept are they to embrace this new technology? This paper is part of an on-going research effort in Kampung WiFi [4] and aims to demonstrate the vulnerabilities of these networks in order to raise awareness towards information security and privacy.
II.
WIRELESS NETWORK
This section presents an overview of wireless broadband technology in Malaysia and used in the implementation of Kampung WiFi. Wireless network provides high-speed wireless Internet and can be implemented in three (3) ways; Wireless Local Area Network, Wireless Metropolitan Area Network and Wireless Wide Area Network.
A. Wireless Local Area Network (WLANs) WLAN consists of several elements including the client and access point. The client represents the group of devices within the WLAN that are connected to the single point of aggregation – the access point – that connects to the Internet or other network infrastructure [5]. WLAN uses radio frequency signals in 2.4 GHz and 5 GHz spectrum as its transmission medium [6]. Wi-Fi or IEEE 802.11 is the set of standards established to define WLANs. A number of different protocols are defined in the 802.11 family of standards, addressing various operating frequencies and maximum throughputs [7], summarized in Table 1. 978-1-4673-1938-6/12/$31.00 ©2012 IEEE
Table 1: IEEE 802.11 Standards STANDARD
YEAR
DATA RANGE
RADIO FREQUENCY
RANGE
802.11a
1999
54 Mbps
5 GHz
Short
802.11b
1999
11 Mbps
2.4 GHz
Medium
802.11c
2003
54 Mbps
2.4 GHz
Medium
Although the 802.11a was the first standard created in the 802.11 family, 802.11b became the first widely accepted wireless networking standard, followed by 802.11a and 802.11g. B. Wireless Metropolitan Area Network (WMANs) WMAN is a form of wireless networking that has an intended coverage area, a range of approximately the size of a city [8]. WiMAX (IEEE 802.16) is a wireless digital communication standard intended for WMANs and promises very high data rates, high reliability, good efficiency and lower cost. WiMAX provides a coverage radius of up to 50 km and data rates of up to 70 Mbps. C. Wireless Wide Area Network (WWANs) WWAN covers a much broader area than Wi-Fi or WiMax, with coverage usually measured on a nationwide or even global basis [9]. WWANs provide broadband data network with a far greater range, using cellular technologies such as GPRS, HSPA, UMTS, and LTE [10] at different speed.
III.
CLASSIC NETWORK ATTACKS
This section briefly presents several infamous attacks to wireless network including Malicious Associations, Identity Theft, Man-In-The-Middle, Network Injection, Café Latte and Denial-of-Service.
A. Malicious Associations Malicious Associations [11-13] are wireless devices that are made by attackers to connect to a network through Soft AP (such as laptop) instead of a legitimate Access Point (AP). Using computer programs, these laptops are made to imitate a legitimate AP. Once access is gained, the attacker can obtain passwords, launch attacks on the network, or plant Trojans. Since wireless networks operate at Layer 2, Layer 3 protections such as network authentication and Virtual Private Networks (VPNs) offer no barrier.
B. Identity theft Identity Theft or MAC Spoofing [14-16] occurs when an attacker listens to network traffic and identifies the MAC address of a computer with appropriate privileges. Most wireless systems use MAC filtering to allow authorized computers with specific MAC ID to gain access to the network.
802.11 devices transmit unencrypted MAC address in its headers, and require no special equipment or software to detect it. Anyone with an 802.11 receiver (such as a laptop) and a wireless packet analyzer could obtain the MAC address of transmitting 802.11 devices within range.
C. Man-In-The-Middle Man-In-The-Middle [17-19] allures computers to log into another computer which is set up as Soft AP. Once this is done, the attacker connects to a real AP (through another wireless channel) offering a steady flow of traffic through the attacking computer to the real network. The attacker can then ‘sniff’ the traffic. Hotspots are particularly vulnerable to any attack since there is little security, if any, on these networks.
D. Network Injection Network Injection [20-22] enables attacker to use APs that are exposed to non-filtered network traffic, specifically broadcasting traffic such as ‘Spanning Tree’, OSPF, RIP, and HSRP. The attacker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even re-programming a large number, if not all, intelligent networking devices.
E. Caffe Latte Caffe Latte [23-25] is a method to defeat WEP where the attacker does not necessarily be in the area of the network. Using a process that targets the Windows Wireless Stack, it is possible to obtain the WEP key from a remote client. By sending a flood of encrypted ARP requests, the attacker takes advantage of the shared key authentication and the message modification flaws in WEP. An attacker can use the ARP responses to obtain the WEP key in less than 6 minutes [8].
F. Denial-of-Service Denial-of-Service (DoS) [26-28] occurs when an attacker continually bombards an AP with bogus requests, premature successful connection messages, failure messages, and other commands. The usual reason for performing a DoS attack is to observe the recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the attacker to record these codes and use various tools to analyze security weaknesses and exploit them to gain unauthorized access to the system. The list of attacks is by no means complete, with new tools are developed and made available on a daily basis either for free or for a small fee. These attacks are just the top of the iceberg and if not addressed properly, may result in catastrophic consequences. Almost all of these attacks can occur in Kampung WiFi.
IV.
WIRELESS ATTACK SIMU ULATION
This section presents attack simulations to wireless network (similar to Kampung WiFi), carrried out at TATI University College. The objective of this simulation s is twofold: (1) To demonstrate that wireless attaacks to Kampung WiFi are possible; and (2) To establish that these attacks will u affect personal and vital information of the users. 40 Personal Computers (PCs) and 3 laptoops are used in this simulation. The computers are stationary and a located in the CCNA Computer Laboratory and General IT I 2 Laboratory at the Faculty of Computer, Media and Technology Management. The laptops are mobile andd used to launch attacks to the network. All computers are running different m Windows XP to versions of Windows operating system from Windows 7. Different wireless configurations are useed to replicate the different wireless settings that might be used u in Kampung WiFi including using commercial broadbandd connections such as Celcom and DiGi. The simulation makes use of existing software tools to w informed that launch attacks to the network. Respondents were they are part of a study to investigate IT seccurity and privacy. All respondents are allocated a PC and requuested to carry out several tasks including (i) Logging into theeir e-mail account and send an e-mail; (ii) Logging into their Facebook account and carry out usual tasks; and (iii) Logging into their internet banking account and logging off. Three (3) different software are used namely Cain & Abel, Wireshark andd NetworkMiner.
A. Cain & Abel t for Microsoft Cain & Abel is a password recovery tool Operating Systems. It allows the recovery of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks; recording VoIP conversations; decoding scrambbled passwords; recovering wireless network keys; revealingg password boxes; uncovering cached passwords; and analyzingg routing protocols [29].
FIGURES 1A & 1B: Obtaining Username-Password U for Online E-Mail Acccount
We were successful in obtaining username-password combination for online e-maill accounts using Cain & Abel. Figures 1A & 1B illustrate results of the attack where mail accounts hosted at credentials of two e-m “webmail.tatiuc.edu.my” were obtained.
B. Wireshark Wireshark is a network prootocol analyzer that captures and interactively browses the traaffic running on a computer network [30]. Features of Wiresshark include deep inspection of hundreds of protocols; live cappture and offline analysis; multiplatform; reading live data from m Ethernet, IEEE 802.11, PPP/ HDLC, ATM, Bluetooth, USB B, Token Ring, Frame Relay, FDDI, and others; and decrypttion support for many protocols, including IPsec, ISAKMP, Kerbberos, SNMPv3, SSL/TLS, WEP, and WPA/ WPA2.
FIGURES 3A & 2B: Readinng Individual e-Mail Account
M on Facebook FIGURES 2A & 2B: Revealing Comments Made
We were successful in readding the content of an online email account using NetworkMiiner. Figures 3A & 3B illustrate result of the attack where the t content of an e-mail was successfully displayed.
We were successful in revealing com mments made on individual Facebook account using Wireshaark. Figures 2A & 2B illustrate results of the attack where the comments made by “Sufi Asri” were revealed.
C. NetworkMiner NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows and can be used as a passive network sniffer/ packet capturing tool in order too detect operating systems, sessions, hostnames, open ports ettc. without putting any traffic on the network [31]. NetworkM Miner collects data about hosts on the network rather thann collecting data regarding traffic on the network.
FIGURE 4: Obtaining Username-P Password for Online Bank Account
We were also successfull in obtaining the usernamepassword for an online bank acccount. Figure 4 illustrates result of the attack where the usernaame and password for a CIMB account was successfully obtainned.
V.
CONCLUSION AND FURTHER WORK
The Kampung WiFi program aims to bridge the digital divide between rural and urban communities in Malaysia. Currently there are more than 400 Kampung WiFi in Sarawak, 400 in Sabah, 350 in east-coast Peninsular and 500 in westcoast Peninsular. Wireless network provides high-speed wireless Internet and implemented in three (3) ways; Wireless Local Area Network, Wireless Metropolitan Area Network and Wireless Wide Area Network. Attacks to wireless network such as Malicious Associations, Identity Theft, Man-In-TheMiddle, Network Injection, Café Latte and Denial-of-Service, are not uncommon and pre-emptive measures should be taken to minimize if not curb them. This paper has demonstrated the possibility of wireless attacks to Kampung WiFi by means of computer software that can be easily downloaded from the Internet. Results of this demonstration have revealed alarming results including successfully obtaining username-password combination of online e-mail accounts, reading comments made on Facebook; revealing the content of e-mail account; and obtaining username-password combination for online bank account. These are just some potential issues surrounding Kampung WiFi and need to be carefully addressed to ensure the smooth implementation of the program. Cooperation from all quarters is needed. CSPs have to publish clear guidelines on Internet security policy and procedures. Internet users in Kampung WiFi have to be extra-vigilant when using this service and keep abreast with security measures that can be implemented to safeguard confidential information when connecting to the Internet. The Government through MyCert, NGOs, MyCert and other bodies, can help by notifying Kampung WiFi users of security threats from time to time. Works in the near future include empirical study of the awareness level; and IT security modelling for Kampung WiFi. It is hoped that the objectives of the program can be achieved without the expense of confidential information of the users. As Burke once said, “better be despised for too anxious apprehensions, than ruined by too confident security”.
REFERENCES [1] [2] [3] [4]
[5]
[6]
Bahagia Jaya Kampung Wifi Pertama. Utusan Malaysia: 12 May 2010. International Communication Union. http://www.itu.int/ Last accessed August 2011. Malaysian Computer Emergency Response Team. http://www.mycert.org.my/ Last accessed August 2011. Akhyari Nasir et. al., “Issues Surrounding Kampung WiFi”. TATIUC Research and Innovation Exhibition (TARIE 2012). Kuala Terengganu, Malaysia, 18-19 May 2012. Alan Sicher, Randall Heaton, White Paper Of GPRS Technology Overview, Dell, 2002. Retrieved May 2011. http://webpc.ciat.cgiar.org/wireless/documents/2002-gprs_overview.pdf Booz, Allen, Hamilton, White Paper Of Route Diversity Project Wireless Communications Capabilities; Evaluation Of Wireless Fidelity
[7]
[8]
[9]
[10]
[11]
[12] [13] [14] [15] [16] [17] [18] [19] [20] [21]
[22] [23]
[24] [25] [26]
[27] [28] [29] [30] [31]
(Wi-Fi) Technology In Support Of ESF #2 Disaster Response Role, Technology And Programs Division (N2), 2007. White Paper Of LTE: The Future Of Mobile Broadband Technology, Verizon Wireless, 2009. Retrieved May 2011. https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2 0mobile%20broadband%20technology.pdf White Paper Of WIMAX And Thefuture of Wireless Technology; Connecting The New Millennium, Emerging Technology, IJIS Institute. Retrieved May 2011. http://www.ijis.org/docs/wp/ijis_wp_wimax_20070618_final.pdf Karen Scarfone, Cyrus Tibbs, Matthew Sexton, Guide To Securing Wimax Wireless Communications, National Institute Of Standards And Technology, 2010 White Paper Of LTE: The Future Of Mobile Broadband Technology, Verizon Wireless, 2009. Retrieved May 2011. https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2 0mobile%20broadband%20technology.pdf Vipul Goyal, Virendra Kumar, Mayank Singh. “An Efficient Solution for the ARP Cache Poisoning Problem”. The First Information Security Practice and Experience Conference (ISPEC 2005), Singapore, April 2005, Lecture Notes in Computer Science, Springer-Verlag. Asthana, N C, and Anjali Nirmal. Urban Terrorism: Myths and Realities. Jaipur: Pointer Publishers, 2009. Vacca, John R. Guide to Wireless Network Security. Springer (2006). Lambert M. Surhone, Mariam T. Tennoe, Susan F. Henssonow (edited by). MAC Spoofing. Betascript Publishing. 2010. Dru Lavigne. BSD Hacks. O'Reilly Media Inc. 2004. Thomas W. Shinder, Thorsten Behrens. The Best Damn Firewall Book Period. Syngress. 2007. V.S.Bagad, I.A.Dhotre. Computer Networks - II. Technical Publications. 2009. Brian L. Stuart. Principles of Operating Systems: Design & Applications. Cengage Learning EMEA, 2008 Jon Erickson. Hacking: The Art of Exploitation. No Starch Press. 2008. Nitesh Dhanjani, Justin Clarke. Network Security Tools. O'Reilly Media, Inc. 2005. Harald Rohde, Dominic A. Schupke. “Securing Passive Optical Networks Against Signal Injection Attacks”. Proceedings of the 11th International IFIP TC6 Conference On Optical Network Design and Modeling ONDM'2007. pp.96~100 Merritt Maxim, David Pollino. Wireless Security. McGraw-Hill Professional. 2002. Bruce Brown. How to Stop E-Mail Spam, Spyware, Malware, Computer Viruses and Hackers From Ruining Your Computer Or Network: The Complete Guide for Your Home and Work. Atlantic Publishing Company. 2010. Ian Barile. Protecting your PC. Charles River Media. 2006. Michael Miller. Is It Safe?: Protecting Your Computer, Your Business, and Yourself Online. Que Publishing. 2008. Jelena Mirkovic, Sven Dietrich, Peter Reiher. Internet Denial Of Service: Attack and Defense Mechanisms. Prentice Hall Professional Technical Reference. 2005. Chin-Tser Huang, Mohamed G. Gouda. Hop Integrity in the Internet. Springer. 2006. Joseph Migga Kizza. Ethical and Social Issues in the Information Age. Springer. 2010. Cain & Abel. http://www.oxid.it/cain.html/ Last accessed February 2012. Wireshark. http://www.wireshark.org/about.html/ Last accessed February 2012. NetworkMiner. http://www.netresec.com/?page=NetworkMiner Last accessed February 2012.
