Author: Brad Haines
Part of Syngress’ “The Seven Deadliest Attack Series”, this book introduces the reader to the anatomy of attacks aimed at wireless technologies and devices that use them.
You’ll learn what it takes to execute infrastructure attacks on wireless networks; which client-side attacks you should look out for; how Bluetooth, RFID, and encryption can be cracked; and why you should be careful when using analog wireless devices, cell phones and other hybrid devices.
About the author
Brad ‘RenderMan’ Haines is one of the more visible and vocal members of the wardriving community. A firm believer in the hacker ethos and promoting responsible hacking and sharing of ideas, he wrote the “Stumbler Code of Ethics”. He operates his own consulting company and is a co-refounder of “The Church of WiFi” wireless thinktank.
Inside the book
Each chapter in this books starts with an example of a danger associated with the use of wireless technologies. A likely attack is then described, and is followed by various defense strategies that can be used to thwart it. Every solution is analyzed and presented with both its strengths and weaknesses.
The first and the second chapter deal with attacks aimed at wireless networks – both at its infrastructure and at the wireless clients used to connect to it. Haines explains how wireless networks work, how WEP, WAP and WAP2 encryption schemes can be cracked, and how to protect your network from various attacks. He then proceeds to reveal what dangers public hotspots present to the regular user and which countermeasures can be employed to minimize the risk of their use.
The next two chapters cover the often ignored subject of Bluetooth and RFID attacks, and they come very handy because a lot of people are unaware of just how much this technology is used in everyday life. Risks associated with the use of analog wireless devices are presented in the fifth chapter, and again, Haines reminds us just how many wireless devices we use in our daily lives and not even think about possible compromises. Handsets, microphones, video devices – all vulnerable to attacks.
For anyone who has ever tried to set up a home or business wireless networks, the question of whether or not to add encryption to the mix was surely raised. Haines shows us what how bad encryption can be counterproductive to overall security, and uses real-world examples to demonstrate his point.
The last chapter will probably be the most interesting one to everyone, because it deals with the issue of cell phone and smartphone security, and those are devices that most of us use (privately or for work) on a daily basis. The popular subject of jailbreaking and the inherent risks are described, and the iPhone and Android security models are presented.
I really, really liked this book. The chapters and the book are relatively short, but they are extremely to the point. The author has refrained from using overly technical language, and this fact makes this book perfect for novices and people who are forced to assume technical roles at home or at work.
What I especially liked is the large amount of real-world examples – they drive the point home and make for an interesting read. The text is peppered with notes, warnings and tips, and very enlightening “Epic Fail” text boxes, where you can learn from other people’s and companies’ mistakes.