Copyright Goodheart-Willcox Co., Inc. 464 Security Essentials Jamming Jamming is intentionally interfering with wireless signals to prevent a transmission from being usable. Jammers are RF transmitters that block or scramble other RF sig- nals. Jammers cannot determine which signals are undesirable and which are wel- come, so it interferes with all signals, including Wi-Fi signals, cellular transmissions, and GPS communication. The Communications Act of 1934, later amended by the Telecommunications Act of 1996, is a federal law that prohibits the marketing, sale, and use of a transmitter designed to block, interfere, or jam wireless signals. RFID Attacks Radio frequency identification (RFID) tags function through an antenna that pro- duces an electrical signal to power a transceiver in the tag. A popular use of RFID tags includes employee badges that can be detected by a proximity reader. RFID tags are small and can be placed in or on devices, and they are read when they near the proximity reader. This technology is very helpful when processing a large volume of scanning is necessary, for example, many employees entering a building, or a user checking out several items at the library. RFID tags are passive or active. A passive tag does not have its own power source it receives power from the reader. When the RFID tag is near the reader, the antenna in the tag forms a magnetic field. However, the range for these tags is about 15 meters, or roughly 50 feet, so outside of that range, the tag does not have power. Active RFID systems use battery-powered RFID tags that continuously broad- cast their signals. A common example of these is automobile tolling systems such as EZ-Pass. These tags have a range of approximately 150 meters, or roughly 500 feet. RFID tags provide efficient services but are susceptible to attacks, particularly eavesdropping and replay attacks. Eavesdropping occurs when an unauthorized reader listens to transmissions between the RFID tag and the read to gain data that can be recorded and reused to gain access, steal data, or act on the communication by intercepting information or manipulating data. Additionally, an attacker can swap an RFID tag with a duplicate tag that trans- mits false data and violates the integrity of the information. Administrators should review RFID tags to ensure the validity of each tag and corresponding reader. NFC Attacks Near-field communication (NFC) is a set of standards that establishes communica- tion between devices in close proximity of each other. NFC devices are used often in retail, including contactless payment systems and rewards cards. The use of NFC in wireless networking is vulnerable due to the inherent properties of the technology itself. For example, if data sent from one device to another via NFC is unencrypted, a nearby device can intercept it. Additionally, if a hacker is close enough, it may be possible to tap a reader to a user’s device and steal data. Hackers could corrupt the data being sent to the reader or interfere with the data being sent. The loss of phones with NFC payments can be prevented by having passwords or biometric locks on their systems. Initialization Vectors (IVs) An initialization vector (IV) is a randomly generated number or variable added to an encryption key every time there is a transmission. However, this is still not foolproof. In an IV attack, an attacker is able to learn the plaintext of a packet and can then compute the encryption key stream used by the IV. Once the key stream is found, any 1.4 1.4 TECH TIP RFID-based automobile key fobs are popular methods of remote access. Hackers can monitor signals to obtain unique codes from a specific key fob or use a relay box to pick up the radio signal from an unused key fob to access a car. Key fobs can be stored in faraday bags to protect fobs when not in use. 1.4 1.4