Wireless Security Testing
Insomnia Security are able to perform security testing across a wide range of wireless technologies covering Wi-Fi, Bluetooth, RFID and NFC standards. Utilising specialist hardware and software tools, combined with a practical methodology that has been developed over time, the Insomnia Security testing team are able to conduct a comprehensive review to validate the secure use of these technologies.
Wi-Fi Security Testing
Wi-Fi security testing includes reviewing the wireless network configuration and attempting to bypass or circumvent any authentication requirements on the wireless access points. Testing can include checking for pre-authentication attacks such as captive authentication portal vulnerabilities; DNS information leakage; and DNS tunnelling.
Additionally, testing includes a review of the network connectivity exposed via the wireless connection and validation that appropriate controls are in place to prevent access to systems or services that should not be exposed. This may include management portals, enterprise controllers, or the unintended exposure of internal or corporate systems through guest or BYOD SSIDs.
Passive discovery can be conducted to complete a site survey of the selected area to identify both legitimate and rogue access points within the 2.4GHz (802.11b/g) and 5GHZ (802.11a) frequency ranges.
Reviewing the configuration of client devices allows our team to identify and report on any weaknesses that may lead to a lack of encryption or disclosure of credentials. This can be expanded to include a detailed review of the client authentication lifecycle focusing on credential rotation, certificate enrolment, and PKI chain and certificate revocation.
Bluetooth Security Testing
Bluetooth Classic and Bluetooth Low Energy testing identifies weaknesses or vulnerabilities in both controller and peripheral devices. Testing will review the solution's use of secure pairing and authentication as well as its susceptibility to sniffing; man-in-the-middle, relay and replay attacks; exposed services and application layer vulnerabilities.
The review will also include consideration of privacy and tracking issues common with Bluetooth technologies. Bluetooth testing often includes elements of mobile, firmware and/or hardware reviews depending on the client solution.
RFID and NFC Security Testing
RFID and NFC are often used in sensitive applications such as identification, access control, tracking and payment systems. Many existing products and protocols in this space have been found to be vulnerable to various attacks or weaknesses.
Security testing of these solutions explores whether tags are vulnerable to cloning, unauthorised reading/writing or self-provisioning; and if the solution is vulnerable to replay or range-extending relay attacks. A review can also explore low-level and protocol-level attacks against the reader, or threats to the system if a reader is compromised.