Guangdong Zecheng Intelligent Technology Co., Ltd

quentin@zecheng.com.cn

86-0769-39020536

Rumah> Blog> On the wireless interface and network side attack method in access control

On the wireless interface and network side attack method in access control

April 01, 2023
In today's residential communities, access control intercom systems are basically installed, which brings convenience to residents and also brings about some annoyances. In the higher end areas, there are potential security risks, such as attacks on access control systems. This article gives you a detailed introduction to the attack on the wireless interface and network in the access control system.

Wireless interface-based attack

In the building intercom mobile communication network, all communication between the mobile station and the fixed network is transmitted through the wireless interface, but the wireless interface is open, and the perpetrator may eavesdrop on the channel through the wireless interface and obtain the transmission information therein. It is even possible to modify, insert, delete, or retransmit messages in the wireless interface so as to counterfeit the identity of the mobile user in order to deceive the network terminal. According to the different types of attacks, it can be divided into three types: unauthorized access to data, unauthorized access to network services, and threat integrity.

1, unauthorized access to data attacks

The main purpose of unauthorized access to data attacks is to obtain the user data and/or signaling data transmitted in the wireless interface. There are several ways to do this:

Eavesdropping on User Data - Obtaining User Information Content Eavesdropping Signaling Data - Obtaining Network Management Information and Other Wireless Tracking for Proactive Attacks - Obtaining Mobile User Identity and Location Information for Wireless Tracking Passive Transport Stream Analysis - Guess User Communication Content and Purpose Active Transport Stream Analysis - Get Access Information
2. Unauthorized access to network service attacks

In an unauthorized access network service type attack, an attacker defrauds the network by impersonating a legitimate mobile user identity, obtains authorization to access the network service, and evades payment, and the counterfeit mobile user pays for the attacker.

3, threat data integrity attacks

The target of the threat data integrity attack is the user data flow and signaling data flow in the wireless interface. The attacker realizes the purpose of deceiving the data receiver by modifying, inserting, deleting, or retransmitting these data flows. .

Network-based attacks

In the building intercom mobile communication network, the composition of the network is more complicated. It not only contains many functional units, but also the communication media between different units is not the same. Therefore, there are also some insecure factors that cannot be ignored in the security mobile network, such as wireless wiretapping, identity counterfeiting, falsification of data, and denial of service. According to the type of attack, there are the following four categories:

1, unauthorized access to data attacks

The main purpose of unauthorized access to data attacks is to obtain user data and/or signaling data transmitted between network-end units. The specific methods are as follows:

Eavesdropping on User Data - Obtaining User Communication Content Eavesdropping Signaling Data - Obtaining Security Management Data and Other Information Useful for Proactive Attacks Counterfeit Communication Receivers - Obtaining User Data, Signaling Data, and Other Passive Transmission of Information Facilitating Active Attacks Stream analysis - access to information access to illegally stored data in the system - access to data stored in the system such as legitimate user authentication parameters, etc.
2. Unauthorized access to network service attacks

The main purpose of non-authorized access to network service attacks is to access the network and avoid payment. The specific manifestations are as follows:

Counterfeit legal use - access to network services authorized counterfeit service network - access to network services to counterfeit the home network - access to authentication parameters that can impersonate a legitimate user's identity abuse of user power - to enjoy network services without payment and misuse of network services - Obtaining illegal profits
3, threat data integrity attacks

The threat data integrity attacks on the building intercom mobile communication network include not only the threats of data integrity attacks in the wireless interface, but also the communication interface between the BSS and the MSC may be a wireless interface. Moreover, it also includes wired communication networks. The specific performance is as follows:

Manipulate user data streams - gain network service access rights or intentionally interfere with traffic manipulation signalling data flow - gain access to network services or intentionally interfere with communications Counterfeit communication participants - gain access to network services or intentionally interfere with communication manipulation Downloadable applications - Interfering with the normal operation of the mobile terminal Manipulating the mobile terminal - Normal operation of the mobile terminal Manipulating data stored in the network unit - Obtaining access rights to network services Intentionally interfering with communications
4, after the service denial attacks

After the service, the repudiation attack is whether or not the communication occurred after the communication, thus avoiding payment or evading responsibility. The specific performance is as follows:

Payment repudiation - rejection of payment sender's denial - unwillingness to pay for messaging service responsibilities Receiver repudiation - Unwillingness to pay for the received messaging service
Hubungi Kami

Author:

Ms. Yanjun Chen

Phone/WhatsApp:

+8613602572892

Produk popular
You may also like
Related Categories

E-mel kepada pembekal ini

Subjek:
E-mel:
Mesej:

Your message must be betwwen 20-8000 characters

Rumah

Product

Phone

Tentang kita

Siasatan

We will contact you immediately

Fill in more information so that we can get in touch with you faster

Privacy statement: Your privacy is very important to Us. Our company promises not to disclose your personal information to any external company with out your explicit permission.

Menghantar