Replay Attacks

(OBJ 2.4)

Type of network-based attack where valid data transmissions are maliciously or fraudulently re-broadcast, repeated, or delayed
Involves intercepting data, analyzing it, and deciding whether to retransmit it later
Different from a Session Hijack
- In a Session Hijack, the attacker alters real-time data transmission
- In a Replay Attack, the attacker intercepts the data and then can decide later whether or not to retransmit the data
Example:
- An attacker was able to capture your session when you logged in to your bank
- They can then replay a session to the bank at a later time and attempt to log in as you
- Then reuse it to gain unauthorized access to the system

Not limited to banking; can occur in various network transmissions
- Email
- Online shopping
- Social media
Common in wireless authentication attacks, especially with older encryption protocols like WEP (Wired Equivalent Privacy)

Specific type of replay attack that Involves capturing a user's login credentials during a session and reusing them for unauthorized access

Use session tokens to uniquely identify authentication sessions
Session tokens are generated for each session, making it challenging for attackers to replay sessions
Implement multi-factor authentication to require additional authentication factors, making replay more difficult
By using multi-factor authentication, attackers lack the necessary additional information to replay login sessions
Implement security protocols like WPA3 (Wi-Fi Protected Access 3) to mitigate replay attack threats