IT and telecom were quick to realize that the latest of Wireless technologies - WiMAX - suffers from security risks, vulnerabilities and unexpected dangers. In fact, WiMAX offers a significant number of vulnerabilities and many of these are just at the beginning stage of their thorough examinations.
The WiMAX security model concentrates mainly on theft of data and service. WiMAX also fixes some of the vulnerabilities we had faced in WiFi. As with virtually any type of technology, it is expected from many products they will have some sort of security flaws. Same goes with WiMAX, which lacks enhanced security in many aspects. It is true that Wireless networks are comparatively less secure than wired networks. It is because they lack a physical infrastructure, which has been proven to be more secure.
WiMAX has adopted IEEE 802.16 standard, which is found to have security flaws, vulnerability in authentication and key management protocols. WiMAX has shown failure in data encryption, too.
Message replay is one of the most common attacks on authentication and authenticated key establishment protocols.The purpose of replay based attacks is to flood a network with false management frames, which results in creating of a denial of service (DoS).
WiMAX has implemented a unidirectional authentication scheme, which uses X.509 certificates from user to WiMAX base station; but there is no such provision for base station to user authentication. This is a potential vulnerability in the system, attackers can intercept requests initiated by user and then they can easily spoof the responses -making themselves self-authorized to use the 'access point' fraudulently.
Jamming and scrambling attacks are also among the main concerns for the WiMAX adopters. These attacks are dangerous where an attacker attempts to manipulate RF signals in hope for becoming able to interfere with WiMAX connections. Other common attacks associated with WiMAX are many, such as session attack, reflection attack and interleaving attack. Kismet and airsnort are known 'over the air' sniffers, which help attackers to capture the transmitted data, which can then be decoded for misuse.