News

Wireless security concerns invade InfoSec conference

by Guy Kewney | posted on 25 April 2002


A "lite" profile virtual provate network for palm-top devices shows that wireless security has, finally, started to appear on the agenda of exhibitors at Infosecurity Europe, a conference and expo just finishing in Olympia, London.

Guy Kewney

Most of the exhibitors remain focused on firewall management, network router security, and attempting to make ordinary humans behave rationally in secure environments; but this year, there are genuine breakthroughs in the wireless arena.

The "scare story" merchants, of course, are prowling the aisles. The organisers hired four "black hat" hackers, who showed up suitably costumed with face masks, balaclavas, and the like, to lecture conference delegates on the dangers they can pose. But their numbers have been augmented for 2002 by people prepared to demonstrate failures of wireless security.

<1/> Gunter Ollman

Gunter Ollman of Internet Security Systems brought WiFi sniffing equipment which, he says, reveals that there were 50 or more "unofficial" wireless networks at the Olympia venue, "and over 400 laptops, equipped with WiFi circuitry, and constantly broadcasting, polling for their home access point."

Ollman was doing presentations on wireless security at the show. He's planning to release a white paper on the subject within the month.

Perhaps an even bigger breakthrough, was the pocket VPN for mobile platforms launched by Certicom under the Movian brand name. Clients were demonstrated for PocketPC, PalmOS and Symbian mobile devices. The algorithm behind this is elliptic curve cryptography, said officials at the show, "which helps reduce the processing overhead on relatively low-power devices."

In the past, it had been thought that the effort of encrypting and decrypting messages to full VPN levels would prove too demanding a task for small, slow processors like the one found in Nokia's 9210 phone; but Certicom claims to have it working satisfactorily.

Wireless users are part of the reason Array Networks have "beefed up" the normal Web proxy software in its all-in-one router/firewall/ proxy boxes it sells, to include a security proxy. CEO Donald Massaro said that in previous years, it was most important to get the speed of web servicing up, but that things had changed, and that security was now far more important than it had been.

"Secure Web Traffic manager does end-to-end secure sockets layer (SSL) accelerated," he said. "We're pretty proud of the speed we're getting, since we're doiong this with a lot more scanning of the messages. For example, when we're pushing corporate Web services out to remote users, we're not just parsing the HTML header any more; we're scanning the entire message for links to internal servers which won't mean anything to an outside browser, and we're re-writing the page."

<1/> Simon Gunning<1/>face obscured by request<1/>
Consultant Simon Gunning from DigiLog said that the UK was still innocent when it came to wireless security. He pointed to his own site for examples of exposures he's done on wireless audit, of open and highly confidential data being broadcast around the City of London, and forecast that things would get much worse.

"In America, where people have been using these things longer, they are now getting hacked once a day by kids in a car with a Pringles tube antenna; and the software they are using is evolving very rapidly," he said. "We've seen some software which not only sniffs for the network name but actually 'floods' an access point with data on all channels to force it to re-acquire all the clients it is talking to. Then this gives the hacker an open channel to pick up hidden and secure data used to log the clients on. It's such dangerous software I won't even say where it can be found, because I don't want to encourage hackers to use it."

Gunning said that American network managers were evolving to tackle this sort of attack. By contrast, he said, most UK wireless networks were still unprotected beyond some attempt to hide the network identity, and were easy meat for hackers.

Gunning also showed some of the distances over which the supposedly short-range WiFi transmitters can be made to work, with pictures from Hawaii or the one below, with ranges of several miles.

<1/> twenty-six mile WiFi antenna!