Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look at the State of Wireless Security

Posted by Soulskill on from the tubes-of-the-ether dept.

An anonymous reader brings us a whitepaper from Codenomicon which discusses the state and future of wireless security. They examine Bluetooth and Wi-Fi, and also take a preliminary look at WiMAX. The results are almost universally dismal; vulnerabilities were found in 90% of the tested devices[PDF]. The paper also looks at methods for vendors to preemptively block some types of threats. Quoting: "Despite boasts of hardened security measures, security researchers and black-hat hackers keep humiliating vendors. Security assessment of software by source code auditing is expensive and laborious. There are only a few methods for security analysis without access to the source code, and they are usually limited in scope. This may be one reason why many major software vendors have been stuck randomly fixing vulnerabilities that have been found and providing countless patches to their clients to keep the systems protected."

6 of 107 comments (clear)

  1. If only we could contain the wireless signal by Anonymous Coward · · Score: 5, Funny

    ...in some kind of tube that we could install between the source and the destination.

  2. OSS by Anonymous Coward · · Score: 5, Insightful

    What we need is a strong, coordinated, open-source effort to create new standards for networking devices, rather than rely totally on proprietary software.

  3. Re:Security is relative by erlehmann · · Score: 5, Funny

    Fact is, a skilled hacker/cracker can defeat any encryption or any security you set up, no matter how advanced.

    do you got some of these skilled hackers ? i have a large semiprime to factor ...
  4. Re:Security is relative by Marcion · · Score: 5, Insightful

    If you meet a skilled hacker, no matter what you throw at him/her they will be able to beat it. However most security holes aren't a huge deal because as long as there isn't a .exe that Joe Script-Kiddy can execute its not going to be exploited.

    You are missing the vital link here.

    1. Skilled Cracker will find your security hole.
    2. Skilled Cracker will then brag about it on a forum and provide example code.
    3. Not-so-skilled cracker-wanabee will fill it out and package it as a .exe
    4. Joe Script-Kiddy executes the .exe

    On the Web, this cycle does not take very long. Imagine 1+2 happens on Friday, by the time you come back to work on Monday your server is being accessed.

    --
    My little Linux and tech blog
  5. Re:Security is relative by Omnifarious · · Score: 5, Informative

    Lack of security in wireless isn't that huge of a deal. If you meet a skilled hacker, no matter what you throw at him/her they will be able to beat it.

    Bzzzt! Wrong! I really hope you aren't a programmer.

    There are encryption algorithms and protocols that are so good that nobody has figured how to defeat them, most likely even including the secret labs of various governments. Mostly what happens is that in practice they are misapplied or the person applying them doesn't understand them well enough and cuts a corner that results in a fatal implementation flaw.

    What I really don't get is public standards that have this problem.

    Those facile assumptions of yours as well as the pervasive defeatist attitude are likely the main reason there are so many problems in various commercial products.

    --
    Need a Python, C++, Unix, Linux develop
  6. Re:Wireless security is perfect..... by The+Mighty+Buzzard · · Score: 5, Insightful

    On the up side, if we're talking a wireless setup with the weak signal most home setups have, anyone attempting to crack it is also within physical ass-kicking distance. Minimalist security, a fair IDS, and a lead pipe are all you need unless we're talking something with a larger coverage than most WAPs.

    --
    Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.