The most prevalent wireless threats

Editor's Note: Welcome to NetworkWorld.com's first Wireless Security column. Every other week, experts from Wireless Vulnerabilities and Exploits will answer questions on the tough wireless security issues. Have questions? Get them answered - write wireless-security@nww.com.

What are the most prevalent wireless security threats based on submissions to the WVE?

With the prevalence of mobile devices and the increasing use of wireless-aware applications, enterprises need to continually track the threats that they face and take steps to mitigate them. Interesting trends about the nature of wireless threats are emerging, and the WVE database has revealed product defects, user and client behavior, and advancement in attacks and tools as the most prevalent types of submissions thus far.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Editor's Note: Welcome to NetworkWorld.com's first Wireless Security column. Every other week, experts from Wireless Vulnerabilities and Exploits will answer questions on the tough wireless security issues. Have questions? Get them answered - write wireless-security@nww.com.

What are the most prevalent wireless security threats based on submissions to the WVE?

With the prevalence of mobile devices and the increasing use of wireless-aware applications, enterprises need to continually track the threats that they face and take steps to mitigate them. Interesting trends about the nature of wireless threats are emerging, and the WVE database has revealed product defects, user and client behavior, and advancement in attacks and tools as the most prevalent types of submissions thus far.

Vulnerabilities exist in all complex networking systems, especially in emerging solutions that support wireless communications. This is particularly true for wireless networking infrastructure and client equipment such as access points (APs), WLAN controllers, and VoIP phones. The database contains a number of product defect entries, including a number on APs suffering from authentication management and denial of service (DoS) vulnerabilities.

Other entries concern many phones that have shipped with remote debugging features enabled, leaving them open to a myriad of different attacks. The number of these attacks will likely increase with the wider deployment of voice over WLAN (VoWLAN) equipment.

Numerous submissions deal with user and client behavior. The increased use of wireless-enabled devices by business travelers, the growing amount of confidential data residing on wireless-enabled laptops, and the ease with which users can engage in risky behavior are all cause for concern.

Because users typically value connectivity over security, they may use ad-hoc networks. Client software is also partially responsible for problems; a recent advisory note from the WVE Editorial Board noted that in some configurations a client will connect to an ad-hoc network with the same service set identifier (SSID) as one of its preferred networks.

In addition, another recently published entry on the site described a vulnerability that can enable an attacker to spoof Wired Equivalent Privacy (WEP)-encrypted networks that a client has been configured to connect to. This combination of behavior and client vulnerability is leading the hacking community to focus on attacking endpoints rather than on finding more efficient ways to attack 802.11 itself.

Finally, recent submissions also include advancements in attacks and tools. Understanding the tools hackers use to penetrate security mechanisms is critical when it comes to designing secure wireless networks. The WVE analysis of submissions shows hackers are now beginning to use more sophisticated techniques such using 'gray' or 'covert' channels that make it harder for an intrusion detection system to detect an attack. Attackers also are increasingly using offline Rainbow-table-like tools, which can reveal passwords quickly, to mount attacks against networks. These techniques are beginning to be seen in tools such as the newest release of the humorously named coWPAtty, which allows an attacker to pre-generate key material for cracking WPA-PSK keys. In addition, a new tool called RCovert allows data to be transmitted in 802.11 ACK.