Wireless perils are nothing new
June 07 2005
Wireless perils are nothing new
A short history of security hazards of wireless communications
When wireless telephone handsets (ordinary phones useful for short-range wandering around the house and garden, not cellular telephones) were introduced into the home market years ago, teenagers very quickly discovered that it was the handset that controlled connection to the public switched telephone network. In other words, putting the handset down on the cradle or picking it up had nothing to do with whether the phone could connect to the PSTN.
Kids began walking around their neighborhoods with their parents’ wireless handsets turned on; after a few hundred feet from home base, they would lose the dial tone. If they kept the handset on, though, sometimes they’d get another dial tone - this one from a compatible wireless phone in a neighbor’s house. The kids could then place long-distance or other chargeable calls at someone else’s expense with little chance of discovery. Sometimes they’d hear a conversation in progress and eavesdrop for a while.
These no-security phones suffered from several design problems:
- Phones from different manufacturers nonetheless had considerable interoperability.
- The transmissions were unencrypted.
- It was difficult to detect an intrusion while it was happening.
Manufacturers scrambled to fix the problems by introducing a wider range of frequencies (so that the handset and the base station could communicate but other phones would be less likely to hit the same frequency) and some simple
encryption methods. Even so, I remember warning corporate clients never to allow a wireless handset into their offices for confidential communications. And as for the idea of using those wireless handsets in airline clubs, ptooie - never use one of those to talk about sensitive details. You never know who might be listening:
http://www.spybusters.com/wireless_phone_alert.html
Cellular (mobile) phones are relatively secure today. Nevertheless, some security experts routinely answer calls on these devices with, “Hi, this is
. This line is not secure.” See: http://www.tinhat.com/cell_phone/mobile_phone_security.html
Similar problems of excessive transparency occurred in the 1980s when wireless LANs began arriving into the world of IEEE 802.3 ethernet communications. Early wireless LANs offered dramatically lower installation costs (retrofitting LAN cable into a ceiling or wall is a dusty, tiresome and expensive job), but they had no encryption at all. People worried even then about the safety of using such systems for any kind of sensitive or critical application.
A similar set of problems has developed with wireless communications using the newer protocols that allow access to the Internet as well as to intranets.
Reproduced from an article published by NetworldWorld
© NetworldWorld
The original article can be viewed here:
http://www.networkworld.com/newsletters/sec/2005/0606sec1.html?fsrc=rss-sec...Permalink Bookmark Digg this story
| About RSS feeds
Get the Industry's top stories delivered straight to your inbox...
