ITEC 264

Research Assignment: Wireless Security

By Jeff Meadows
 Introduction
Over the last few years, the IT and business industries have seen an exponential increase
in the amount of mobile devices used in the workplace. Technology has advanced enough that
futuristic smartphones are now common amongst white-collar workers, and advanced devices
such as tablet PCs are just now becoming affordable enough to be viable solutions for the
business world’s ever-growing need for data technology. The trend is so widespread that many
companies are now offering new recruits a free smartphone and service contract as a
recruitment bonus, so as to attract more talent and encourage the usage of these time-saving
devices. In countries such as Japan, cell phone service has become so saturated that service
contracts are incredibly cheap and comprehensive, leading to 75% cellphone ownership rate
amongst the general public.

What, then, is the problem with this rapid propagation of mobile devices? For those who
use their mobile devices as part of their job, the problem is security. Although mobile devices
are convenient, they introduce a multitude of security problems due to their mobile nature and
the various ways they interconnect. In general, the two most defining characteristics of any
kind of mobile device are networked and mobile. In other words, mobile devices need to be
able to interconnect and share data across many different kinds of networks (public telephone
network, public Wifi, Internet, and Bluetooth, among others), but they also need to be
completely mobile. These two requirements mean that mobile devices rely almost exclusively
upon wireless networks, and this means that they are susceptible to all the security problems
inherent in wireless networks. This problem is made worse by the fact that many white-collar
workers store valuable work-related data on their devices, giving malicious hackers a financial
motive to compromise them.

The consequences of a lost phone or compromised security can (and often do) extend far
beyond the immediate financial costs. Replacing a lost phone is incredibly easy, in most
situations it’s the data on the phone that is irreplaceable. Losing personal data can be a
significant risk even for non-business individuals, as there is often enough information stored
on the phone (and on the services the phone can access) to allow attackers or other malicious
individuals to make a good start on stealing someone’s identity. This can mean falsified credit
charges in that person’s name, the ruining of their credit rating and reputation, and legal
challenges that can take years to sort out. If actual business data/corporate secrets are stolen,
the damage can be in the millions of dollars.

In addition to identity theft, there also exists the possibility of blackmail. If a person’s
phone contained embarrassing, incriminating, or even illegal material, an intelligent identity
thief could use this information as leverage to manipulate or control the person it belongs to.
This raises the frightening prospect of attackers compromising not just data or trade secrets,
but entire people. This is particularly dangerous if the blackmailed person is working on
something sensitive for the government/corporations, as this could give external agencies a
way to infiltrate secret projects and steal/damage even more information.

This potential for huge security breaches and identity theft means that smartphones and
mobile devices must be secured and used with data safety in mind. Security practices for
mobile devices can be divided into three main categories: WiFi security, Bluetooth security, and
physical security. These three areas cover most of the major security issues with devices such as
tablet PCs and smartphones, although there are other concerns outside these categories. There
are also many ways to improve mobile security that can be applied and used by the average
person, as plenty of security companies (Kaspersky and Trend Micro amongst them) have
caught on to this growing market and released excellent mobile security suites.

WiFi Security
 Due to the need for mobile devices to be, well, mobile, they are rarely if ever connected
to any kind of wired network. This means that all Internet communication must be conducted
over wireless networks, and the most popular technology for wireless internet access today is
the 802.11 standard (WiFi).

Thanks to advances in networking technology, most smartphones and the vast majority of
tablet PCs have WiFi chips/drivers built in, reducing/removing the necessity of telecom data
plans for Internet data transmitted over the phone network. That kind of data access can be
convenient where WiFi is not available (telecom cell phone signals cover areas in the square
kilometers, as opposed to ~100 feet for WiFi), but it is most economical for the phone user to
make use of public WiFi if available. The reasoning for this is simple: public WiFi bandwidth is
free, whereas telecom-based data is expensive. Many coffee shops or department stores will
set up public access hotspots as a courtesy to their customers, and thus people with WiFi-
enabled devices can save a fair amount of money on telecom data plans.

The problem with these hotspots, however, is that virtually all of them are unsecured,
with no way of restricting who can log on or exchange data on them. This opens the door to
exploits like man-in-the-middle or ARP poisoning, which can be used by malicious hackers in
order to obtain login information or even plant a backdoor/malware program on the
unsuspecting user’s device. As well, many hotspots or unsecured routers are often left in their
default, non-configured state, allowing administrative access to all the router’s functions so
long as the default password is supplied (easily obtainable by Googling the router model). Once
an attacker has this access, it is much easier for him/her to plant sniffing programs, redirect
network traffic, and launch attack scripts.

Also of note are the potential security problems inherent in one of the upcoming WiFi
standards: WiFi Direct. This new protocol enables WiFi devices to form direct peer-to-peer
connections with each other, bypassing the current need for a centralized, dedicated device (a
router or access point, in other words). Although this new protocol will no doubt have its
merits, it has the potential to introduce numerous new security headaches to already-secure
networks. In most large organizations the security software and encryption is applied centrally
from the networking equipment instead of being installed on every device: this allows the
network to add more clients easily and streamlines security administration. WiFi Direct would
undermine this system by allowing attackers to create a direct wireless link to their intended
target, thereby bypassing the security programs of the router. Although this standard has not
been formally adopted yet, it will likely debut in early 2011.

Bluetooth Security
 Of the various wireless networking protocols to be developed in recent years, Bluetooth is
probably the one with the most media hype and expectation attached to it. Although Bluetooth
has found its way onto almost every wireless device possible (laptop, smartphone, tablet PC,
etc), the vast majority of end-users have little to no idea of how it works, or even how to use it.
The notable exception to this is the usage of Bluetooth headsets, which have gained popularity
lately and use Bluetooth fields to connect to the user’s phone.

Technology-wise, Bluetooth is a short-range, low power wireless technology that allows

Security-wise, there are still several problems with the technology, including the well-
publicized “Bluetooth viruses” that began to propagate wirelessly from phone to phone in 2004
and 2005. The Bluetooth protocol does provide enough security settings to ensure secure
communications, but by default they are turned off. This is (or should be) a great concern for
smartphone users, as the fact that almost every mobile device has Bluetooth capability means
that Bluetooth capability can quickly become a security flaw.

Security Settings

Despite the potential for misuse and exploitation of Bluetooth, there are in fact numerous
security protocols and settings built into the specifications of the technology that can be used
to minimize risk and reduce vulnerability. Bluetooth offers 3 primary security settings that
dictate how the device secures its Bluetooth traffic: Unsecured, Link-Level Security, and Service-
Level Security. It is essential that any mobile device containing sensitive info is set to the proper
security levels, to prevent data loss or unauthorized access.

In Unsecured mode, the device does not encrypt traffic and does not attempt to initiate
any security measures when connecting or sharing data with another Bluetooth device. This is
the default mode, and for obvious reasons it is not recommended to keep your device on this
setting.
*This document does not contain the rest of the report. For a full version, please contact [email protected].*