Bugs in the Air - The Emerging Wireless Threat

by Trevor Bauknight

Published on this site: May 24th , 2005 - See more articles from this month...

In her Pulitzer Prize-winning novel _Pilgrim at Tinker Creek_, the great nature writer Annie Dillard described learning to truly see nature and things in it. She says that it's important to be able to look at a point in the air between yourself and whatever you had been looking at before in order to see flying insects. In the decidedly unnatural world of wireless data security, it's very similar these days.

If you're like most small business owners, your wireless communications are vital; but they're also a set of vulnerabilities you need to consider before you wind up like Paris Hilton, with your cell phones addressbook posted to the Internet and your private life pried open for the world to view. Well, maybe you wouldn't be exactly like Paris Hilton, but you'd be too close for comfort.

The news a few weeks ago that Paris' private numbers had been posted on the Net, while disturbing, was only the tip of the iceberg. The fact is that, while they're getting better, wireless networks of all shapes and sizes and the devices that connect to them are potential targets of identity thieves and other mischievous and malicious types.

What's That Buzzing?

In an article a few weeks ago, I suggested
http://www.cafeid.com/art-malware.shtml that Microsoft's response to the problem of malicious software and its authors seemed to be designed to kill the mosquitoes but not to dry the mud. But this problem is bigger than one company or one platform, and it has the potential to put a very real crimp in what appears to be some fantastic new technology and applications of it.

An excellent article by Kevin Delaney in the May 17 Wall St. Journal introduces two new terms to the lexicon of computer security "evil twin" and "pharming". An evil twin is a network node set up o look like a familiar access hotspot on a wireless network in order to intercept usernames and passwords sent in an attempt to login. An evil twin set up properly could even act as a gateway for actual traffic and the evil at the keyboard of the twin can scour packets sent through the gateway looking for useful information. These are usually set up at some function where there will be a lot of wireless traffic, such as at airport lounges, hotels, conventions, etc., so there is little threat to home wireless networks where such a scam would be obvious.

"Pharming", following in the fun tradition of naming electronic fraud activities with a 'ph' to remind us how good we had it back when "phone phreaks" would hijack the telephone system in order to simply make a few phree calls to their buddies, takes advantage of a security hole through which pharmer Brown is able to "poison" the cache your domain name server uses to resolve addresses more quickly. When you type in "www.bigbank.com" to transfer some money, your computer asks a DNS server for the associated IP number, and since lots of people like you use bigbank.com's online services, that number is already present in your ISP's DNS cache.

The clever pharmer Brown build a nefarious website similar to an evil twin and then inserts his IP number into that cache, so that your computer visits the malicious one even though you typed in the address yourself. Now all he needs to do is sit and watch you sign in with your name and password, possibly along with your routing number and bank account number. You can already see where this is headed.

Pharming is possibly on both wired and wireless connections; but since
wireless networks are often put together with convenience at the top of the list rather than security, there is a greater possibility that pharmers will find a way in to plant their poison. And like its name implies, pharming can take place on a large scale indeed. If the servers of a large organization are compromised, thousands of people could wind up on the pharmer's server, which, if they trust it to do so, can install all manner of unpleasantness on their hard drives.

What Should You Do?

From an end-user's perspective, the evil twin attack and pharming are nearly impossible to detect. After all, it looks as if you're on a legitimate website, and you typed the name in instead of following a link, just like you should. But there are steps you can take to avoid these pitfalls when you go on the road.

Two things you can do to avoid evil twins are:

1. turn off your
   
   wireless connection until you're ready to connect and
   
   
2. sign up for
   
   common wireless services you may use from a computer connected to a hard connection. The former will help you avoid accidentally connecting to an evil twin while you're moving around and the latter will ensure that your payment information is transmitted securely and the proper certificate for the network is stored safely on your computer.

The best way to avoid pharmers, according to the article, is to make sure that the page you're ultimately hoping to access is a secure page on the real domain of the company you want to deal with. Secure pages begin with 'https://' at the beginning and, after you've established a secure connection with the page, you should see a locked padlock somewhere in your browser's status bar. Pay careful attention, however, to any certificate warnings that may be signs of trouble. Each domain (bigbank.com) will have a secure certificate, and if another domain like identitypharm.com tries to establish a secure connection with your browser, you'll see a warning.

There are other points of vulnerability when it comes to wireless communications. After all, each device is a radio when it comes down to it, and radio waves can't be restricted in terms of their destination. You have to rely on the ability of the protocols, the spread-spectrum transmissions and the digital encryption to keep your data private.

Before they went to digital broadcasting and extremely high frequencies, cellular phones used to be notorious targets of eavesdroppers with high-end police scanners that could intercept their calls. In the digital age, with always-on wireless Internet connections, cell phones are merely the largest and most disruptive computer virus outbreak waiting to happen. If you're thinking about
the mother of all overage charges, you're on the right track.

Experts like Bruce Schneier have said that Symantec's recent warnings about cell phone virii are overblown and meant to spur the purchase of unnecessary software, and he's probably right. But it's never too early to start thinking about how secure your cell phone is, especially if it's always connected to the 'Net through GPRS. Handsets do a lot more now than the used to, acting as PDAs, Web browsers and e-mail devices, so security should be a priority for mobile professionals.

Bluetooth, while emerging as the personal-area networking (PAN) technology of choice, is another new area of concern as it typically involves wireless communications between intimate devices like keyboards, headsets, printers, cell phones, PDAs and laptop computers, all of which carry information you may not wish to have posted on the Internet.

Keep yourself up to date. Schneier maintains an excellent website
(http://www.schneier.com/) dealing with security in general and publishes the excellent Crypto-Gram newsletter featuring wide-ranging discussions. You'll find valuable information at the SANS Internet Storm Center (http://isc.sans.org), an excellent resource as well. And we try to make Cafe ID http://www.cafeid.com a one-stop shop for the latest information on security issues facing small businesses and professionals.

As wireless technology grows more capable and widespread, and as our reliance on it becomes nearly universal as it almost inevitably will, we should take the time to implement it securely. Wireless networks are easy to set up and to use; but they're easier to mimic or exploit, as well and more difficult to secure. Wireless data technology is the future, and it's here now. Unfortunately, it's going to require even more vigilance to keep your data secure than ever before.

Trevor Bauknight is a web designer and writer with over 15 years of experience on the Internet. He specializes in the creation and maintenance of business and personal identity online and can be reached at [email protected]. Stop by http://www.cafeid.com for a free tryout of the revolutionary SiteBuildingSystem and check out our Flash-based website and IMAP e-mail hosting solutions, complete with live support.