Security and Privacy Issues of Wireless Technologies



Similar documents
Wireless LANs vs. Wireless WANs

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Connecting your Aiki phone to a network

Using Wireless Technology Securely

Guide for wireless environments

Wireless Network Standard and Guidelines

Beginners Guide to Mobile Technology

Security in Wireless Local Area Network

CS549: Cryptography and Network Security

INFORMATION ASSURANCE DIRECTORATE

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Wireless Broadband Access

Wireless (Select Models Only) User Guide

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Wireless (In)Security Trends in the Enterprise

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

Telemarketing Selling Script for Mobile Websites

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

1. What is the main difference between the X3 micro and other Bluetooth headsets? 3. How does the X3 micro use the Bluetooth technology?

Wireless g CF Card User Manual

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

User Guide. E-Series Routers

Go Wireless. Open up new possibilities for work and play

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

Wi-Fi, Health Care, and HIPAA

Chapter 2 Wireless Settings and Security

9 Simple steps to secure your Wi-Fi Network.

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

54M/150M/300Mbps USB WIRELESS ADAPTER. User s Manual Version 2.0

AirStation One-Touch Secure System (AOSS ) A Description of WLAN Security Challenges and Potential Solutions

THE LITTLE BIG BOOK OF BADNESS

Top 10 Security Checklist for SOHO Wireless LANs

Security and Risk Analysis of VoIP Networks

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

Top 10 Security Checklist for SOHO Wireless LANs

Wireless Encryption Protection

Radio Frequency Identification (RFID)

Running Head: WIRELESS NETWORKING FOR SMALL BUSINESSES. Wireless Networking for Small Businesses. Russell Morgan. East Carolina University

Conducting Virtual Meetings

12. INDOOR INSTALLATION

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

Wireless Networks. Welcome to Wireless

Wireless (Select Models Only) User Guide

How To Use A Femtocell (Hbn) On A Cell Phone (Hbt) On An Ipad Or Ipad (Hnt) On Your Cell Phone On A Sim Card (For Kids) On The Ipad/Iph

First of all Let's look at how you would connect your laptop via Ethernet, as it is the easier of the two methods.

Secure Active RFID Tag System

Securing end devices

Wireless-N. User Guide. PCI Adapter WMP300N (EU) WIRELESS. Model No.

S4 USER GUIDE. Read Me to Get the Most Out of Your Device...

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

Cisco Aironet Wireless Bridges FAQ

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

This KnowledgeShare document addresses the main types of wireless networking today based on the IEEE standard.

Chapter 2 Configuring Your Wireless Network and Security Settings

Frequently Asked Questions

WLAN-Antenna Project

wireless broadband information

Jabra FREEWAY. User manual.

54M/150M/300Mbps USB WIRELESS ADAPTER. User s Manual Version 1.8

Wireless Network Security When On the Road

Time & Access System An RFID based technology

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Basic Computer Security Part 2

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Jabra CRUISER2. User manual. MUTE VOL - VOL + jabra

ADDENDUM - Bluetooth interface Option Instructions for using Extech Printer with a Bluetooth device

Setting Up Your Wireless Network


WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Securing your Linksys Wireless Router BEFW11S4 Abstract

Corporate Account Takeover (CATO) Risk Assessment

Wireless Security: Secure and Public Networks Kory Kirk

What is Bitdefender BOX?

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

The OneBox Phone System - Feature List

Frequently Asked Questions

How To Understand The Power Of An Freddi Tag (Rfid) System

Security in Near Field Communication (NFC)

Wireless Troubleshooting

DEVELOPING A SOCIAL MEDIA STRATEGY

You CAN do More!...3 H) Put Your Banner on our Newsletter... 3 I) Sponsor a Live Event... 4

How to connect your D200 using Bluetooth. How to connect your D200 using GPRS (SIM Card)

Community Broadband. What is it? What is involved? How much does it cost? What to do next? Common Questions

Transcription:

Security and Privacy Issues of Wireless Technologies Collin Mulliner <mulliner[at]cs.ucsb.edu> http://www.cs.ucsb.edu/~mulliner/

Agenda Introduction Issues Technology specific issues Wi Fi Bluetooth RFID Misc. Conclusions

Introduction Wireless technologies are part of our daily lives They already influence our social interaction and will even more in the future We trust that they just work and maybe you already have a bad day if they don't Are we aware that we use them all day long? maybe most of the non techy people aren't

The Wireless Medium The wireless medium is a shared resource anyone, with the right equipment, can access it walls, doors, security guards don't stop the radio waves You can see when other people are access it other people see you Data send over wireless is public anyone can see what you are doing (we save encryption for later)

Where Wireless is used Home and Office wireless access points for laptops or handhelds Commercial applications infrastructure, hotspots, cash registers, etc... Personal usage cell or smart phones, PDAs, cars, etc...

Personal Data What is personal CC, SSN, phonebook, calendar, password, etc... your daily routine where do you go, what do you do, who do you know Where do you keep your personal data PC, laptop, PDA, cellphone What data is somebody else keeping about you where do they keep it?

Now Combine Your valuable data is wirelessly access able Anyone can access it, this means: data theft / financial harm privacy invasion reading your email or Amazon orders identity theft, your... social security number internet connection phone number

Relax Its not that bad!

Issues Wireless technology is design for EaseOfUse changing fast and continuously evolving hard getting it right The average user just doesn't know how and why

Safety Would you drive a car that is known for harming it's passengers? its really easy to use, you don't have to walk no need to adjust to the bus schedule Would you use a technology that is known for... its really easy to use, you don't need to plug in no need to buy 100 cables and adapters You do both, just need to watch out for yourself

Technology Specifics Theory is done... lets checkout the specifics Also the different technologies are somehow similar, they all have their own special problems The next slides cover Wi Fi Bluetooth RFID and very briefly mobile com. systems and Clickers

Wireless Lan/Wi Fi (802.11) Most popular wireless technology not counting mobile phone technologies like GSM! Its been around for quite some time now basically replaces wired networks widely adopted for all kinds of things EaseOfUse principal access points announce them self's to help the user plug 'n play auto configuration, it just works

Wi Fi cont. You're not the only one to see the access point announcing itself everybody in range can use it (sometimes by accident) The whole EaseOfUse thing created a new sport or hobby called WarDriving basically you drive around with a car packed with a laptop and a pile of wireless equipment to find and catalog access points

WarDriving

WarDriving cont. Most wardrivers are friendly, they just want to explore their neighborhood have non destructive/harmful fun read their email Wardriving mostly not necessary anymore way to many people run access points these days just switch on wireless and you're connected

Wi Fi Abuse Open access points can cause all sorts of problems and easily get you in to trouble data theft CC, SSN, other valuable data on your network identity theft (committing crimes in your name) fraud (ebay, etc...) SPAM privacy invasion read your email or instant messages

Wi Fi Abuse cont. Public hotspots are equally dangerous profiling individuals using their hardware directed attacks, you and your laptop are visible executive lounge at airports, hotel lobbies, $tarbucks... security is up to the user since lowlevel security mechanisms mostly don't work here (more on the next slide)

Secure Wi Fi Many protection mechanisms (thru encryption) the secure versions of POP/SMTP/HTTP/... for closed networks WEP Wired Equivalent Privacy (broken) WPA Wi Fi Protected Access for public networks VPN Virtual Privat Network (a cooperate thing) All in all its not that bad, but... you're still track able

Bluetooth Short range wireless technology replaces cables and infrared Mostly used by small mobile devices cell and smart phones, PDAs and laptops, etc... Typical applications are dial up networking using a cellphone business card exchange using a cellphone or PDA wireless headsets

Bluetooth cont. Point to point semantic other then Wi Fi which is basically broadcasting therefore sniffing Bluetooth is much harder and in fact can't be done with consumer equipment More secure by design, some features are: can be set to a non visible mode only respond to known devices traffic encryption

Bluetooth Bugs Many implementation bugs in various devices Especially cellphones are affected some bugs allow: copying phonebook and calendar entries initiating calls and sending text messages Denial of Service (DoS) attacks (phone becomes unusable) special kind of wiretapping using a phone or a hands free car kit as a bug

Bluetooth WarDriving Apply what you have learned from WarDriving not drive but walk or have a coffee and wait Supposed to be short range (10 100m) same frequency as Wi Fi, reuse Wi Fi antennas A new hobby...

Bluetooth WarWaiting

Bluetooth Examples Copy phonebook at interesting events Capitol Hill press conference done in germany, got secret service internal phone numbers Social engineering use names from copied phonebook to gain trust Tap wireless headsets of cars driving >80mph you can also talk to the driver

Bluetooth Abuse Most Bluetooth devices are very personal cellphone or PDA Can be abused to track and profile individuals tracking done to proof feasibility (where is person X) companies sell products to do this BlueSpam, spam via Bluetooth to your phone again, companies sell products to do this

RFID RadioFrequencyIDentification small tags/transponders which can be read wirelessly by small we actually mean very small (post stamp or rice) many different types powerless/self powered non/authenticated (encrypted) data transfer readonly/writeonce readmany/read write Works just like anti theft system stores have electromagnetic field powers tag, tag responds

RFID cont. RFID is meant to be very short range (cm) magnetic field strength, security, etc... Data stored on tags GUID Globally Unique Identifier (128bit number) most common for very small passive tags Anything else possible cost, size and power consumption are the main constraints

RFID Usage Access Control / Authentication security badge passport / ID Item identification customer cards goods in warehouses (GUID) not only pallets, every single item! basically everything you can possibly think of

RFID Abuse Risks Tracking and spying open system, readers are cheap and public available tags are mostly not visible and unmarked reading range can be extended using antennas Identity theft tag duplication low security applications (customer cards)

RFID / Proximity Card Cloner

Mobile Communication Systems Systems like: GSM, PCS, CDMA, UMTS, etc... mostly secure against cheap attacks a while ago some issues with GPRS, got fixed Maybe reliability and availability... too many users in a certain area I.V. during Halloween or New Years Eve no total coverage trip to the mountains or desert...

Classroom Clickers (what I found on the net) Infrared based tool found that claims to: RF based easily sniff and display clicks spoof feedback (right/wrong) some interfere with Wi Fi/Bluetooth (2.4Ghz band?) maybe easy to DoS the classroom

Conclusions All the different technologies haven common security and privacy problems each having it's special impact for the users New technologies are by nature more vulnerable like wine, they need to age to become good In general its worse then you think it is at the same time its not as bad as it sounds

End Questions?