AOH :: ISN-3253.HTM

How many wireless vulnerabilities are really out there?

How many wireless vulnerabilities are really out there?
How many wireless vulnerabilities are really out there? 

By Bert Latamore
November 09, 2006 

You hear a lot about wireless security threats, but do you know how many 
there really are? Or what kinds of vulnerabilities exist? Or what 
exactly "wireless phishing" means?

The Wireless Vulnerabilities and Exploits group has been cataloging 
security vulnerabilities on wireless networks, primarily Bluetooth and 
the various flavors of 802.11, for nearly a year. Started by Network 
Chemistry, it now has 134 wireless vulnerabilities documented on its Web 

"We started this because while a lot of attention is devoted to 
vulnerabilities in operating systems and software, much less is focused 
on the network layer and very little on wireless networks," says Network 
Chemistry Chief Technology Officer Chris Waters. Network Chemistry 
invited recognized experts from across the wireless industry to serve on 
its editorial board. They review and classify reports of vulnerabilities 
and exploitation attempts sent by a variety of sources.

"Anybody can send in reports," says Joshua Wright, senior security 
researcher at Aruba Networks and a founding member of the editorial 
board. Aruba recently signed up as a sponsor of the WVE. "We are very 
sensitive to disclosure practices, so we don't make information 
available to the attack community before the vendors who mitigate these 
problems know it," Wright says.

Tracking standards

Keeping the vendors and the public informed about security threats is 
one of the main purposes of the group, and the complete catalog of 
threats and exploits is published on the Web site. "Anybody can use it 
as long as they attribute it to the organization," Waters says. It also 
tracks emerging standards, often a confusing area in the wireless space.

He estimates that the site now has about 80% of the total 
vulnerabilities catalogued. "We started with the more recent issues and 
now are going back to earlier problems," he says. This is a useful 
reference for IT security and network personnel, both for potential 
vulnerabilities in the enterprise wireless network and of dangers their 
end-users face when outside enterprise walls. It covers both the 
vulnerabilities themselves and the methods and tools that are being used 
to attack them.

The other purpose behind the group is to build a common vocabulary of 
terms and reference numbers for vulnerabilities to facilitate 
communications both between humans and machines. "Often different people 
use different terms for the same exploit or the same term for different 
vulnerabilities," says Wright. "I see this especially in my classes at 
the SANS Institute, where I teach. One day for instance someone 
mentioned a 'wireless phishing attack.' To this day I don't know what 
wireless phishing is. We give the community a common vocabulary with 
published definitions. When we see that referenced in other venues, we 
know we are talking about the same thing." This becomes the basis for 
discussions about wireless security issues.

Human communications is one of the issues. The other is machine and 
software communications. "If an intrusion detection system, for 
instance, detects an exploit and can identify it with a WVE number, then 
it can communicate that to other security devices and databases," says 
Waters. "Systems from different vendors can communicate, research and 
react to the exploit in a more coordinated manner."

Valuable info

"This is also a valuable resource for network professionals to use to 
keep current with what is going on out there," Wright says. "The 
database has so much information that isn't available anywhere else."

Aruba Networks recently joined the list of WVE sponsors to show that it 
sees unique value in the effort. "We believe in participating in an 
effort that helps the entire industry," Wright says.

As the WVE approaches its first anniversary, Waters says, it continues 
to work to expand the database. And as new wireless technologies such as 
WiMax emerge it will consider whether to include them.

And "wireless phishing" is identified in the WVE database as AP 
spoofing, in which the perpetrator creates a false AP that appears to 
the user to be legitimate but which connects him to the perpetrator's 
computer rather than to the real wireless network. This technique has 
been used to steal network access codes and passwords.


Bert Latamore is a journalist with 10 years' experience in daily 
newspapers and 25 in the computer industry. He has written for several 
computer industry and consumer publications. He lives in Linden, Va., 
with his wife, two parrots and a cat.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods