By Bert Latamore
November 09, 2006
You hear a lot about wireless security threats, but do you know how many
there really are? Or what kinds of vulnerabilities exist? Or what
exactly "wireless phishing" means?
The Wireless Vulnerabilities and Exploits group has been cataloging
security vulnerabilities on wireless networks, primarily Bluetooth and
the various flavors of 802.11, for nearly a year. Started by Network
Chemistry, it now has 134 wireless vulnerabilities documented on its Web
"We started this because while a lot of attention is devoted to
vulnerabilities in operating systems and software, much less is focused
on the network layer and very little on wireless networks," says Network
Chemistry Chief Technology Officer Chris Waters. Network Chemistry
invited recognized experts from across the wireless industry to serve on
its editorial board. They review and classify reports of vulnerabilities
and exploitation attempts sent by a variety of sources.
"Anybody can send in reports," says Joshua Wright, senior security
researcher at Aruba Networks and a founding member of the editorial
board. Aruba recently signed up as a sponsor of the WVE. "We are very
sensitive to disclosure practices, so we don't make information
available to the attack community before the vendors who mitigate these
problems know it," Wright says.
Keeping the vendors and the public informed about security threats is
one of the main purposes of the group, and the complete catalog of
threats and exploits is published on the Web site. "Anybody can use it
as long as they attribute it to the organization," Waters says. It also
tracks emerging standards, often a confusing area in the wireless space.
He estimates that the site now has about 80% of the total
vulnerabilities catalogued. "We started with the more recent issues and
now are going back to earlier problems," he says. This is a useful
reference for IT security and network personnel, both for potential
vulnerabilities in the enterprise wireless network and of dangers their
end-users face when outside enterprise walls. It covers both the
vulnerabilities themselves and the methods and tools that are being used
to attack them.
The other purpose behind the group is to build a common vocabulary of
terms and reference numbers for vulnerabilities to facilitate
communications both between humans and machines. "Often different people
use different terms for the same exploit or the same term for different
vulnerabilities," says Wright. "I see this especially in my classes at
the SANS Institute, where I teach. One day for instance someone
mentioned a 'wireless phishing attack.' To this day I don't know what
wireless phishing is. We give the community a common vocabulary with
published definitions. When we see that referenced in other venues, we
know we are talking about the same thing." This becomes the basis for
discussions about wireless security issues.
Human communications is one of the issues. The other is machine and
software communications. "If an intrusion detection system, for
instance, detects an exploit and can identify it with a WVE number, then
it can communicate that to other security devices and databases," says
Waters. "Systems from different vendors can communicate, research and
react to the exploit in a more coordinated manner."
"This is also a valuable resource for network professionals to use to
keep current with what is going on out there," Wright says. "The
database has so much information that isn't available anywhere else."
Aruba Networks recently joined the list of WVE sponsors to show that it
sees unique value in the effort. "We believe in participating in an
effort that helps the entire industry," Wright says.
As the WVE approaches its first anniversary, Waters says, it continues
to work to expand the database. And as new wireless technologies such as
WiMax emerge it will consider whether to include them.
And "wireless phishing" is identified in the WVE database as AP
spoofing, in which the perpetrator creates a false AP that appears to
the user to be legitimate but which connects him to the perpetrator's
computer rather than to the real wireless network. This technique has
been used to steal network access codes and passwords.
Bert Latamore is a journalist with 10 years' experience in daily
newspapers and 25 in the computer industry. He has written for several
computer industry and consumer publications. He lives in Linden, Va.,
with his wife, two parrots and a cat.
Subscribe to InfoSec News