Technical measures alone cannot address all the security-related issues wireless technology has brought about, write Johnny Cache and Vincent Liu in ‘Hacking Exposed Wireless’ (www.tatamcgrawhill.com). Creation of policies regarding the handling of wireless security issues and enforcement of the policies will be needed to facilitate risk management, they insist. “Educating network users on computer security and wireless technologies increases the number of individuals who can help identify and remediate problems.”
For starters, the term ‘wireless technology’ encompasses many things, such as GPS (global positioning system) satellites, AM/FM radio, IEEI 802.11 communication hardware, cellular phone networks, and other devices that communicate without a physical connection between them, as informs the intro.
Some applications of wireless technology are in areas and devices that were not traditionally classified as ‘computers,’ the authors remind. “Keyless car entry systems allow drivers to push a button on a key fob to unlock car doors. Wireless headsets give office workers greater mobility to access different physical resources such as books, computers, and the coffeemaker while talking to a customer. Wireless video game controllers let you bounce around the room while playing a fast-paced video game – all without yanking a cord out of the gaming console.”
At the time of writing this, one of the more than thousand Google news stories on ‘wireless hacking’ is about a disgruntled hacker remotely disabling 100 cars. “Omar Ramos-Lopez, a former employee of a used car dealership in Texas, allegedly powered down 100 cars by hacking into a vehicle-immobilisation system,” reports The Christian Science Monitor (www.csmonitor.com), in a story dated March 18. The complaints were initially dismissed as mechanical failure, but then came a rash of up to a hundred customers at one time complaining, informs a quote in the report. “Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”
The alleged capers of Ramos-Lopez have shone a spotlight on vehicle-immobilisation systems, which allow car dealerships to power down cars in the case of delinquent payments, observes Matthew Shaer, the story’s author. “Texas Auto Center, for instance, reportedly kept a database of more than 1,000 customers; if a customer began missing payments, an employee would sign onto the database, and use Webtech Plus to turn off the automobile through the same network technology that powers pagers.”
A game of cat and mouse
With the advent of many wireless attack methods, means to counter the attacks and reduce exposure are also available, reassure Cache and Liu. “The evolution of wireless security continues in a cycle IT professionals will recognise from wired network security – a game of cat and mouse. As new weaknesses are found in wireless networks and protocols, new methods and designs are put into place to address them.”
For instance, frequency hopping, a technique once used primarily by the military, is now used in many wireless networking protocols to make intercepting transmissions difficult, the authors inform. They speak of specially designed antennas used for reducing the area where radio transmissions can be received; and the cryptographically strong hashing and encryption algorithms that are being analysed and implemented at multiple layers of the networking stack.
“These measures provide a defence in depth – the compromise of a single security mechanism still leaves in place other protection mechanisms to offset the risk. This strategy prevents new exploits and attacks from gaining complete access to sensitive networks.”
Recommended addition to the security professionals’ shelf.