Mobile Wireless Tutorial

7.1 Securing Smartphones

Smart phones are proliferating the consumer market as are tablets. Now during this discussion we've been primarily discussing 802.11 A,B,G, and N wireless networks that you would see in your home or small office. Now we're still going to continue that discussion through most of the rest of the course. But, it's a good thing to bring up how mobile wireless and mobile security is important in today's world. Now, mobile devices such as cellular phones, smart phones, tablets and so forth, make use of 802.11 networks most of the time now. Most of the devices that come out are capable of connecting to an 802.11 wireless network. However, they also employ other connection means such as 3G, 4G, Bluetooth, RFID, Infrared and so forth. That will discuss a little bit because they have some particular vulnerabilities as well In addition to the normal vulnerabilities that these devices would incur when connecting to a regular 802.11 network. So we'll cover some of these things that affect mobile security as well during the next few discussions. First we'll talk about cellphone or smartphone security. Now as we said, smartphones have increased in popularity. Over the past few years and they are proliferating the consumer market. However, the popularity and the lax security controls built into them have made them a huge target for hackers As well as fishers and so forth. A recent US-CERT paper dated 2011 stated that between 2009 and 2010, the vulnerabilities associated with mobile devices and cellphones and smartphones in particular Jumped 42%. Now, this was due to various factors obviously. The proliferation into the market, lacks security controls, joining 802.11 wireless networks, app security and so forth. So take that for what it's worth. However, its worth looking at the mobile security arena to determine how these security vulnerabilities affect our networks. Now, smart phones obviously Are subject to a wide variety of vulnerabilities. Their small, they're easy to hide. So, they're subject to theft, obviously, unauthorized data access through various means. Through Bluetooth, through wireless networks, but also through hacking the phone itself. They also are subject to things called vishing which is the same thing as phishing but it uses voice calls. So it's unsolicited voice calls that might persuade you to go and click on a certain link or to give personal information out during the voice call. So vishing is a vulnerability you have to be careful with in the smartphone you use. There's also smishing. And Smishing is a form of phishing as well, but it's in the form of a unsolicited SMS or MMS messages that come to your phone and may ask you to text someone back information or go to a particular website. Again phishing and Smishing are social engineering attacks, and they typically are based upon the old tried and true phishing methods Another technical vulnerabilities in smartphone software that we could cover but they're probably too numerous to talk about and most of it has been fixed over the past few years. But you'll still see some vulnerabilities in apps for example. There's also vulnerabilities in the signalling technologies that work with smartphone. Phones and configuration issues can cause problems as well. They can result in vulnerabilities that can be exploited through attacks. For example, there's bluetooth attacks that we'll discuss in another session and this concern Bluesnarfing and Bluejacking, where unsolicited messages are sent to a smartphone Or even the Bluetooth connection on a smart phone can be hijacked and data can be accessed on the smart phone, and commands can be sent to the device itself. We also have the typical 802.11 wireless network attacks, as well as infrared vulnerabilities. And infrared vulnerabilities require line of sight And there's not a lot of them out there, but they may involve denial of service types of things. Some of the attacks on wireless technologies that we've discussed can come from rogue apps on a smartphone that connects to your wireless network. Obviously, that would be a definite vulnerability. Joining unknown wireless networks with your smartphones might not be a wise decision, since those Wi-Fi networks might not be secure and the data you send over them might be intercepted. You also might have a problem with smartphone joining Wi-Fi networks that have weak encryption or authentication controls. Because even though the network itself Might not be malicious. Malicious users might take advantage of that and the data you send from your smartphone to the wireless network could be intercepted. We also have to be careful of ad-hoc connections with wireless devices, particularly mobile devices. Everybody wants to send a picture or Some kind of a file between cellphones. And that's great. But these ad hoc connections can put your phone at risk. Now there are also technologies that deal with cellular, particularly 3G and 4G, that have some vulnerabilities that we've seen over the years. There's some things called cross network services, or cross infrastructure cyber attacks, that can be Implemented on a cellular network or a cellular device. Another vulnerability is the ability to track users and devices, that use 3G networks. And this is based upon the protocol logic that 3G is actually based upon. It's really not a vulnerability with the device The founder of the software, it's the technology itself that enables 3G users to be tracked, there are also session key vulnerabilities that happen when their is device-to-network authentication and the exchange of session keys to protect data that process itself can be flawed. And this could result in the key being compromised and the data being decrypted by an unauthorized user. Another set of vulnerabilities involve things like jamming, and when we're talking about jamming, we're talking about sending signals out that would jam a typical transmission from a phone to a cell tower, for example. So, you might lose your connection. Or not be able to make a connection. There's also a problem out there with spoofing. And spoofing can come from fake 3G transmitters that can be bought for under $1,000. And your phone has a natural tendency to lock onto the strongest signal, and that could be the nearest cell tower. But these fake 3G transmitters Can full your phone in the thinking that they are cell tower and the phone will lock on them. And that would enable an attacker to perform man-in-the-middle attacks, interception, spoofing and so forth. They would also be able to send your phone data as well that you might not want. So those are some of the vulnerabilities associated with smartphones and cellular technologies

7.2 Securing Tablets

No discussion of wireless mobility would be complete without talking about tablets. Now tablets and smartphones have become very ubiquitous. They're in widespread use. They can connect to a wide variety of wireless networks. They are used daily to check email, to surf the web. To stream video and audio, and to play head to head on games. Now obviously these tablets require connection methods to get to the internet and to connect to each other. So they use a wide variety of connection methods, including regular 802.11 wireless, but also Bluetooth, IR, and other technologies. Some tablets also have 3G and 4G built in so they can access networks. Now these tablets obviously run a wide variety of operating systems. We see today out there Windows 8, the Apple iOS, and of course, Android. And with all these different OSs out there, there comes tons of apps. And obviously, there's apps that had been ported From different tablets and different platforms but most Apps can be OS or hardware or platform specific. And because of that, they come with a wide variety of vulnerabilities that can bring issues to your wireless network. Some of these Apps allow ad-hoc connections to another device at the same time, both devices could be connected to wireless networks. Now, this may allow One tablet to access another tablet that's connected to a wireless network. And that would actually bridge that connection. So a tablet that's not connected could actually be connected to the wireless network through another one. So that would be something you'd have to be careful of. Some of these apps that will connect in an ad hoc manner include games that you could play head to head between tablets, It could be file sharing, apps, or productivity apps, things of that nature. Now the apps themselves can also have vulnerabilities that could create issues on wireless networks. For example, they have flaws in their encryption or authentication mechanisms. If they even have those built in in the first place so that's something you have to be careful of as well. The lack of tablet security features concerning wireless networks could allow other devices to access data on the tablet through wireless connections, for example If you have two tablets that are connected to each other through bluetooth, for example, or 802.11 in some manner, there could be some issues with one tablet getting data or an app getting data from another tablet without the user's knowledge. So, that's a possibility that's out there. Now, you also have the regular other vulnerabilities that are present With a typical 802.11 wireless network, of course you have data interception, lack of encryption or faulty encryption mechanisms, and authentication issues. When configuring tablets for security obviously you would want to do the same thing you would do As with other clients, you'd want to use the highest degree of protection possible, either WPA or WPA2, obviously in a small network and there's even tablet that can use 802.1X authentication to larger enterprise level networks. Obviously, you'd need certificates of some sort for this and that had to be able to use or some other advanced form of authentication. So in order to secure your wireless network with tablets, you obviously want to enable encryption and authentication as much as you can, but also protect the device itself. Only use trusted apps, for example. Or use apps that have encryption and authentication methods built into them.

7.3 WiMAX

Another technology that we need to at least touch on when discussing Wireless technology is the fairly new WIMAX technology. Now you've probably heard of different organizations, some of the major carriers that are putting WIMAX in the cities. Now, WIMAX has actually been out there a little awhile already, but it's primarily been used in large corporations that have multiple Locations over city area. Now WiMAX technology is a wireless metropolitan area network, or WMAN, communications technology. And what it was designed to do is provide the last mile, if you will, broadband wireless access. And you would want to do this as an alternative to things like cable modems, DSMs, or fractional T1s, or any other lease lines. A business would get WiMAX to replace all those things. You also might use those in an environment where you have a lot of mobile users, let's say a deliver service, or a courier service for example. Another use of WiMAX is in police, first responder, and so forth types of wireless networks, where there is mobile data on the go for those types of services. Now, the IEEE standard for WiMAX is not 802.11. It's 802.16 and there are several different substandards that go along with that for security, signaling, and so forth And there's several different versions depending upon the year that standard was released. Now WiMAX works off radio just like 802.11 does. And it's links support both line-of-sight, same as say something like infrared would. But it also supports non-line-of-sight, called NLOS. Types of signals. And that's what typical 802.11 will support as well. Now WiMAX again is typically only provided for authorized subscribers to a large organization or a large service provider. So your company may lease this service from a large service provider, for example If you have say a delivery or courier service or another mobile force that's out there that needs to communicate with data instantly and quickly and with a lot of bandwidth. So that's where you'll see WiMAX. Although, there's some consumer WiMAX coming to different cities that is out there that will provide WiMAX services to the average person. Now, WiMAX has a lot of different components that it uses. The physical components that it uses include a base station which basically sends out the signals and receives and routes signals. You would also have a subscriber station and these are smaller versions of the base station typically to put in different area. You may also have a mobile station and that's typically what the user carries around with them. You may also have a relay station that serves to relay network communications. Over a wide area between the mobile stations or the subscriber stations. And finally, you might have the operator network. And that's the infrastructure of the network itself. That would concern itself with IP addressing, routing, and so on. Now WiMAX can be used in a wide variety of architectures. You can have point-to-point, meaning between two devices, You can also have point to multi-point. So say one subscriber station to multiple base stations, or one mobile station to multiple other stations, for example. You can also have things like multi hot relay, for example, and these multi hot relays would go through several stations to get from one end, say of the city to another. Now, as far as security goes for WiMAX. It actually does provide for some security Primarily authentication services and some data confidentiality services. And when we're talking authentication, we're really talking device authentication. However, in terms of vulnerabilities, it inherits some of the same vulnerabilities as other types of wireless do. And those mainly go to encryption and authentication vulnerabilities that might allow the signals to be intercepted and the data to be read. So really, key strength and key protection would be some of the major vulnerabilities there, as well as authentication technologies. For example, there are some stations on the network that don't authenticate to the base station. Some do. It really depends on the type of station that's out there. Another vulnerability of WiMAX is some implementations, particularly older ones, use weak encryption algorithms. Particularly the DES Cipher Block Chaining standard. That was an older standard that used DES, the Data Encryption Standard, way back when. And the first specification that used that in 2004 is an older specification. And that weak encryption can be broken fairly easily. Now in 2009, the newer standard came out that can also use AES, the Advanced Encryption Standard. And that is much better to use. And obviously you would want to make sure your network uses that over DES-CBC. Now were not obviously going to go into a lot of WiMAX discussion, simply because that's beyond the scope of the course, but it is a very Interesting topic. And if you get into the wireless security world, WiMAX is a great niche to get into because it's a wide open field that, not a lot of people work in, just yet because it's still young, relatively young anyway. So if you want to know more about WiMAX, I would recommend that you go and read the NIST Special Publication 800-127. And this is the guide to securing WiMAX Wireless Communications. And it will give you a lot of technical details on WiMAX And maybe point you into a good career direction, again because that's a fertile field for wireless professionals to get into right now.

7.4 ZigBee

Continuing our discussion of different wireless and mobile technologies, let's talk about ZigBee for a few minutes. Now ZigBee, even though it has a funny name, it refers to the 802.15.4 standard that the IEEE put out. And it covers wireless technologies. There are very specifically this sign for automation systems, like industrial control systems, monitoring systems, and so forth, you've probably seen these and used these everyday. A lot of these systems control things like automatically shutting down power, controlling lights, controlling HVAC units, air-conditioning and so forth. There's also some implementations of ZigBee that work around the home. Remember if you have your key fob to automatically open your doors from a distance, you may be using a form of ZigBee, since it's radio. Now ZigBee is a low cost, low power wireless mesh network standard. And when we say wireless mesh, what we mean is that in ZigBee, you can have many many devices all meshed together, communicating with each other. And typically, they're in ad hoc networks. There's no real management for ZigBee networks. Except for a few minor details. The ZigBee Alliance is a group of manufacturers that put out this ZigBee standard and they're the folks who make sure that ZigBee devices adhere to that standard interoperability. Now, these ZigBee devices that you can get can be networked in what's called a wireless personal area network architecture. Very similar to Bluetooth, although ZigBee has a much greater range than Bluetooth does and can use several different devices. In fact, it can contain up to 65,536 devices. Now it uses the same DSSS signaling as 802.11a networks and earlier networks use, but it's not the same thing. In fact ZigBee is not interoperable with Bluetooth or any of the 802.11 standards. Which actually is a good thing because you really would not want interference from those networks to interfere with devices that control things like humidity controls, temperature controls likes and so forth So they're not interoperable at all. Now as we said, ZigBee is used in industrial control systems. So you'll see this in a lot of infrastructure areas like power, lighting, sewage controls, things of that nature, water treatment plants. Wherever there's industrial types of controls going on. And what you might have is communications that happens with between sensors, like power metering, smart meters and so forth. Those kinds of sensors and a central node. And the central node is called the coordinator. Again all this is ad hoc, it's a very small ad hoc network but they all talk to each other. Now you can also, as I said, use some of this at home automation schemes, like light switches and alarm timers. But we really see this more or less in industrial control. There are some consumer devices that use AB as we mentioned. The coordinator controls the entire network. And that's actually where a lot of signalling takes place. Because a lot of these device are lower powered, they tend to go to sleep, at least the end nodes do. And when they're needed, they wake up when a signal is sent to them or when a signal needs to be sent from them to the coordinator. Now as I said, these devices are normally low power. They're always on devices, but they do go to sleep. You can run these from standard double A or triple A batteries for example or the standard 20-32 types of batteries that you see in computers and other small devices. Now we do have security in ZigBee. And this actually includes device authentication through shared keys. Now the shared keys can get their any number of ways. If you buy the ZigBee network, these keys can be preloaded at the manufacturer and mailed out with the devices. But there are also ways to program these devices as well. Now the data that is sent across ZigBee. Uses actually the advanced encryption standard AES and the CCM method that you'll still find in things like WPA2. That kind of encryption is the same as in WPA2 networks. Now, obviously, ZigBee does have some vulnerabilities. Because it's a typical wireless network as well. Maybe not some of the same vulnerabilities, but a lot of them are typical. Things like interception of data could happen, interference and so forth. And really it always gets down to the encryption and authentication methods used in a wireless network that causes the vulnerabilities. Things like weak keys obviously can be a problem, but you also can have keys intercepted. If the keys are not implemented correctly Then you could have a vulnerability there. Some ZigBee implementations in fact have a weakness in their encryption negotiation process where the key briefly is sent out in plain text, so you have to watch for that and it depends on the devices and the type of ZigBee you're using. As to whether that vulnerability is present or not. Another weakness with ZigBee is that management traffic is typically not encrypted. And you might not think that's a big deal. If the data is encrypted, then who cares about the management traffic. But using that management traffic that's not encrypted, you could intercept that traffic And cause things like denial of service or spoofing attacks or rerouting data or turning devices off, using only unencrypted management traffic. So, there's a weakness there as well. Now, again, ZigBee's not one of those things that you're probably going to get involved with a lot. If you're doing 802.11 wireless networks. But it's a good area to get into if you want to get into the industrial control system type of work. So there's a lot of fertile field out there for ZigBee if you want to get into those things.

7.5 RFID

Another wireless technology that we'll discuss, although it really has nothing to do with 802.11 networks, is radio frequency ID, or RFID technologies. Now RFID ID is getting a lot of widespread use over the past couple of years. It's used both in the consumer and the business worlds. And what we do is we use it to track inventory, to control equipment to prevent people from stealing Thing from a store, and things like that. You can even use this in payment methods. Some credit cards are embedded with RFID transmitters and receivers. Now, what RFID if you've seen it, it really makes itself known to small tags that are attached to items. So if you walk into a bookstore, for example, there could be an RFID tag. Hidden in one of the pages of the book. And, when you walk out with the book then the RFID goes through a censor and it triggers an alarm. Now obviously that has to be turned off if the book is paid for. Now, you'll see a lot of these again in stores to prevent theft and so forth, but you'll also see these in consumer applications as well. One thing about RFID is it has a very limited range. Range. There are two types of RFID systems that are basically out there, with some variation. There's passive RFID and there's active, and we'll talk about both. Passive systems are those that have no internal power themselves. The example that I gave earlier about an RFID tag being in something like a book from a bookstore is not an active RFID. It's passive. It actually can't send power or send transmit signals out it self but it can receive them. To receive those signals and uses those signals as power to transmit and answer back to the station. And typically those stations will be those things you see Next to the doors as your leaving a store, those have RFID receivers and transmitters in them. Now RFID has a limited range at least the passive ones do of about 12 feet. Now the active systems have an internal battery so they are powered and they can transmit stored information when a transmitter or a reader that has special software of it. Queries the RFID tag itself. And you can have a range of actually just a few inches to a few hundred feet. And you may use these in large scale warehouses for inventory and equipment control as well. Now some of these RFID systems require a passcode for authentication. Although typically, those passwords are very weak, not complex at all. And they're typically non-encrypted. That makes them easily sniffed. They can be intercepted and the data can be sniffed, as well. It's very easy to spoof an RFID data transmitter and the data that may come from it, if you know how it works. Now a lot of the security issues that people are concerned with with RFID Include data theft and privacy. For example, a lot of RFID embedded credit cards are susceptible to spoofing attacks because they can be subject to transmissions from a reader That can cause the credit cause to respond and send back information to the transmitter. They're passive, but they can send data back because a radio signal powers them. So that can enable people to steal information such as your credit card information and so forth. There's a big thing on the internet about advertising for wallets that actually protect against RFID transmission for example, That you would put your credit cards into. Another issue with RFID is privacy. Because theoretically, if you have something like a credit card in your wallet that is RFID enabled, you can be tracked as you pass by different RFID stations, transmitters and so forth, your location could actually be tracked. And so there are some concerns out there with privacy and with data theft that are valid concerns. Now in terms of 802.11 networks, they don't have a lot to do with them. But again, this is a burgeoning area that a wireless professional could get into and make a good career out of. So it's something you ought to look into as a wireless security professional.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*