This page contains a Flash digital edition of a book.
CYBER WATCH with Brent MacLean THE THREATS ARE NOW MOBILE


ith the increasing reliance people have on smart phones and other data-enabled devices (e.g., USB drives) to store files, conduct financial transactions and access corporate net- works, every Canadian business should be extremely concerned about the security of the mobile devices their employees use. Data is constantly being transferred from laptops to USB sticks, over wireless net- works at café hot spots, and stored across cloud computing services whose servers are located in far-off political jurisdictions. These new modalities of communicating concentrate and disperse the targets of ex- ploitation, multiplying the points of expo- sure they potentially and constantly compromise. Paradoxically, documents and data are probably safer today in a file cabinet, behind the bureaucrat’s careful watch, than they are on a PC. Identity, authentication and platform in- tegrity have become critical capabilities for mobile devices. Today’s cell phones im- plement these capabilities at vendors’


W 10 SECURITY MATTERS • SEPTEMBER/OCTOBER 2010


discretion, without a clear industry-wide consensus on the fundamental require- ments and best practices needed to ensure proper security.


When thinking about the security of your company’s mobile devices, it is wise to consider the following 10 areas of concern: 1. Default WiFi routers — By default, wireless routers are shipped in an unse- cured state. The result of this is that an at- tacker can easily connect to and configure the router to meet his or her needs. The risks include changing the DNS server set- tings to a static IP that is owned by the at- tacker or uploading a hacked firmware version to the router that could put the at- tacker in full control of the data. 2. Rogue Access Points — Wireless ac- cess points are easy to install. As a result, many individuals within companies have taken it upon themselves to set up an au- thorized access point, without informing the network administrator. Typically, these access points are not protected, which


From viruses to rogue access points to Bluetooth exploits, everyone who owns a smart phone should be worried about the data they keep on them


means they can be used by an attacker just as they can by a valid user. 3. Wireless Zero Configuration — When a computer connects to an access point, it generally stores the details of that con- nection locally. The next time the com- puter is turned on, the wireless network card immediately looks for the connection and re-establishes the connection — without user intervention. Hackers can use this to configure an access point with the requested SSID, which will then detect this and respond as expected. 4. Bluetooth Exploits — There are several to consider, including BlueSnarfing, an OBEX protocol exploit that allows hackers to secretly access the mobile phone’s cal- endar, pictures, phone contact list, etc. without the owner knowing; BlueBugging, which allows hackers to send SMS mes- sages from a remote vulnerable phone spoofing the sender; BlueJacking, renaming the name of the phone so as to trick victims into accepting Bluetooth connections; and Bluetooth denial of service attacks.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40
Produced with Yudu - www.yudu.com