Archive

Posts Tagged ‘WiFi hotspot’

Android found vulnerable to sidejacking!

May 18th, 2011

Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable. 

Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool demonstrating sidejacking attack against Twitter and Facebook. The latest vulnerability though holds significance given the huge userbase of Android smartphones commonly using their smartphones at Open Wi-Fi hotspots. Read more…

smartphones, Wireless security , , , , ,

Wi-Fi Insecurity Wrap-up for 2010

December 27th, 2010

The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.

However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:

  • Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
  • Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises. Read more…

Wireless security , , , , , , , , , , , , , , , , , ,

Has your data been “Woogled”?!

June 3rd, 2010

Google Street View car gets a ticketThe WiFi snooping row  Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!). Read more…

Best practices, Wireless scanning, Wireless security , , ,

CNN – Security experts warn of dangers of rogue Wi-Fi hotspots

August 11th, 2009

Security experts warn of dangers of rogue Wi-Fi hotspots

Story Highlights from CNN International

  • Security experts warn Wi-Fi users to be more vigilant against hackers
  • Experts say it’s difficult to distinguish between legitimate and rogue networks
  • Wi-Fi Alliance says spread of Wi-Fi hasn’t led to an ‘epidemic’ of hacking
  • Users urged to protect their networks, use VPN for sensitive data

LONDON, England (CNN) — You’re sitting in an airport lounge and seize the chance to check your e-mails before your flight departs. You log on and are tempted by a wireless Internet provider offering free Internet access. So, do you take it?

Security experts warn that hackers may be masquerading as free public Wi-Fi providers to gain access to the laptops of unsuspecting travelers. Read more…

Best practices, Wireless scanning, Wireless security , ,

DoT Regulation on Secure Use of WiFi

May 18th, 2009

The Department of Telecommunications (DoT), Govt. of India, has set a June 2009 deadline for complying with its regulation on WiFi security. Here’s a position paper that evaluates the DoT regulation and suggests best practices for secure use of WiFi.

Best practices, Compliance, Wireless security , , , ,