Home » Data Protection » Wireless/Mobile

In Depth

Wireless Security: Unencumbered and Insecure

You can wirelessly sync your cell phone with your laptop. You can use the cell phone's built-in modem to put your laptop on the Internet. With speed. Without cables. But be aware, even with security built in from the get-go, Bluetooth has problems.

By Simson Garfinkel

February 01, 2005 — CSO — If the wireless revolution has taught us anything, perhaps the single most important lesson is that people who design radio systems are notoriously bad at designing systems that are secure.

Remember analog cell phones back in the 1980s and '90s? Those phones transmitted their mobile serial numbers (MSNs) without the use of encryption or even a simple challenge-response system, making it easy for bad guys to clone phones and run up literally billions of dollars in fraudulent cell phone charges.

We've faced different but equally troubling security problems with cordless telephones, Wi-Fi wireless networking and radio frequency identification (RFID) systems, of course. But we've also seen security problems with relatively simple wireless systems like garage door openers and car alarms. In fact, I can't think of a single wireless communications system that hasn't had a significant security problem. Even worse, the problems have almost always been predicted in advance, pooh-poohed by vendors and then acknowledged to be problems after the equipment is widely deployed.

The very nature of wireless communications systems encourages sloppy security thinking on the part of wireless designers. After all, when a new wireless system is under development and not being sold to the general public, the bad guysby definitiondon't have the wireless system either. As a result, designers are lulled into thinking that many possible attacks would be hard, if not impossible, for a typical bad guy to perpetrate. After all, it's hard to build a new wireless system.

But once a system is built and deployed, the bad guys can examine it. They can also purchase one radio and use it to attack a second. Of course, the more radios that are deployed, the more valuable the attack. Perversely, the more radios that are deployed, the bigger the incentive for the manufacturer to cover up or minimize the impact of the vulnerabilityafter all, vulnerabilities are potential liabilities.

All of this, of course, brings us to the subject of Bluetooth, the two-way wireless communications system designed to create "personal area networks" between your cell phone, your cell phone's wireless headset, your laptop, PDA and whatever other devices you're packing.

Bluetooth uses the same part of the radio spectrum as Wi-Fi wireless LANs. But whereas Wi-Fi uses a technique known as "direct sequence" to encode information, Bluetooth uses a different spread spectrum technique known as "frequency hopping." The Bluetooth transmitter hops 1,600 times every second to a different frequency inside unlicensed 2.4GHz radio band. Bluetooth and Wi-Fi are not compatible: If a Wi-Fi system is transmitting a packet when Bluetooth steps through, that packet is lost. For this reason, some businesses have banned the use of Bluetooth on their property for fear of interference with their wireless networks. In practice, though, it's very hard to ban something that's running in a cell phone unless you physically search everybody entering your property and confiscate the phones of visitors. I've worked at places where such precautions are taken, but for most businesses this is probably a losing battle.