Mobiles threaten network security

Organisations at the cutting edge of mobile computing could be leaving their networks wide open. That is the message from ethical...

Organisations at the cutting edge of mobile computing could be leaving their networks wide open. That is the message from ethical hackers at Internet security consultancy @stake.

Eric Doyle

"The wide variety of environments in which wireless solutions are being implemented, and the unique nature of each of these solutions, mean there is no 'silver bullet' for wireless security," @stake's vice-president for R&D - who uses his hacker's name Mudge - told Computer Weekly.

To demonstrate the new risks, @stake has developed a program for Palm personal digital assistants. Using the code, one Palm device can interrogate another, through the Infrared Data Association (IrDA) ports and pull the password from it.

This program could be incorporated into the Palm to extract passwords when passing electronic contact details from one device to another, without alerting the owner of the violated PDA.

"This proves that no data is safe on a PDA," said Mudge.

He said a similar method could be applied to emerging wireless standards such as Bluetooth or IEEE 802.11.

Mudge hit out at the poor state of mobile security. "Our research shows that most people use the same password for their corporate network log-on as they do for their PDA. Get the password and the network data can be accessed without triggering any alarms," he said.

Like other security companies, @stake urges organisations to accurately identify the risks they face, evaluate their potential impact and then make a business-led decision about the priorities and the level of security required.

Spot the danger

Internet security firm @stake has shown that a printer with an IrDA port can allow access to the heart of a network to which it is attached.

An infrared-enabled networked printer in a reception area could be vulnerable. It could, in effect, be told to behave like a computer by a hacker using a PDA to send a signal requesting the printer to access the central server and download passwords. If the reception area is glass-fronted and faces the street, the hacker would not even have to enter the building.

Organisations can protect themselves by not using infrared-enabled equipment in vulnerable areas or by disabling infrared ports.

Read more on Antivirus, firewall and IDS products