View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale University Wireless Security for Mobile Devices
Copyright H. Morrow Long 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
A discussion of the security issues involved in a multitude of wireless data technologies including PPP over cellular, IEEE Cellular and Mobile Data (one way and two way pagers), IEEE 802.11a/b/g/i, WEP, WPA as well as IEEE 802.1X, WEP, WAP’s WTLS, Bluetooth, ZigBee, CPDP, 1RTT, EVDO and SMS.
A useful guide to the relative information security risks to an individual or organization involved in wireless data technologies including those used by pagers, cellphones, PDAs, assorted networked ‘appliances’ and wireless WANS, LANS and PANs
Introduction, History and Evolution of Wireless Data
Terminology Definitions: Wireless Data Security
Wireless Data Risks and Threats
Cellular Phone Security
Wireless Data Security
Non-IP Mobile Data Access Networks
Wireless PANs / Pico-Nets
Wireless LANs and VLANs
802.11 / WiFi
Introduction Prediction for the Late 1990s “ Most people now carry a portable radio transceiver with a Touchtone keyboard. They have a wallet full of credit-card size overlays. When an individual is dialed, he can be reached in most parts of the country. The zones of radio in-accessibility are diminishing. It has been suggested that the public should be issued with transceivers that transmit their national identification number, even when switched off. These devices would help in controlling crime, which is still growing at an appalling rate. They would also be used in most financial transactions.” - James Martin, 1971, “Future Developments in Telecommunications”, p. 355, Prentice Hall.
Utilizing a VPN tunnel or other “trusted” connection to connect back to or burrow through to the user’s enterprise network and computer resources (if you can steal the device or hijack the connection) This is a particular Blackberry worry.
EDACS (Ericsson Enhanced Digital Access Communications System)
TETRA (Terrestrial Trunked Radio) – Europe.
Used by :
Private companies who build their own mobile data networks.
Mobile Data Device Security Palm Security @Stake NotSync utility demonstrated an attack on the Palm via the use of the IR port to attempt to sync with the Palm. The Sync could be hijacked and important information (e.g. password) obtained. Any time you are beaming from a Palm you must be careful about any devices in IR range.