Wifi Vilnerabilities
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Wifi Vilnerabilities

on

  • 854 views

 

Statistics

Views

Total Views
854
Views on SlideShare
854
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Wifi Vilnerabilities Document Transcript

  • 1. Analyze Attacks and 10 Vulnerabilities . . . man will occasionally stumble over the truth, but usually manages to pick himself up, walk over or around it, and carry on. —Winston S. Churchill THE SECOND PHASE OF THE I-ADD SECURITY PROCESS is the analyze phase. During this phase you examine known attacks, vulnerabilities, and theoretical attacks in order to generate protections and mitigations. These protections and mitigations are methods or procedures used to inhibit an attacker’s ability to exploit a vulnerability or perform an attack. The protections and mitigations should be identified without con- sideration for other factors, such as cost, limits to functionality, or time to implement. Trade-offs are evaluated and decisions are made during the next I-ADD phase, the define phase. Known Attacks Identifying known attacks requires research of security-related Web sites, papers, and trade journals. Although currently known attacks are few in number, relative to wired systems, they are likely to grow as wireless systems become more prevalent and pro- vide a richer target for the attacker community. The known attacks we cover here are specific to the wireless portions of the system. The Web servers, backend servers, and gateways are all subject to known attacks specific to their hardware platform, operat- ing systems, and ancillary applications. The importance of specifically examining known attacks separate from theoretical attacks is that known attacks are likely to be attempted by an attacker when targeting a wireless system. Therefore, known attacks deserve a higher priority when making trade-offs during the next I-ADD phase. 187
  • 2. 188 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S Device Theft Device theft is just as it sounds, the physical theft of the device by an attacker. Fortu- nately, this is not a concept new or unique to wireless devices or systems, so the need for protection of wireless devices and systems against physical theft is intuitive to device and system manufacturers. Unfortunately, devising devices or systems resistant to theft is very difficult. Several mitigations can be employed to minimize the threat. We will not spend much time stating the obvious, such as locking and alarming rooms that house equipment. The Man in the Middle The attacker, by interjecting herself between the user and the server, accomplishes the well-known man-in-the-middle network attack. This interjection is done by gaining physical access to the logical or physical path between the user and the server, such as sitting at the user or server’s access point to the network. Alternatively, this can be used to spoof the user to the server and the server to the user. In both scenarios, the attacker has complete access to the communications between the user and the server. War Driving In the 1980s, malicious types began war dialing, calling phone numbers at random in an attempt to locate unprotected modems and gain access to networks. The early 2000s version of war dialing is war driving, roaming around with a laptop, wireless NIC, and an antenna and attempting to gain access to wireless networks. As we have discussed, the vast majority of wireless networks deployed do not use WEP or use WEP without implementing RSA’s Fast Packet Keying solution to (more or less) secu- rity. With a $100–150 wireless NIC set in promiscuous mode and a cheap parabolic grid antenna from Radio Shack, hackers have gained access to thousands of wireless networks across the United States. In populated areas, war drivers have used simple GPS applications in combination with the wireless NIC and antennae and have suc- cessfully mapped the location of thousands of wireless networks to which they can gain access. No esoteric software or hardware is required. A software application called AirSnort has the ability to analyze the intercepted WEP traffic and, after collect- ing enough data, even determine the root password for the wireless system. Denial of Service Denial of service is a class of attacks that take many forms, from subtle to obvious. An obvious denial of service attack against a wireless system would be to sever the coax cable on the tower between the transceiver and the antenna. This definitely would deny service to anyone wanting to use that particular tower. A more subtle attack
  • 3. 189 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S would be to tie up the system with service requests or to spread a bogus e-mail such as “New and Destructive Virus,” explaining that you should e-mail everyone you know so that they can protect themselves. The desired result is that the system becomes so bogged down with these e-mails that legitimate traffic cannot be accommodated. Another popular denial of service attack is the “Please help, my child is dying.” An e-mail is sent saying that someone, usually a hapless child, is suffering from a terrible affliction. The e-mail goes on to say that a corporation has agreed to provide X amount for every e-mail it receives regarding this child, so please forward this e-mail to every- one you know so that this child can be saved. The desired result is to overwhelm the corporation’s servers and cause them to crash. The DoCoMo E-Mail Virus As of the writing of this chapter, there have been two similar virus attacks against Japan’s DoCoMo cellular system. These attacks are viruses that can be downloaded into multifunction cellular phones. The viruses cause the user’s phone to automatically dial a number, such as 911, tying up both the cellular and 911 systems. With little imag- ination, you can see how this type of activity can have far-reaching and dire conse- quences. Vulnerabilities and Theoretical Attacks Identifying vulnerabilities is a difficult process because you are looking for what might occur and trying to anticipate how an attacker could attempt to exploit the system. The process is a dual-mode analysis in which you are examining potentially vulnerable areas while anticipating theoretical attacks. Based on the success or failure of these theoretical attacks, the particular component or resource is identified as vulnerable. Recall that you are not making any determination at this point about the practicality of an attack or the development trade-offs necessary to protect or mitigate the vulner- ability. To begin the examination of vulnerabilities, you begin at the top of the targets list and place yourself in the malicious roles identified earlier. You then create theoretical attacks to which these targets would be vulnerable. Experience and knowledge of the system’s inner workings are crucial if you are to have any expectation of identifying all its potential vulnerabilities. If you are examining an existing system, this requirement may lead you to utilize the developers to conduct the vulnerability analysis. This is acceptable as long as the team is evenly weighted with those who were not involved with the development. The reason is, developers know what they were trying to accomplish, and they may make assumptions about how the system functions or responds under certain circumstances. Further, developers know how the system was intended to function, but most attacks attempt to cause the system to function in a manner in which it was not intended.
  • 4. 190 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S Vulnerabilities of the Wireless Device Similar to identifying targets, you begin at the highest levels and work your way down to the lower functional levels of the system. In general, the lower functional levels require more detailed knowledge, for you to analyze and for an attacker to exploit. However, with any generality, there are always exceptions, particularly with exploits. Once identified by someone with knowledge, even the lower-level functional levels can be successfully exploited by others with less technical expertise. We discuss this in greater detail throughout the remainder of the chapter, looking at specific examples. Suffice it to say that for this analysis, you must try to be as thorough as possible to ensure that the system is fully protected. You begin by looking at the targets identified. The Wireless Device Itself The vulnerability, loss, or theft of this particular target is not new to wireless. Loss or theft of personal items has been a concern since our ancient ancestors first grasped the concept of personal property as they huddled around fires in caves. The vulnerability of wireless devices is that they can be misplaced by users or taken by malicious users. User Interface The user interface should be examined in its two parts: the physical interface and access to the user interface. These two have different issues that should be acknowl- edged for completeness of your risk assessment. The Physical Interface The physical interface is vulnerable to environmental factors such as water, shock, and abrasion—for example, dropping the device in a puddle or spilling coffee on the device, dropping it off a table, having it slip out of the user’s hands, having the device slide across a rough surface, and having someone sit on or drive over the device. Access to the User Interface The user interface is vulnerable to environmental factors that cause inadvertent input—for example, a cellular phone in someone’s purse being bumped and activated when an object inside the purse depresses the Send key. Offline Functions Personal Data on the PDA Here is where things become more interesting. You examine each of the malicious roles separately to ensure that you cover all the possible vulnerabilities. Again, this is not guaranteed. To ensure a system’s security, you must review the vulnerabilities in light of new known attacks, updated information on the system, or new theoretical attacks.
  • 5. 191 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Malicious Device Support Personnel Personal data stored on the device is vulnerable to malicious device support personnel when the device is taken in for upgrades, maintenance, or repair. These support per- sonnel may have access to manufacturer bypass and diagnostic codes, equipment, or utilities that give them access to personal data stored on the device. Poor or inexperienced device support personnel may inadvertently leave the device in a security bypass or diagnostic mode that leaves personal data vulnerable. Malicious App Developer Malicious application developers can create a virus or Trojan Horse (a program that, in addition to providing an overt useful function, performs a covert activity, usually mali- cious) utilities or programs that allow access to personal data on the PDA. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, such as not clearing buffers and over- writing data elements, leaving personal data vulnerable during transit. Malicious App Support Personnel Malicious application support personnel may dupe the user via social engineering to provide access, or information necessary for access, to personal data under the aus- pices of assisting with an application issue. Alternatively, malicious app support per- sonnel may enable debug or other diagnostic switches within the software, disabling security mechanisms present in the device or software. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled following a support activity, rendering the personal data vulnerable. Malicious User Personal data is vulnerable to a malicious user who has gained access to the device. Recall that malicious user is a catchall term encompassing a variety of activities. Although this simple statement is adequate for describing the vulnerability, the com- plexity of the role becomes important and should not be forgotten when generating mitigations and protections or performing the security-functionality trade-offs. For ex- ample, a malicious user may pose as a member of one of the legitimate functional roles and become the functional equivalent of one of the malicious roles just dis- cussed. Corporate or Third-Party Information From a vulnerability perspective, no distinction exists between corporate and third- party information and personal data. There may be some distinction when it comes to the security-functionality trade-offs. For example, a device manufacturer may be will- ing to limit some functionality to ensure the protection of the user’s personal data but may decide that the same trade-off for corporate data is unnecessary because its obli- gation ends with the user.
  • 6. 192 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S Online Functions Personal Data Being Sent This target is personal data as it is in transit. You will notice that all the previous roles are present, with the addition of a few others because of the data’s increased exposure during transport. Malicious Wireless Service Provider (WSP) Your first thought may be, “How could a WSP be malicious?” In general, WSPs are not. They are in the business of providing wireless services, so performing any untoward activity would be counterproductive. However, consider the following example, based on the office complex scenario introduced in Chapter 1, “Wireless Technologies.” Suppose that AdEx Inc., as a courtesy to its clients, offers wireless access through its network. NitroSoft is visiting AdEx for a presentation of a proposed new marketing campaign. During breaks in the presentation, the NitroSoft representative sends and receives e-mail via his wireless PDA. This information is related to the campaign, including price limits and current bids from other representatives attending similar pre- sentations around the country. The connectivity is much appreciated by the Nitro- Soft representative because he can discreetly communicate the current status to his NitroSoft co-workers to ensure that NitroSoft receives the best marketing campaign for the money. What the NitroSoft representative doesn’t know is that someone from the AdEx IT staff is monitoring the NitroSoft representative’s communications and relaying any per- tinent information to AdEx’s marketing staff so that they will be well informed of her feelings about the presentation, any misgivings she may have, what NitroSoft’s bottom line will be, and possibly what the bids are from other marketing firms. In this example, is AdEx just doing smart business? After all, AdEx owns the wire- less connectivity hardware, and by extension, everything it transports. Or is AdEx a malicious WSP? Unless AdEx had the NitroSoft representative sign an agreement to access its wireless network and this agreement contained a waiver granting AdEx access to anything transmitted over the network, we would vote for the latter. There- fore, personal data transmitted by the device may be vulnerable to a malicious WSP. Malicious Device Support Personnel Personal data transmitted by the device can be made vulnerable by malicious device support personnel when the device is taken in for upgrades, maintenance, or repair. These support personnel may have access to manufacturer bypass and diagnostic codes, equipment, or utilities that allow them to bypass security features, leaving per- sonal data transmitted by the device vulnerable. Poor or inexperienced device support personnel may inadvertently leave the device in a security bypass or diagnostic mode that renders personal data vulnerable during transit.
  • 7. 193 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Malicious WSP OMS Personnel Personal data transmitted by the device is vulnerable to malicious WSP OMS personnel who have access to the WSP transceiver and wireless network equipment. Malicious App Developer Malicious application developers may create a virus or Trojan Horse utilities or pro- grams that cause the transmitted data to be vulnerable. An example would be an encryption utility containing nonunique or known keys. To the user, the data appears encrypted, but it is readily accessible to unauthorized individuals who know the key. Alternatively, an e-mail utility may send a blind copy of every message sent or re- ceived by the device to a predefined address. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, rendering personal data vulnerable during transit. Malicious App Support Personnel Malicious application support personnel may coerce the user via social engineering to provide access, or information necessary for access, to personal data under the aus- pices of assisting with an application issue. Alternatively, malicious app support per- sonnel may enable debug or other diagnostic switches within the software, disabling security mechanisms present in the device or software. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering the per- sonal data vulnerable during transit. Malicious User Personal data is vulnerable to a malicious user who has access to, or has built a receiver that can monitor, the transmission of the PDA and can reconstruct the data transmitted and received. Again, a malicious user can assume any of the preceding malicious roles to gain access necessary to exploit a vulnerability. Corporate or Third-Party Information Being Sent As with offline functions, from a vulnerability perspective there is no distinction between corporate or third-party information and personal data in transit. User Online Activities, Usage Patterns, Location and Movement This category can be considered a subset or equivalent to user personal data as far as vulnerabilities are concerned. The difference lies in how this type of information can be protected, which we discuss in Chapter 12, “Define and Design.” Access to Network and Online Services As used here, access to network and online services means the use of the device or information on the device to gain access to network and online services. This
  • 8. 194 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S distinction separates it from similar activities occurring against the service provider, which we will discuss shortly. Malicious Device Support Personnel User network and online services access credentials are vulnerable to device support personnel who have access to the device for upgrade, maintenance, or repair pur- poses. Device support personnel may have access to manufacturer bypass and diag- nostic codes, equipment, or utilities that give them access to network and online services access credentials on the device. Malicious WSP OMS Personnel User network and online services access credentials are vulnerable to WSP OMS per- sonnel when this information is received and processed by the WSP equipment. The user may also be coerced into providing network or online access credentials to WSP OMS personnel. Malicious App Developer User network and online services access credentials are vulnerable to applications that can copy and store, or forward, these credentials to the developer. Malicious User Access to network and online services are vulnerable to a malicious user. A malicious user may gain access to the device and retrieve network and online services creden- tials, to be used on another device or at a later time. A malicious user may monitor transmissions, discussed under “Malicious User” for personal data being sent to obtain network and online services credentials. Again, a malicious user can assume any of the preceding malicious roles to gain access necessary to exploit a vulnerability. Transceiver The Transceiver Itself Malicious Device OMS Personnel The transceiver is vulnerable to manipulation or modification by malicious device OMS personnel. Malicious User The transceiver is vulnerable to manipulation or modification by a malicious user. For example, this may be done to assist a man-in-the-middle attack.
  • 9. 195 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Vulnerabilities of the Service Provider The Transceiver Itself When we use the term transceiver in regard to the service provider, we are consider- ing a transceiver system consisting of the antenna array, tower, coax, transceiver, and switching equipment. Malicious Device OMS Personnel The transceiver is vulnerable to manipulation or modification by malicious device OMS personnel. Malicious User The transceiver is vulnerable to manipulation or modification by a malicious user. For example, this may be done to deny service to areas or individuals at crucial times. The Transceiver Services Malicious Device OMS Personnel The transceiver services are vulnerable to manipulation or modification by malicious device OMS personnel—for example, granting network access to unauthorized users by providing maintenance or diagnostic access credentials to these unauthorized users. Malicious User The transceiver is vulnerable to manipulation or modification by a malicious user. For example, a malicious user may obtain access credentials to utilize the service without paying for the privilege. Access to Its Subscribers Malicious WSP OMS Personnel The service provider is vulnerable to WSP OMS personnel who can grant access to the network, and thereby its subscribers, for spam or other unsolicited purposes. Malicious Corporate/Private Servers The service provider is vulnerable to malicious corporate or private servers that access the service provider to deliver advertising, marketing, or other spam to the service provider’s subscribers. Malicious Corporate/Private Server OMS Personnel The service provider is vulnerable to malicious corporate or private server OMS per- sonnel who utilize authorized servers to perform unauthorized access to subscribers.
  • 10. 196 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S For example, service provider subscribers receive stock quotes as part of their service plan. OMS personnel with access to the quote server that provides this service could alter the server to deliver anything in addition to, or in place of, the stock quotes. Malicious Content Providers The service provider is vulnerable to malicious content providers who use the service provider resources to spam or otherwise deliver their payload to the subscribers. Malicious App Developer The service provider is vulnerable to malicious app developers who include back doors or Trojan Horse utilities or programs that the service provider uses. These app developers can then use the privileged access available to their legitimate applications to obtain illegitimate access to the subscribers. Malicious App Support Personnel Service provider subscribers are vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the software, disabling security mechanisms that protect access to the subscribers. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering corpo- rate proprietary data and resources vulnerable on the network server. Malicious User The service provider is vulnerable to malicious users gaining network access to allow them access to the service provider’s subscribers, either by these malicious users’ act- ing in one of the preceding roles or by exploiting a vulnerability in the overall service provider’s system. Transceiver Recall that there were no targets for the transceiver beyond those identified for the higher-level functional block. Administrative Server By administrative server, we are referring to the billing, maintenance, and support sys- tems associated with keeping the wireless infrastructure functional. User-Specific Data User-specific data is information such as credit card numbers, address, finances, call and access log information that resides on the administrative server.
  • 11. 197 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Malicious WSP OMS Personnel User-specific data resident on the administrative server is vulnerable to malicious WSP OMS personnel who exploit their system access to gain access to user-specific data. Malicious App Developer User-specific data resident on the administrative server is vulnerable to malicious app developers who include back doors or Trojan Horse utilities or programs that the ser- vice provider uses. These app developers then use the privileged access available to their legitimate applications to obtain illegitimate access to user-specific data. Malicious App Support Personnel User-specific data is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the administrative server software that disable security mechanisms. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, leaving the user- specific data vulnerable on the administrative server. Malicious User User-specific data resident on the administrative server is vulnerable to malicious users’ gaining access to the service provider’s network and thereby accessing user- specific data. The service provider’s network access may be obtained by these mali- cious users’ acting in one of the preceding roles or exploiting a vulnerability in the overall service provider’s system. Corporate Proprietary Data and Resources Corporate proprietary data and resources refer to information resident on the admin- istrative server that provides network details, fraud detection scheme information, and the like. Malicious WSP OMS Personnel Corporate proprietary data and resources resident on the administrative server are vul- nerable to malicious WSP OMS personnel who exploit their system access to gain access to corporate proprietary data and resources. Malicious App Developer Corporate proprietary data and resources resident on the administrative server are vul- nerable to malicious app developers who include back doors or Trojan Horse utilities or programs that the service provider uses. These app developers can then use the privileged access available to their legitimate applications to obtain illegitimate access to corporate proprietary data and resources.
  • 12. 198 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S Malicious App Support Personnel Corporate proprietary data and resources are vulnerable to malicious application sup- port personnel who enable debug or other diagnostic switches within the software that disable security mechanisms present in the network server. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, leaving corporate proprietary data and resources vulnerable on the network server. Malicious User Corporate proprietary data and resources resident on the administrative server are vulnerable to malicious users gaining access to the service provider’s network, and thereby access to corporate proprietary data and resources. The service provider’s net- work access may be obtained by these malicious users’ acting in one of the preceding roles or exploiting a vulnerability in the overall service provider’s system. Network Server User-Specific Data User-specific data is information such as credit card numbers, addresses, and data such as e-mail and Web traffic that transits the network server. Malicious WSP OMS Personnel User-specific data transiting the network server is vulnerable to malicious WSP OMS personnel who have access to the network server. Malicious App Developer Malicious application developers can create virus or Trojan Horse utilities or programs that cause the transit data to be vulnerable. An example would be a network routing utility containing code that routes a copy of the transit data to the app developer. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, rendering user data vulnerable during transit. Malicious App Support Personnel User-specific data is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the software that disable security mechanisms present in the network server. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, leaving the user data vulnerable during transit of the network server.
  • 13. 199 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Malicious User User-specific data is vulnerable to a malicious user who has access to, or has assumed one of the preceding roles to get access to, the network server. Corporate Proprietary Data and Resources Much the same as for the administrative server, corporate proprietary data and resources refer to information resident on the network server. We are referring to the system that connects the service provider’s transceivers to the remainder of the wired world. Malicious WSP OMS Personnel Corporate proprietary data and resources resident on the network server are vulner- able to malicious WSP OMS personnel who exploit their system access to gain access to corporate proprietary data and resources. Malicious App Developer Corporate proprietary data and resources resident on the administrative server are vulnerable to malicious app developers who include back doors or Trojan Horse utili- ties or programs that the service provider uses. These app developers can then use the privileged access available to their legitimate applications to obtain illegitimate access to corporate proprietary data and resources. Malicious App Support Personnel Corporate proprietary data and resources are vulnerable to malicious application sup- port personnel who enable debug or other diagnostic switches within the software that disable security mechanisms present in the network server. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, leaving corporate proprietary data and resources vulnerable on the network server. Malicious User Corporate proprietary data and resources resident on the administrative server are vulnerable to malicious users gaining access to the service provider’s network, and thereby access to corporate proprietary data and resources. The service provider’s net- work access can be obtained by these malicious users’ acting in one of the preceding roles or exploiting a vulnerability in the overall service provider’s system. Vulnerabilities of the Gateway The gateway is functionally not much more than a server that performs processing to convert Web traffic to a form compatible with the wireless device. You will notice that the vulnerabilities listed mirror those for the administrative and network servers. The Web server and backend server also have similar vulnerabilities. Therefore, we will not
  • 14. 200 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S cover the vulnerabilities for the Web server and backend server. Further, no additional vulnerability is associated with having those servers linked to a wireless system (with the exception of no longer needing physical access) than to a totally wired system. The Physical Gateway Malicious OMS Personnel The gateway is vulnerable to manipulation or modification by malicious OMS personnel. Malicious App Developer The gateway is vulnerable to malicious app developers who include back doors or Trojan Horse utilities or programs that the gateway uses. These app developers can then use the privileged access available to their legitimate applications to obtain illegit- imate access to gateway services. Malicious App Support Personnel The gateway is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the software that disable security mecha- nisms present in the gateway. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, leaving the gate- way vulnerable. Malicious User The gateway is vulnerable to manipulation or modification by a malicious user who has assumed one of the preceding roles or has otherwise gained access to the gateway. User-Specific Data Malicious OMS Personnel User-specific data transiting or resident on the gateway is vulnerable to malicious WSP OMS personnel who have access to the network server. Malicious App Developer Malicious application developers can create virus or Trojan Horse utilities or programs that cause the user-specific data to be vulnerable. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, rendering user-specific data vulnera- ble during transit or storage on the gateway.
  • 15. 201 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Malicious App Support Personnel User-specific data is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the gateway software that disable security mechanisms. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering the user- specific data vulnerable during transit or storage on the gateway. Malicious User User-specific data is vulnerable to a malicious user who has access to, or has assumed one of the preceding roles to get access to, the gateway. User Data Malicious OMS Personnel User data transiting the gateway is vulnerable to malicious OMS personnel who have access to the gateway. Malicious App Developer Malicious application developers can create virus or Trojan Horse utilities or programs that cause the user data to be vulnerable. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, rendering user data vulnerable during transit of the gateway. Malicious App Support Personnel User data is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the gateway software that disable security mechanisms. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering the user data vulnerable during transit of the gateway. Malicious User User data is vulnerable to a malicious user who has access to, or has assumed one of the preceding roles to get access to, the gateway. Corporate Proprietary Data and Resources Malicious OMS Personnel Corporate proprietary data and resources on the gateway are vulnerable to malicious OMS personnel who have access to the gateway.
  • 16. 202 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S Malicious App Developer Malicious application developers can create virus or Trojan Horse utilities or programs that cause the corporate proprietary data and resources to be vulnerable. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, leaving corporate proprietary data and resources vulnerable on the gateway. Malicious App Support Personnel Corporate proprietary data and resources are vulnerable to malicious application sup- port personnel who enable debug or other diagnostic switches within the gateway software that disable security mechanisms. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering the cor- porate proprietary data and resources accessible from the gateway vulnerable. Malicious User Corporate proprietary data and resources are vulnerable to a malicious user who has access to, or has assumed one of the preceding roles to get access to, the gateway. Third-Party Data Transiting the Gateway Malicious OMS Personnel Third-party data transiting or resident on the gateway is vulnerable to malicious OMS personnel who have access to the gateway. Malicious App Developer Malicious application developers can create virus or Trojan Horse utilities or programs that cause third-party data to be vulnerable. Poor or inexperienced application developers may not take appropriate security measures regarding their particular application, rendering third-party data vulnerable during transit or storage on the gateway. Malicious App Support Personnel Third-party data is vulnerable to malicious application support personnel who enable debug or other diagnostic switches within the gateway software that disable security mechanisms. Poor or inexperienced app support personnel may inadvertently leave debug or diagnostic switches enabled at the conclusion of a support activity, rendering third- party data vulnerable during transit or storage on the gateway. Malicious User Third-party data is vulnerable to a malicious user who has access to, or has assumed one of the preceding roles to get access to, the gateway.
  • 17. 203 V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S Vulnerabilities of the Web Server and the Backend Server The Web server and backend server have nearly identical vulnerabilities as those iden- tified for the gateway. Because we are concentrating on the wireless aspects of secu- rity, we will not explicitly go through the exercise of listing the vulnerabilities of these two functional blocks. Keep in mind that although the vulnerabilities may be identical, the protections or mitigations chosen can differ considerably because of the analysis of likelihood and the functionality trade-offs considered. It should be clear that when you have identified the targets and roles, stating the vulnerabilities becomes simple. It should also be obvious how these vulnerability statements can be easily modified to become requirement statements.