Interview with Cyrus Peikari, CEO of AirScanner Mobile Security
by Mirko Zorz - Monday, 24 February 2003.
The awareness is actually quite high. Over 2/3 of businesses are scared that their WLANs will be hacked. However, they don't have the money to pay the high prices that security software vendors demand. This is especially true for home users, who are a key part of free wireless community networks. For example, in this economy folks just can't afford to pay $3,500 for products like Airopeek NX and then have the software lock after 12 months when the "license" expires. How many home users can afford to pay thousands of dollars per license for commercial software that is booby-trapped with one-year time lock? In this case, the best suggestion might be to spend the time learning to use free tools such as Kismet and others which can give you more useful data.

Nor can the average user afford $6,000 for a WLAN "gateway" device such as Bluesocket, which merely duplicates what you can implement for free with the native security architecture of Linux or Windows Server plus some custom scripts. Thus, the major problem is not awareness of security risks, but rather the availability of products that are inexpensive, powerful and easy to use.

Before losing thousands of dollars to a vendor that will pull the rug out from under you in a year if you don't pay their high upgrade prices, and before paying thousands for hardware that you can build for free, consider taking the time to learn to use an alternative.

Do you see Wardriving as an extensive problem?

"Ethical" Wardriving is not only beneficial, but it is also a mandatory skill for every WLAN administrator. However, "unethical" Wardrivers could potentially pose great problems. When you hear media quotes from security experts claiming that Wardriving is an insignificant threat, you might consider taking that with a grain of salt.

Wireless security is subject to interference and therefore to Denial of Service attacks. What can be done to protect from such attacks?

As an electrical engineer, I don't see it a major issue. RF interference and jamming can be fixed with patience and a solid understanding of electromagnetics and signal processing. More dangerous to WLANs is government restrictions on spectrum. It is important for every individual to express her views to the government about the need for expanded, unrestricted WLAN spectrum.

A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?

All of the traditional network attacks apply to WLANs, compounded by the lack of physical security inherent to wireless. This includes application cracking, sniffing, spoofing, denial of service, and of course social engineering. In addition, "airborne" wireless viruses will invariably pose a problem, although no one can predict when or to what extent. Anyone who says that wireless viruses will never exist or will never be troublesome has not really studied the viral cycle beyond elementary biology. The truth is that in nature viruses infect ALL organisms, even simple bacteria. Thus, any new technology or platform will eventually be vulnerable when it reaches a modicum of sophistication. It is a natural law.

What are your predictions for the future when it comes to wireless security?

Whether for good or for evil, Microsoft is set to dominate the handheld and miniature device OS market. Not only is Windows CE robust, efficient and truly multi-tasking, but we must not forget that Microsoft has a tendency towards "over-enthusiastic" methods of competition. Thus, Pocket PC and Smartphone (and other spinoffs of CE) will probably dominate, whether we like it or not. Unfortunately, as Microsoft itself admits, Pocket PC itself is utterly bereft of any security architecture whatsoever. Although Microsoft plans to fix this, it is more likely that we will have to rely on third party products.

What are your future plans? Any exciting new projects?


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th