Inspired by the SANS Top 20, this list is a consensus of industry experts on wireless and mobile vulnerabilities that require immediate remediation. It is offered as a public service by the Mobile Antivirus Researcher’s Association (www.mobileav.org). We welcome your feedback; this is a “living” document that will be updated frequently.

MARA membership is diverse. The spectrum of MARA members ranges from individuals such as authors, researchers and university professors, all the way to antivirus vendors, military experts, and publicly-traded, multi-billion dollar security corporations.

Membership in MARA is free. Candidates must have a proven history of scholarly publications in the field of mobile security or antivirus fields. Prospective members must also provide character references and sign a strict code of ethics against computer crime. If you your interests fall within the mobile security and antivirus fields, we need your help.

Wireless


1. Default WiFi routers

By default, wireless routers are shipped in an un-secured state. The result of this is that an attacker can easily connect to and configure the router to meet his or her own needs. The risks include changing the DNS server settings to a static IP that is owned by the attacker; or, uploading a hacked firmware version to the router that could put the attacker in full control of the data. Sniffing programs, wireless scanning drones, attack scripts, and more can be easily installed on the router, all of which would go undetected.

In addition to the active attacks against unconfigured routers, these devices can be used as a gateway for attackers to launch viruses/attacks/spam sessions. Since most routers have very limited logging, the attacker could have a nearly-perfect anonymous connection. Any attempt to trace the attack back to its origination will dead end at the wireless router.

2. Rogue Access Points

Wireless access points are easy to install. As a result, many individuals within companies have taken it upon themselves to set up an authorized access point, without informing the network administrator. Typically, these access points are not protected, which means they can be used by an attacker just as they can by a valid user.

Rogue access points can also be used to lure valid users away from their corporate network. If an attacker can setup an access point with a stronger signal than the valid one, the target’s computer automatically connects to the attackers AP. This is by design, and abuse is difficult to prevent since many systems will adjust connection details (type of encryption, channel, etc) without any interaction from the user.