The Ten Most Critical Wireless and Mobile Security Vulnerabilities
by Mobile Antivirus Researcherís Association - Thursday, 29 June 2006.
Inspired by the SANS Top 20, this list is a consensus of industry experts on wireless and mobile vulnerabilities that require immediate remediation. It is offered as a public service by the Mobile Antivirus Researcherís Association ( We welcome your feedback; this is a ďlivingĒ document that will be updated frequently.

MARA membership is diverse. The spectrum of MARA members ranges from individuals such as authors, researchers and university professors, all the way to antivirus vendors, military experts, and publicly-traded, multi-billion dollar security corporations.

Membership in MARA is free. Candidates must have a proven history of scholarly publications in the field of mobile security or antivirus fields. Prospective members must also provide character references and sign a strict code of ethics against computer crime. If you your interests fall within the mobile security and antivirus fields, we need your help.


1. Default WiFi routers

By default, wireless routers are shipped in an un-secured state. The result of this is that an attacker can easily connect to and configure the router to meet his or her own needs. The risks include changing the DNS server settings to a static IP that is owned by the attacker; or, uploading a hacked firmware version to the router that could put the attacker in full control of the data. Sniffing programs, wireless scanning drones, attack scripts, and more can be easily installed on the router, all of which would go undetected.

In addition to the active attacks against unconfigured routers, these devices can be used as a gateway for attackers to launch viruses/attacks/spam sessions. Since most routers have very limited logging, the attacker could have a nearly-perfect anonymous connection. Any attempt to trace the attack back to its origination will dead end at the wireless router.

2. Rogue Access Points

Wireless access points are easy to install. As a result, many individuals within companies have taken it upon themselves to set up an authorized access point, without informing the network administrator. Typically, these access points are not protected, which means they can be used by an attacker just as they can by a valid user.

Rogue access points can also be used to lure valid users away from their corporate network. If an attacker can setup an access point with a stronger signal than the valid one, the targetís computer automatically connects to the attackers AP. This is by design, and abuse is difficult to prevent since many systems will adjust connection details (type of encryption, channel, etc) without any interaction from the user.

3. Wireless Zero Configuration

When a computer connects to an access point, it generally stores the details of that connection locally. The next time the computer is turned on, the wireless network card immediately looks for the connection and re-establishes the connection Ė without user intervention.

This is accomplished by sending out a probe request into the airwaves with the SSID of the requested access point contained in the packet. The AP sees this packet and sends back a probe response, thus kicking off the connection routine. However, since the SSID value is sent as plain text, anyone with a sniffer can see it. They can use this information and configure an AP with the requested SSID, which will then detect the requested SSID and respond as expected. Programs like Karma automate this process and can quickly establish a connection with a wireless user, thus taking over their web connection, email, and more.

This function can be turned off by disabling it in the Services list of Windows XP. Other operating systems can be controlled by manually setting up the connection each and every time the wireless card is enabled.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th