2215 Bridgepointe Pkwy, Suite 400
94404 San Mateo, CA, us
+49 (20) 71832-832
Fortify warns new WiFi Standard could pose major security threat
Richard Kirk, Fortify's European director, said that, whilst most companies have now installed defences against attacks and unauthorized accesses to their wireless networks, these defences normally centre on the wireless access point.
"The WiFi Direct standard - which is due to be ratified next year - means that almost any WiFi device will be capable of supporting a peer-to-peer connection, so bypassing the wireless access point and most of the company's networking security," he said.
"Put simply, unless a portable device - such as an iPhone or smartphone - has got robust security on board, as well as applications that are secure against hacking, then an unauthorised person could establish a peer-to-peer connection directly and launch an internal attack on the company's network," he added.
According to Kirk, whilst the bulk of netbooks and laptops have adequate security in place to combat this form of back door hacking, mobile devices rarely have robust enough code to stop network nasties such as SQL Injections and the like. Companies are now putting more applications on their mobile devices, however these applications will often have security vulnerabilities that can be exploited by criminals UNLESS a) the developers are trained in secure coding practices and b) the code has been reviewed by competent, technology-equipped security practitioners.
And, he explained, with WiFi-enabled devices such as the iPhone having a vast library of 'home-brew' software (apps) available - which Apple has not approved - there is a strong chance of a back door into a company's network being exploited via a jailbroken iPhone.
Jailbreaking, says Kirk, is the term for an unlocked iPhone that is then able to run one of the many tens of thousands of non-Apple approved applications available on the Internet.
"The problem with these applications is that, as they are often 'home-brew' in nature, they have had no code audits carried out on them and are about as a secure as a paper bag in a hurricane," he said.
"And if hackers can establish a peer-to-peer connection with a smartphone inside a company, they then have a foothold with which to gain unauthorised access to the company network from the other side of the firewall and security software," he added.
For more on the WiFi Direct proposed standard:
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to firstname.lastname@example.org.