ActiveSync, TCP/IP and 802.11b wireless vulnerabilities of WinCE-based PDAs
Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises - Trang 145-150
Tóm tắt
Researching the vulnerabilities and security concerns of WinCE-based personal digital assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated instabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC addresses on the network, which defeats MAC-address-based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.
Từ khóa
#TCPIP #Personal digital assistants #Communication system security #Information security #Hardware #Books #Java #Portable computers #Media Access Protocol #CryptographyTài liệu tham khảo
frantzen, 2000, ISIC (IP Stack Integrity Checker)
deraison, 2000, Nessus
10.1109/2.933495
joncheray, 1995, A Simple Active Attack Against TCP, The Fifth USENIX Unix Security Symp
walker, 2000, Unsafe at Any Key Size; An Analysis of the WEP Encapsulation
morris, 1985, (1985) A Weakness in the 4.2BSD UNIX TCP/IP Software, cstr 117
10.1145/381677.381695
arbaugh, 2001, Your 802.11 Wireless Network has No Clothes, Department of Computer Science