Information Security News mailing list archives
[TSCM-L] IrDA Threat Alert - Beware the Little Red Window [Repost]
From: InfoSec News <isn () C4I ORG>
Date: Thu, 24 Aug 2000 20:36:19 -0500
Forwarded From: "James M. Atkinson, Comm-Eng" <jmatk () tscm com>
Beware of the little red window on modern computers, video equipment
(camcorders), or other peripheral devices (such as the Hewlett Packard 5MP).
This red window provides an IrDA communications port which may allow
unrestricted access to both the computer, and in some cases the entire
computer network of your client.
If your computer is equipped with infrared technology that uses the
IrDA protocol, you can establish a wireless TCP/IP connection to a
network using an IrDA network access device, or exchange files with
another computer.
IrDA operates on a peak wavelength of between 850 nm and 900 nm with a
maximum intensity within a 30 degree cone.
Link length is typically 0 to 1 meters with an error rate of virtually
zero with extremely low power level requirements (typical desktop
environments).
When the "cone" is narrowed, the power levels increased, or the data
rates decreased the range may be increased to over 11.3 meters.
Each IrDA port may support up to 8 peripheral devices or other
computers. Each devices requires a 5-10 second handshaking period
after which data speeds of 4 mbps are available.
According to BIS Strategic Research, 85% of the new notebook computers
(150 manuf) have IrDA capability built into the systems. Unlike the
earlier IR predecessors which use proprietary protocols, this new crop
of IrDA compliant equipments are inter-operative across applications,
across manufacturers, and across platforms.
The data is coded using a 16-Pulse Sequence multiplied by a 1.5 MHz
subcarrier.
Mode Data rate Standard
Async Serial-IR 9600-115.2kb/s IrDA-1.0
Sync Serial-IR 1.152Mb/s
Sync 4PPM 4Mb/s IrDA-1.1 (Most common)
Future 15 Mbps + Pending - Near term
Future 50 Mbps + Pending - 2-3 years
On a recent flight to San Jose, CA thirty one laptop computers being
used by passengers were identified as having an active IrDA port. In
twenty six cases the IrDA port allowed unrestricted access to all
files on the respective laptops. This vulnerability allowed roughly
5000 pages of documents to be downloaded from the computer during a
one minute period. Since up to 8 sessions may be active at any time
this would allow over 600 pages per minute to be downloaded in
parallel from eight computers all at the same time.
This vulnerability also allows an eavesdropper to not only intercept
IrDA data, but allows the computer to be used as a gateway into the
corporate computer network.
An eavesdropper may also access an IrDA port by locating an access
device just outside a targets office window.
This vulnerability was tested with excellent results where the subject
simply "walked up to" a ground floor office, accessed the target
computer, and then downloaded over 250 Mb of data files.
This vulnerability was also found to be active on several consumer
camcorders and video products with "Wireless Video Links" (mostly
Sony)
-jma
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk () tscm com
=======================================================================
Do not try the patience of Wizards,
for they are subtle and quick to anger.
=======================================================================
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Current thread:
- [TSCM-L] IrDA Threat Alert - Beware the Little Red Window [Repost] InfoSec News (Aug 25)