Information Security News mailing list archives
[TSCM-L] IrDA Threat Alert - Beware the Little Red Window [Repost]
From: InfoSec News <isn () C4I ORG>
Date: Thu, 24 Aug 2000 20:36:19 -0500
Forwarded From: "James M. Atkinson, Comm-Eng" <jmatk () tscm com> Beware of the little red window on modern computers, video equipment (camcorders), or other peripheral devices (such as the Hewlett Packard 5MP). This red window provides an IrDA communications port which may allow unrestricted access to both the computer, and in some cases the entire computer network of your client. If your computer is equipped with infrared technology that uses the IrDA protocol, you can establish a wireless TCP/IP connection to a network using an IrDA network access device, or exchange files with another computer. IrDA operates on a peak wavelength of between 850 nm and 900 nm with a maximum intensity within a 30 degree cone. Link length is typically 0 to 1 meters with an error rate of virtually zero with extremely low power level requirements (typical desktop environments). When the "cone" is narrowed, the power levels increased, or the data rates decreased the range may be increased to over 11.3 meters. Each IrDA port may support up to 8 peripheral devices or other computers. Each devices requires a 5-10 second handshaking period after which data speeds of 4 mbps are available. According to BIS Strategic Research, 85% of the new notebook computers (150 manuf) have IrDA capability built into the systems. Unlike the earlier IR predecessors which use proprietary protocols, this new crop of IrDA compliant equipments are inter-operative across applications, across manufacturers, and across platforms. The data is coded using a 16-Pulse Sequence multiplied by a 1.5 MHz subcarrier. Mode Data rate Standard Async Serial-IR 9600-115.2kb/s IrDA-1.0 Sync Serial-IR 1.152Mb/s Sync 4PPM 4Mb/s IrDA-1.1 (Most common) Future 15 Mbps + Pending - Near term Future 50 Mbps + Pending - 2-3 years On a recent flight to San Jose, CA thirty one laptop computers being used by passengers were identified as having an active IrDA port. In twenty six cases the IrDA port allowed unrestricted access to all files on the respective laptops. This vulnerability allowed roughly 5000 pages of documents to be downloaded from the computer during a one minute period. Since up to 8 sessions may be active at any time this would allow over 600 pages per minute to be downloaded in parallel from eight computers all at the same time. This vulnerability also allows an eavesdropper to not only intercept IrDA data, but allows the computer to be used as a gateway into the corporate computer network. An eavesdropper may also access an IrDA port by locating an access device just outside a targets office window. This vulnerability was tested with excellent results where the subject simply "walked up to" a ground floor office, accessed the target computer, and then downloaded over 250 Mb of data files. This vulnerability was also found to be active on several consumer camcorders and video products with "Wireless Video Links" (mostly Sony) -jma ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk () tscm com ======================================================================= Do not try the patience of Wizards, for they are subtle and quick to anger. ======================================================================= ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- [TSCM-L] IrDA Threat Alert - Beware the Little Red Window [Repost] InfoSec News (Aug 25)