Vulnerability Development mailing list archives

RE: Wlan @ bestbuy is cleartext?

From: Steve Maks <smaks () verisign com>
Date: Thu, 2 May 2002 10:34:41 -0500

For those who don't know, MSNBC picked up this story:
http://www.msnbc.com/news/746380.asp

"May 1 - Think you are safe from the cryptic world of wireless computer
hacking? Think again. Security researchers who study wireless networks have
found another embarrassing information leak, this one involving well-known
retail giants."

As a side note to the anonymous post below, I recently did some research on
the Symbol 802.11 (not 802.11b) APs and cards that use FHSS.  The setup I
was looking at did not implement any security features, but as a result of
the design of the hardware, the implementation was very secure.  

First off, FHSS itself is more secure than DSSS, as FHSS switches
frequencies some 70 times or so per second.  Sniffing this is impossible,
even when I am properly associated to the AP.  I looked around extensively
for any practical examples of sniffing FHSS but was unable to come up with
anything other than theories.

Symbol APs are also one of the few brands that, by default, do not allow an
"Any" SSID to associate to the AP.  With no way to sniff the traffic there
is no way to associate to the AP unless I know the SSID.  Other than being
told that there was a wireless network in a particular location, I was
unable to find any evidence of it existing.  

Of course, if they are using 802.11b and DSSS, this is a whole different
story.

Steve

-----Original Message-----
From: Blue Boar [mailto:BlueBoar () thievco com]
Sent: Wednesday, May 01, 2002 11:06 PM
To: vuln-dev () securityfocus com
Subject: Re: Wlan @ bestbuy is cleartext?


Yet another anonymous poster:

---------------------------
If you don't see 802.11b access points the store is probably using older
FHSS-based cards (frequency hopping spread spectrum) instead of the newer
DSSS (direct sequence spread spectrum) cards. Since the physical layer is
different, new cards won't see older access points. Most POS systems based
on 802.11 use cards OEM'd from Symbol, the original Spectum24 cards. The
new Spectrum24 High Rate cards use DSSS instead of FHSS.
---------------------------

                                                BB

Current thread:

Re: Wlan @ bestbuy is cleartext?, (continued)
- - Re: Wlan @ bestbuy is cleartext? John Hall (May 02)
- Re: Wlan @ bestbuy is cleartext? Kris Herzog (May 01)
  - Re: Wlan @ bestbuy is cleartext? Jonathan E. Katz (May 01)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 01)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 02)
  - Re: Wlan @ bestbuy is cleartext? Sarah Kenna Groark (May 02)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 02)
- RE: Fwd: Re: Wlan @ bestbuy is cleartext? Vachon, Scott (May 02)
- RE: Wlan @ bestbuy is cleartext? Joe Harrison (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matt Andreko (May 02)
- RE: Wlan @ bestbuy is cleartext? Steve Maks (May 02)
- RE: Wlan @ bestbuy is cleartext? Yanek Korff (May 02)
- RE: Wlan @ bestbuy is cleartext? Hundley, Gordon - Princeton (May 02)
- RE: Wlan @ bestbuy is cleartext? OBrien, Brennan (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Paul Kierstead (May 03)
    - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 03)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Frank (May 03)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 03)

(Thread continues...)