Download PDF version Contact company
Related Links
Bluetooth has some solid maths around encryption but many of the security decisions are left in the hands of the users which means things can go horribly wrong
There is disparity between the security of the different wireless standards, says Larry Pesce

The proliferation of new Wireless communication technologies within consumer electronics and smart devices is overtaking the skills of the information security industry says Larry Pesce, a leading expert in the field and SANS instructor.

Disparity in security

There is a great deal of disparity between the security of the different wireless standards particularly when you compare the 802 family that were predominately built for business use and emerging technologies that came from the consumer landscape such as Bluetooth, Zigbee and Z-Wave,” says Pesce who co-authored ‘Linksys WRT54G Ultimate Hacking’ and ‘Using Wireshark and Ethereal’ books.

For example, Bluetooth has some solid maths around encryption but many of the security decisions are left in the hands of the users which means things can go horribly wrong. Zigbee has a poor design for how it handles passphrase and replay packets which are highly vulnerable while security in some of the proprietary formats like Z-Wave is almost non-existent security.

Pesce who also develops real-world challenges for the Mid-Atlantic Collegiate Cyber Defense Challenge is complimentary about newer wireless protocols such as 802.15.4 and Zigbee which uses baseline profiles to help deliver enhanced security but comments, “…the technology is probably ahead of the skill sets out in the field and the problem is also somewhat under estimated.

Wireless privacy issues

Pesce also highlights the privacy issues that wireless enabled devices are starting to hit against, “If we look forward a large number of devices in the work and home will be wirelessly enabled and communicating autonomously between each other and back to manufacturers. Unless more consideration is given to securing both the devices and the communication links, there are likely to be breaches that will burrow into this internet of things infrastructure and start to gather private information or act as a staging post for more damaging attacks.”

Wireless security course

"There are likely to be breaches that will burrow into this internet of things infrastructure and start to gather private information"

Pesce will be teaching SANS course, 'SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses' at SANS London in July. The hands-on course takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, students navigate through the techniques attackers use to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems. The course also examines the commonly overlooked threats associated with Bluetooth, ZigBee, DECT, and proprietary wireless systems.

We are at a crossroads from a standards perspective,” comments Pesce, “The vendors are still mostly obsessed with bigger and faster, but there is increased pressure from a privacy prospective and many are having a hard time figuring it out – for Infosecurity professionals, the skills needed to secure these new types of wireless connections are in high demand.

Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

What are the new security applications in colleges and universities?
What are the new security applications in colleges and universities?

College campuses are meant to be places of learning, growth, and community. Fostering such an environment requires the deployment of policies and technologies that ensure safety an...

Real-time security analytics by Winston-Salem Police Department with Verkada
Real-time security analytics by Winston-Salem Police Department with Verkada

The Winston-Salem Police Department (WSPD), internationally accredited by the Commission on Accreditation for Law Enforcement Agencies (CALEA), is dedicated to proactive, data-driv...

Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP
Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP

A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a b...

Featured white papers
Security practices for hotels

Security practices for hotels

Download
Access control system planning phase 2

Access control system planning phase 2

Download
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Facial recognition

Facial recognition

Download
Quick poll
Which feature is most important in a video surveillance system?
More corporate news
Trigion Security Services promotes Munhib Syed to Contract Manager

Trigion Security Services promotes Munhib Syed to Contract Manager
IHS report: Internet of things (IoT) increases growth and opportunities in remote monitoring markets

IHS report: Internet of things (IoT) increases growth and opportunities in remote monitoring markets
Certification organisation BRE Global opens Middle East office

Certification organisation BRE Global opens Middle East office
Featured products
HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader

HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader
Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity

Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity
Verkada Monitored Alarm System

Verkada Monitored Alarm System