论文信息 - ActiveSync, TCP/IP and 802.11b wireless vulnerabilities of WinCE-based PDAs

ActiveSync, TCP/IP and 802.11b wireless vulnerabilities of WinCE-based PDAs

Researching the vulnerabilities and security concerns of WinCE-based personal digital assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated instabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC addresses on the network, which defeats MAC-address-based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.

[1] Robert Morris. A Weakness in the 4.2BSD Unix† TCP/IP Software , 1999 .

[2] William A. Arbaugh,et al. Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[3] David A. Wagner,et al. Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[4] Laurent Joncheray. A Simple Active Attack Against TCP , 1995, USENIX Security Symposium.

[5] Jesse Walker,et al. Unsafe at any key size; An analysis of the WEP encapsulation , 2000 .

[6] William A. Arbaugh,et al. YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[7] Sandra Kay Miller. Facing the Challenge of Wireless Security , 2001, Computer.