DEV Community

Manfred Touron
Manfred Touron

Posted on • Originally published at manfred.life on

Security of Wireless Devices

Security of Wireless Devices

When wireless technologies were still nascent, they didn’t pose too many security risks. Potential weakpoints weren’t yet discovered and even when wireless devices began to be widely introduced, the riskswere relatively small. Nowadays, however, that has notably changed.

The value of information and the prospect of capitalizing on unsuspecting victims have drawn attentionfrom malicious attackers. The previously unexploited security flaws of wireless technology are nowunder constant siege by potential intruders.

The concern that many people have is the idea that once they’re transmitting wirelessly, what’s toprevent someone from “listening in” on the transmission.

Wireless Communication Technologies

Many wireless networks are commonly used all around us, and each has its advantages andshortcomings when it comes to security. Here’s a breakdown of how they stack up in terms of securityand some familiar use cases for each.

Wi-Fi

Our constant companion in the modern world. Wi-Fi is present in some shape or form almosteverywhere around us. And with the United Nations declaring internet access a human right, it willprobably be as ubiquitous as electrical power in the near future. However, concerns about thistechnology have hounded it since its inception.

On the whole, Wi-Fi is safe when used with the proper precautions, but there are also many situationsthat expose us to threats. In principle, Wi-Fi is similar to other technologies in that it consists of a radiofrequency transmitter and an RF receiver.

Using a private Wi-Fi network in your home isn’t risky, but open, public, and customer Wi-Fi networksare not — generally speaking — very safe. Open Wi-Fi networks, in particular, are stomping grounds formalicious attackers. Open networks are offered by some businesses but they should be avoided, if at allpossible, because there is no way to make sure no one is intercepting data.

Whenever possible, use an ethernet connection over Wi-Fi to reduce the risks associated with thetechnology.

Home security cameras are a case where Wi-Fi security is crucial. If the connection between the cameraand the Wi-Fi router isn’t safe, attackers can easily access the camera feed. It’s recommended to use thelatest encryption standards (WPA2 with AES) on your router and choose strong passwords. Also, buyinghome cameras from reputable sources such as Wyze Labs will make sure they have the latest securityfeatures.

3G

3G is the third generation of mobile wireless technology. It represents a significant upgrade to thestandards used in 2G networks. The increase in transfer rates made it possible for many newapplications and services that weren’t feasible on slower networks.

From the outset, 3G (and for that matter, 4G) had relatively weak encryption. The glaring weakness ofthese networks is that their encryption only exists from the device to the base station. Once the datareaches the wired network, there is no encryption.

Now, that doesn’t mean that it’s unsafe, but if an attacker is motivated enough, they could gain accessto that unencrypted data. But, most of the applications that you use are likely to have end-to-endencryption, so the main potential threats are phone calls and text messages.

What’s more, even for the secured data, encryption protocols are not very secure. The A5/2 encryptionmethod, which most 3G transmissions use, was cracked within a month of the technology beingreleased.

Whenever you don’t need access to your network, consider putting your device on airplane mode. Thatway it won’t send or receive any information and it’s practically shielded from most attacks.

Bluetooth

Bluetooth is the standard for short-distance wireless devices. It was conceived in the late 80s to be usedin the development of wireless headsets for mobile phones. The technology was quickly adopted formany different uses and continues to be a popular choice.

Like all wireless technology, Bluetooth transmissions are vulnerable to remote attack and spying.However, the security of a Bluetooth link will depend on the protocol being used. Different devices mayuse different Bluetooth standards and therefore are more or less prone to security breaches. Thecurrent standard is Bluetooth 5 but most devices are still using older standards.

The Apple Watch, for instance, uses Bluetooth Low Energy technology. This particular standard is easy toextract information from, but Apple uses a series of privacy protection measures that make it difficult toget any useful data. For instance, Apple products switch their Bluetooth LE address every 15 minutes.This prevents a snoop from getting any accurate data about who owns the device.

In contrast, other fitness trackers — such as the Fitbit — use a fixed address value. Since this value isunique and unchanging, it’s trivial to recognize and track the user via their device. Most Bluetooth LEdevices constantly transmit advertising packets, which lets other devices know they’re present.

These packets, however, can be intercepted by any device and while they don’t grant access to thetransmitting device, they do carry some identifying information. A good strategy is to only sync fitnesstrackers at home to prevent access to your data while you’re in public.

Another risk involves Bluetooth keyboards. In theory, wireless keyboards should be encrypting whatthey send to the receiver. So that even if someone were to have access to the data, all they’d see is anencrypted mess of data. However, in practice, most keyboard manufacturers use weak encryptionprotocols or, in some cases, none at all. A cybersecurity company looked into this in 2016 and found thateight major Bluetooth keyboard manufacturers used little to no encryption in their products.

This doesn’t mean that Bluetooth keyboards aren’t safe, in fact, Apple’s keyboards boast some of thebest Bluetooth encryption out there. But most of the security is going to be from the pairing process.

That’s true of most Bluetooth devices. While some identifying information may be retrievable, theactual data they transmit is hard to access unless the device is allowed to pair up with a receiver. Thatgoes for Bluetooth headset, mice, and other peripherals as well.

RFID

Radiofrequency Identification has been around for a very long time. Its most recent incarnation is RFIDtags. These tiny devices are essentially dormant until they come into close proximity to an RFID reader.The reader provides the power necessary for the tag to transmit its data and the reader can then receiveit. It’s simple enough but not terribly safe.

Things like RFID-enabled passports and credit cards pose a concern for many people. Sure enough, it hasbeen demonstrated that RFID “skimming” is not only possible but quite easy to do. Because the RFID tagdoesn’t discriminate about who receives the information, it will provide it to any reader that requests it.

In practice, very little RFID crime is reported, but the potential is always there. Experiments withdirected antennas have shown that it’s possible to read RFID tags from up to hundreds of feet away.

Newer generations of RFID credit cards and passports are beginning to use encrypted data which willmake it a lot harder to access the information. A good way to reduce risks is by using RFID-blockingwallets or “faraday” bags. These prevent any radio signals from reaching the devices inside.

Remote Keyless Systems in Cars

Many cars use this system, which does everything a standard car key can but without physical contact.This includes entry to the car and keyless ignition. It started to see use in the 80s and today most carshave, at the very least, keyless entry.

It's a simple radio transmitter that sends a coded signal to a receiver in the car that is tied to thatspecific transmitter. The transmitter has to be paired with the car’s computer, which is usually onlyavailable to dealerships and manufacturers.

The vast majority of modern keyless systems use rolling code. This basically means that every time thekey fob is used to activate a function in the car, a different code is sent. This prevents anyone fromscanning for the code to gain access to the vehicle. Using the same code again will not work. The remotecontrol and the receiver use an encrypted system to share codewords.

These systems are still vulnerable to a specific kind of attack. A device can “jam” the first code used tounlock a vehicle and record it. When the vehicle owner tries again, the device will allow that codethrough while retaining the first one for future use.

Keep Up with Security

Wireless technologies will always be susceptible to attacks. These are only some of the most popularones in use, but more are being developed every day. While it falls outside of the scope of this article todescribe every technology in detail, you should take it upon yourself to learn the best security practicesand habits for your devices.

Information is the most valuable currency and keeping yours should be a top priority. Keep your wirelessdevices safely stored when not in use. When they are in use, do everything you can to minimize yourexposure to threats. An ounce of prevention is worth a pound of cure when it comes to wirelesssecurity.

Top comments (0)