Analyze Attacks and Vulnerabilities

Analyze Attacks and
Vulnerabilities 10
. . . man will occasionally stumble over the truth, but usually manages to pick
himself up, walk over or around it, and carry on.
—Winston S. Churchill
THE SECOND PHASE OF THE I-ADD SECURITY PROCESS is the analyze phase.
During this phase you examine known attacks, vulnerabilities, and theoretical attacks
in order to generate protections and mitigations. These protections and mitigations are
methods or procedures used to inhibit an attacker’s ability to exploit a vulnerability or
perform an attack. The protections and mitigations should be identified without con-
sideration for other factors, such as cost, limits to functionality, or time to implement.
Trade-offs are evaluated and decisions are made during the next I-ADD phase, the
define phase.
Known Attacks
Identifying known attacks requires research of security-related Web sites, papers, and
trade journals. Although currently known attacks are few in number, relative to wired
systems, they are likely to grow as wireless systems become more prevalent and pro-
vide a richer target for the attacker community. The known attacks we cover here are
specific to the wireless portions of the system. The Web servers, backend servers, and
gateways are all subject to known attacks specific to their hardware platform, operat-
ing systems, and ancillary applications. The importance of specifically examining
known attacks separate from theoretical attacks is that known attacks are likely to be
attempted by an attacker when targeting a wireless system. Therefore, known attacks
deserve a higher priority when making trade-offs during the next I-ADD phase.
187
188 A N A LY Z E AT TA C K S A N D V U L N E R A B I L I T I E S
Device Theft
Device theft is just as it sounds, the physical theft of the device by an attacker. Fortu-
nately, this is not a concept new or unique to wireless devices or systems, so the need
for protection of wireless devices and systems against physical theft is intuitive to
device and system manufacturers. Unfortunately, devising devices or systems resistant
to theft is very difficult.
Several mitigations can be employed to minimize the threat. We will not spend
much time stating the obvious, such as locking and alarming rooms that house
equipment.
The Man in the Middle

The attacker, by interjecting herself between the user and the server, accomplishes the
well-known man-in-the-middle network attack. This interjection is done by gaining
physical access to the logical or physical path between the user and the server, such as
sitting at the user or server’s access point to the network. Alternatively, this can be
used to spoof the user to the server and the server to the user. In both scenarios, the
attacker has complete access to the communications between the user and the server.
War Driving
In the 1980s, malicious types began war dialing, calling phone numbers at random in
an attempt to locate unprotected modems and gain access to networks. The early
2000s version of war dialing is war driving, roaming around with a laptop, wireless
NIC, and an antenna and attempting to gain access to wireless networks. As we have
discussed, the vast majority of wireless networks deployed do not use WEP or use
WEP without implementing RSA’s Fast Packet Keying solution to (more or less) secu-
rity. With a $100–150 wireless NIC set in promiscuous mode and a cheap parabolic
grid antenna from Radio Shack, hackers have gained access to thousands of wireless
networks across the United States. In populated areas, war drivers have used simple
GPS applications in combination with the wireless NIC and antennae and have suc-
cessfully mapped the location of thousands of wireless networks to which they can
gain access. No esoteric software or hardware is required. A software application
called AirSnort has the ability to analyze the intercepted WEP traffic and, after collect-
ing enough data, even determine the root password for the wireless system.
Denial of Service
Denial of service is a class of attacks that take many forms, from subtle to obvious. An
obvious denial of service attack against a wireless system would be to sever the coax
cable on the tower between the transceiver and the antenna. This definitely would
deny service to anyone wanting to use that particular tower. A more subtle attack
V U L N E R A B I L I T I E S A N D T H E O R E T I C A L AT TA C K S 189
would be to tie up the system with service requests or to spread a bogus e-mail such
as “New and Destructive Virus,” explaining that you should e-mail everyone you know
so that they can protect themselves. The desired result is that the system becomes so
bogged down with these e-mails that legitimate traffic cannot be accommodated.
Another popular denial of service attack is the “Please help, my child is dying.” An
e-mail is sent saying that someone, usually a hapless child, is suffering from a terrible
affliction. The e-mail goes on to say that a corporation has agreed to provide X amount
for every e-mail it receives regarding this child, so please forward this e-mail to every-
one you know so that this child can be saved. The desired result is to overwhelm the
corporation’s servers and cause them to crash.
The DoCoMo E-Mail Virus

As of the writing of this chapter, there have been two similar virus attacks against
Japan’s DoCoMo cellular system. These attacks are viruses that can be downloaded
into multifunction cellular phones. The viruses cause the user’s phone to automatically
dial a number, such as 911, tying up both the cellular and 911 systems. With little imag-
ination, you can see how this type of activity can have far-reaching and dire conse-
quences.
Vulnerabilities and Theoretical Attacks

Identifying vulnerabilities is a difficult process because you are looking for what might
occur and trying to anticipate how an attacker could attempt to exploit the system. The
process is a dual-mode analysis in which you are examining potentially vulnerable
areas while anticipating theoretical attacks. Based on the success or failure of these
theoretical attacks, the particular component or resource is identified as vulnerable.
Recall that you are not making any determination at this point about the practicality
of an attack or the development trade-offs necessary to protect or mitigate the vulner-
ability.
To begin the examination of vulnerabilities, you begin at the top of the targets list
and place yourself in the malicious roles identified earlier. You then create theoretical
attacks to which these targets would be vulnerable. Experience and knowledge of the
system’s inner workings are crucial if you are to have any expectation of identifying all
its potential vulnerabilities. If you are examining an existing system, this requirement
may lead you to utilize the developers to conduct the vulnerability analysis. This is
acceptable as long as the team is evenly weighted with those who were not involved
with the development. The reason is, developers know what they were trying to
accomplish, and they may make assumptions about how the system functions or
responds under certain circumstances. Further, developers know how the system was
intended to function, but most attacks attempt to cause the system to function in a
manner in which it was not intended.
Vulnerabilities of the Wireless Device

Similar to identifying targets, you begin at the highest levels and work your way down
to the lower functional levels of the system. In general, the lower functional levels
require more detailed knowledge, for you to analyze and for an attacker to exploit.
However, with any generality, there are always exceptions, particularly with exploits.
Once identified by someone with knowledge, even the lower-level functional levels
can be successfully exploited by others with less technical expertise. We discuss this in
greater detail throughout the remainder of the chapter, looking at specific examples.
Suffice it to say that for this analysis, you must try to be as thorough as possible to
ensure that the system is fully protected. You begin by looking at the targets identified.
The Wireless Device Itself

The vulnerability, loss, or theft of this particular target is not new to wireless. Loss or
theft of personal items has been a concern since our ancient ancestors first grasped the
concept of personal property as they huddled around fires in caves. The vulnerability
of wireless devices is that they can be misplaced by users or taken by malicious users.
User Interface
The user interface should be examined in its two parts: the physical interface and
access to the user interface. These two have different issues that should be acknowl-
edged for completeness of your risk assessment.
The Physical Interface

The physical interface is vulnerable to environmental factors such as water, shock, and
abrasion—for example, dropping the device in a puddle or spilling coffee on the
device, dropping it off a table, having it slip out of the user’s hands, having the device
slide across a rough surface, and having someone sit on or drive over the device.
Access to the User Interface

The user interface is vulnerable to environmental factors that cause inadvertent
input—for example, a cellular phone in someone’s purse being bumped and activated
when an object inside the purse depresses the Send key.
Offline Functions
Personal Data on the PDA

Here is where things become more interesting. You examine each of the malicious
roles separately to ensure that you cover all the possible vulnerabilities. Again, this is
not guaranteed. To ensure a system’s security, you must review the vulnerabilities in
light of new known attacks, updated information on the system, or new theoretical
attacks.
Malicious Device Support Personnel

Personal data stored on the device is vulnerable to malicious device support personnel
when the device is taken in for upgrades, maintenance, or repair. These support per-
sonnel may have access to manufacturer bypass and diagnostic codes, equipment, or
utilities that give them access to personal data stored on the device.
Poor or inexperienced device support personnel may inadvertently leave the
device in a security bypass or diagnostic mode that leaves personal data vulnerable.
Malicious App Developer

Malicious application developers can create a virus or Trojan Horse (a program that, in
addition to providing an overt useful function, performs a covert activity, usually mali-
cious) utilities or programs that allow access to personal data on the PDA.
Poor or inexperienced application developers may not take appropriate security
measures regarding their particular application, such as not clearing buffers and over-
writing data elements, leaving personal data vulnerable during transit.
Malicious App Support Personnel

Malicious application support personnel may dupe the user via social engineering to
provide access, or information necessary for access, to personal data under the aus-
pices of assisting with an application issue. Alternatively, malicious app support per-
sonnel may enable debug or other diagnostic switches within the software, disabling
security mechanisms present in the device or software.
Poor or inexperienced app support personnel may inadvertently leave debug or
diagnostic switches enabled following a support activity, rendering the personal data
vulnerable.
Malicious User
Personal data is vulnerable to a malicious user who has gained access to the device.
Recall that malicious user is a catchall term encompassing a variety of activities.
Although this simple statement is adequate for describing the vulnerability, the com-
plexity of the role becomes important and should not be forgotten when generating
mitigations and protections or performing the security-functionality trade-offs. For ex-
ample, a malicious user may pose as a member of one of the legitimate functional
roles and become the functional equivalent of one of the malicious roles just dis-
cussed.
Corporate or Third-Party Information

From a vulnerability perspective, no distinction exists between corporate and third-
party information and personal data. There may be some distinction when it comes to
the security-functionality trade-offs. For example, a device manufacturer may be will-
ing to limit some functionality to ensure the protection of the user’s personal data but
may decide that the same trade-off for corporate data is unnecessary because its obli-
gation ends with the user.
Online Functions
Personal Data Being Sent
This target is personal data as it is in transit. You will notice that all the previous roles
are present, with the addition of a few others because of the data’s increased exposure
during transport.
Malicious Wireless Service Provider (WSP)

Your first thought may be, “How could a WSP be malicious?” In general, WSPs are not.
They are in the business of providing wireless services, so performing any untoward
activity would be counterproductive. However, consider the following example, based
on the office complex scenario introduced in Chapter 1, “Wireless Technologies.”
Suppose that AdEx Inc., as a courtesy to its clients, offers wireless access through
its network. NitroSoft is visiting AdEx for a presentation of a proposed new marketing
campaign. During breaks in the presentation, the NitroSoft representative sends and
receives e-mail via his wireless PDA. This information is related to the campaign,
including price limits and current bids from other representatives attending similar pre-
sentations around the country. The connectivity is much appreciated by the Nitro-
Soft representative because he can discreetly communicate the current status to his
NitroSoft co-workers to ensure that NitroSoft receives the best marketing campaign for
the money.
What the NitroSoft representative doesn’t know is that someone from the AdEx IT
staff is monitoring the NitroSoft representative’s communications and relaying any per-
tinent information to AdEx’s marketing staff so that they will be well informed of her
feelings about the presentation, any misgivings she may have, what NitroSoft’s bottom
line will be, and possibly what the bids are from other marketing firms.
In this example, is AdEx just doing smart business? After all, AdEx owns the wire-
less connectivity hardware, and by extension, everything it transports. Or is AdEx a
malicious WSP? Unless AdEx had the NitroSoft representative sign an agreement to
access its wireless network and this agreement contained a waiver granting AdEx
access to anything transmitted over the network, we would vote for the latter. There-
fore, personal data transmitted by the device may be vulnerable to a malicious WSP.

Personal data transmitted by the device can be made vulnerable by malicious device
support personnel when the device is taken in for upgrades, maintenance, or repair.
These support personnel may have access to manufacturer bypass and diagnostic
codes, equipment, or utilities that allow them to bypass security features, leaving per-
sonal data transmitted by the device vulnerable.
Poor or inexperienced device support personnel may inadvertently leave the
device in a security bypass or diagnostic mode that renders personal data vulnerable
during transit.
Malicious WSP OMS Personnel

Personal data transmitted by the device is vulnerable to malicious WSP OMS personnel
who have access to the WSP transceiver and wireless network equipment.

Malicious application developers may create a virus or Trojan Horse utilities or pro-
grams that cause the transmitted data to be vulnerable. An example would be an
encryption utility containing nonunique or known keys. To the user, the data appears
encrypted, but it is readily accessible to unauthorized individuals who know the key.
Alternatively, an e-mail utility may send a blind copy of every message sent or re-
ceived by the device to a predefined address.
measures regarding their particular application, rendering personal data vulnerable
during transit.

Malicious application support personnel may coerce the user via social engineering to
provide access, or information necessary for access, to personal data under the aus-
pices of assisting with an application issue. Alternatively, malicious app support per-
sonnel may enable debug or other diagnostic switches within the software, disabling
security mechanisms present in the device or software.
diagnostic switches enabled at the conclusion of a support activity, rendering the per-
sonal data vulnerable during transit.
Malicious User
Personal data is vulnerable to a malicious user who has access to, or has built a
receiver that can monitor, the transmission of the PDA and can reconstruct the data
transmitted and received. Again, a malicious user can assume any of the preceding
malicious roles to gain access necessary to exploit a vulnerability.
Corporate or Third-Party Information Being Sent

As with offline functions, from a vulnerability perspective there is no distinction
between corporate or third-party information and personal data in transit.
User Online Activities, Usage Patterns, Location and Movement

This category can be considered a subset or equivalent to user personal data as far as
vulnerabilities are concerned. The difference lies in how this type of information can
be protected, which we discuss in Chapter 12, “Define and Design.”
Access to Network and Online Services

As used here, access to network and online services means the use of the device
or information on the device to gain access to network and online services. This
distinction separates it from similar activities occurring against the service provider,
which we will discuss shortly.

User network and online services access credentials are vulnerable to device support
personnel who have access to the device for upgrade, maintenance, or repair pur-
poses. Device support personnel may have access to manufacturer bypass and diag-
nostic codes, equipment, or utilities that give them access to network and online
services access credentials on the device.

User network and online services access credentials are vulnerable to WSP OMS per-
sonnel when this information is received and processed by the WSP equipment. The
user may also be coerced into providing network or online access credentials to WSP
OMS personnel.

User network and online services access credentials are vulnerable to applications that
can copy and store, or forward, these credentials to the developer.
Malicious User
Access to network and online services are vulnerable to a malicious user. A malicious
user may gain access to the device and retrieve network and online services creden-
tials, to be used on another device or at a later time. A malicious user may monitor
transmissions, discussed under “Malicious User” for personal data being sent to obtain
network and online services credentials. Again, a malicious user can assume any of the
preceding malicious roles to gain access necessary to exploit a vulnerability.
Transceiver
The Transceiver Itself
Malicious Device OMS Personnel

The transceiver is vulnerable to manipulation or modification by malicious device
OMS personnel.
Malicious User
The transceiver is vulnerable to manipulation or modification by a malicious user. For
example, this may be done to assist a man-in-the-middle attack.
Vulnerabilities of the Service Provider

The Transceiver Itself
When we use the term transceiver in regard to the service provider, we are consider-
ing a transceiver system consisting of the antenna array, tower, coax, transceiver, and
switching equipment.

The transceiver is vulnerable to manipulation or modification by malicious device
OMS personnel.
Malicious User
example, this may be done to deny service to areas or individuals at crucial times.
The Transceiver Services

The transceiver services are vulnerable to manipulation or modification by malicious
device OMS personnel—for example, granting network access to unauthorized users
by providing maintenance or diagnostic access credentials to these unauthorized
users.
Malicious User
example, a malicious user may obtain access credentials to utilize the service without
paying for the privilege.
Access to Its Subscribers

The service provider is vulnerable to WSP OMS personnel who can grant access to the
network, and thereby its subscribers, for spam or other unsolicited purposes.
Malicious Corporate/Private Servers

The service provider is vulnerable to malicious corporate or private servers that access
the service provider to deliver advertising, marketing, or other spam to the service
provider’s subscribers.
Malicious Corporate/Private Server OMS Personnel

The service provider is vulnerable to malicious corporate or private server OMS per-
sonnel who utilize authorized servers to perform unauthorized access to subscribers.
For example, service provider subscribers receive stock quotes as part of their service
plan. OMS personnel with access to the quote server that provides this service could
alter the server to deliver anything in addition to, or in place of, the stock quotes.
Malicious Content Providers

The service provider is vulnerable to malicious content providers who use the service
provider resources to spam or otherwise deliver their payload to the subscribers.

The service provider is vulnerable to malicious app developers who include back
doors or Trojan Horse utilities or programs that the service provider uses. These app
developers can then use the privileged access available to their legitimate applications
to obtain illegitimate access to the subscribers.

Service provider subscribers are vulnerable to malicious application support personnel
who enable debug or other diagnostic switches within the software, disabling security
mechanisms that protect access to the subscribers.
diagnostic switches enabled at the conclusion of a support activity, rendering corpo-
rate proprietary data and resources vulnerable on the network server.
Malicious User
The service provider is vulnerable to malicious users gaining network access to allow
them access to the service provider’s subscribers, either by these malicious users’ act-
ing in one of the preceding roles or by exploiting a vulnerability in the overall service
provider’s system.
Transceiver
Recall that there were no targets for the transceiver beyond those identified for the
higher-level functional block.
Administrative Server
By administrative server, we are referring to the billing, maintenance, and support sys-
tems associated with keeping the wireless infrastructure functional.
User-Specific Data
User-specific data is information such as credit card numbers, address, finances, call
and access log information that resides on the administrative server.

User-specific data resident on the administrative server is vulnerable to malicious WSP
OMS personnel who exploit their system access to gain access to user-specific data.

User-specific data resident on the administrative server is vulnerable to malicious app
developers who include back doors or Trojan Horse utilities or programs that the ser-
vice provider uses. These app developers then use the privileged access available to
their legitimate applications to obtain illegitimate access to user-specific data.

User-specific data is vulnerable to malicious application support personnel who
enable debug or other diagnostic switches within the administrative server software
that disable security mechanisms.
diagnostic switches enabled at the conclusion of a support activity, leaving the user-
specific data vulnerable on the administrative server.
Malicious User
User-specific data resident on the administrative server is vulnerable to malicious
users’ gaining access to the service provider’s network and thereby accessing user-
specific data. The service provider’s network access may be obtained by these mali-
cious users’ acting in one of the preceding roles or exploiting a vulnerability in the
overall service provider’s system.
Corporate Proprietary Data and Resources

Corporate proprietary data and resources refer to information resident on the admin-
istrative server that provides network details, fraud detection scheme information, and
the like.

Corporate proprietary data and resources resident on the administrative server are vul-
nerable to malicious WSP OMS personnel who exploit their system access to gain
access to corporate proprietary data and resources.

Corporate proprietary data and resources resident on the administrative server are vul-
nerable to malicious app developers who include back doors or Trojan Horse utilities
or programs that the service provider uses. These app developers can then use the
privileged access available to their legitimate applications to obtain illegitimate access
to corporate proprietary data and resources.

Corporate proprietary data and resources are vulnerable to malicious application sup-
port personnel who enable debug or other diagnostic switches within the software
that disable security mechanisms present in the network server.
diagnostic switches enabled at the conclusion of a support activity, leaving corporate
proprietary data and resources vulnerable on the network server.
Malicious User
Corporate proprietary data and resources resident on the administrative server are
vulnerable to malicious users gaining access to the service provider’s network, and
thereby access to corporate proprietary data and resources. The service provider’s net-
work access may be obtained by these malicious users’ acting in one of the preceding
roles or exploiting a vulnerability in the overall service provider’s system.
Network Server
User-Specific Data
User-specific data is information such as credit card numbers, addresses, and data such
as e-mail and Web traffic that transits the network server.

User-specific data transiting the network server is vulnerable to malicious WSP OMS
personnel who have access to the network server.

Malicious application developers can create virus or Trojan Horse utilities or programs
that cause the transit data to be vulnerable. An example would be a network routing
utility containing code that routes a copy of the transit data to the app developer.
measures regarding their particular application, rendering user data vulnerable during
transit.

enable debug or other diagnostic switches within the software that disable security
mechanisms present in the network server.
diagnostic switches enabled at the conclusion of a support activity, leaving the user
data vulnerable during transit of the network server.
Malicious User
User-specific data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the network server.

Much the same as for the administrative server, corporate proprietary data and
resources refer to information resident on the network server. We are referring to the
system that connects the service provider’s transceivers to the remainder of the wired
world.

Corporate proprietary data and resources resident on the network server are vulner-
able to malicious WSP OMS personnel who exploit their system access to gain access

vulnerable to malicious app developers who include back doors or Trojan Horse utili-
ties or programs that the service provider uses. These app developers can then use the
privileged access available to their legitimate applications to obtain illegitimate access

port personnel who enable debug or other diagnostic switches within the software
that disable security mechanisms present in the network server.
diagnostic switches enabled at the conclusion of a support activity, leaving corporate
proprietary data and resources vulnerable on the network server.
Malicious User
vulnerable to malicious users gaining access to the service provider’s network, and
thereby access to corporate proprietary data and resources. The service provider’s net-
work access can be obtained by these malicious users’ acting in one of the preceding
roles or exploiting a vulnerability in the overall service provider’s system.
Vulnerabilities of the Gateway

The gateway is functionally not much more than a server that performs processing to
convert Web traffic to a form compatible with the wireless device. You will notice that
the vulnerabilities listed mirror those for the administrative and network servers. The
Web server and backend server also have similar vulnerabilities. Therefore, we will not
cover the vulnerabilities for the Web server and backend server. Further, no additional
vulnerability is associated with having those servers linked to a wireless system (with
the exception of no longer needing physical access) than to a totally wired system.
The Physical Gateway
Malicious OMS Personnel

The gateway is vulnerable to manipulation or modification by malicious OMS
personnel.

The gateway is vulnerable to malicious app developers who include back doors or
Trojan Horse utilities or programs that the gateway uses. These app developers can
then use the privileged access available to their legitimate applications to obtain illegit-
imate access to gateway services.

The gateway is vulnerable to malicious application support personnel who enable
debug or other diagnostic switches within the software that disable security mecha-
nisms present in the gateway.
diagnostic switches enabled at the conclusion of a support activity, leaving the gate-
way vulnerable.
Malicious User
The gateway is vulnerable to manipulation or modification by a malicious user
who has assumed one of the preceding roles or has otherwise gained access to the
gateway.
User-Specific Data

User-specific data transiting or resident on the gateway is vulnerable to malicious WSP
OMS personnel who have access to the network server.

that cause the user-specific data to be vulnerable.
measures regarding their particular application, rendering user-specific data vulnera-
ble during transit or storage on the gateway.

enable debug or other diagnostic switches within the gateway software that disable
security mechanisms.
diagnostic switches enabled at the conclusion of a support activity, rendering the user-
specific data vulnerable during transit or storage on the gateway.
Malicious User
User-specific data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the gateway.
User Data

User data transiting the gateway is vulnerable to malicious OMS personnel who have
access to the gateway.

that cause the user data to be vulnerable.
measures regarding their particular application, rendering user data vulnerable during
transit of the gateway.

User data is vulnerable to malicious application support personnel who enable debug or
other diagnostic switches within the gateway software that disable security mechanisms.
diagnostic switches enabled at the conclusion of a support activity, rendering the user
data vulnerable during transit of the gateway.
Malicious User
User data is vulnerable to a malicious user who has access to, or has assumed one of
the preceding roles to get access to, the gateway.

Corporate proprietary data and resources on the gateway are vulnerable to malicious
OMS personnel who have access to the gateway.

that cause the corporate proprietary data and resources to be vulnerable.
measures regarding their particular application, leaving corporate proprietary data and
resources vulnerable on the gateway.

port personnel who enable debug or other diagnostic switches within the gateway
software that disable security mechanisms.
diagnostic switches enabled at the conclusion of a support activity, rendering the cor-
porate proprietary data and resources accessible from the gateway vulnerable.
Malicious User
Corporate proprietary data and resources are vulnerable to a malicious user who has
access to, or has assumed one of the preceding roles to get access to, the gateway.
Third-Party Data Transiting the Gateway

Third-party data transiting or resident on the gateway is vulnerable to malicious OMS
personnel who have access to the gateway.

that cause third-party data to be vulnerable.
measures regarding their particular application, rendering third-party data vulnerable
during transit or storage on the gateway.

Third-party data is vulnerable to malicious application support personnel who enable
debug or other diagnostic switches within the gateway software that disable security
mechanisms.
diagnostic switches enabled at the conclusion of a support activity, rendering third-
party data vulnerable during transit or storage on the gateway.
Malicious User
Third-party data is vulnerable to a malicious user who has access to, or has assumed
one of the preceding roles to get access to, the gateway.
Vulnerabilities of the Web Server and

the Backend Server
The Web server and backend server have nearly identical vulnerabilities as those iden-
tified for the gateway. Because we are concentrating on the wireless aspects of secu-
rity, we will not explicitly go through the exercise of listing the vulnerabilities of these
two functional blocks. Keep in mind that although the vulnerabilities may be identical,
the protections or mitigations chosen can differ considerably because of the analysis of
likelihood and the functionality trade-offs considered.
It should be clear that when you have identified the targets and roles, stating the
vulnerabilities becomes simple. It should also be obvious how these vulnerability
statements can be easily modified to become requirement statements.

Analyze Attacks and Vulnerabilities

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Analyze Attacks and Vulnerabilities

Încărcat de

Drepturi de autor:

Formate disponibile

Analyze Attacks and

The Man in the Middle

The DoCoMo E-Mail Virus

Vulnerabilities and Theoretical Attacks

Vulnerabilities of the Wireless Device

The Wireless Device Itself

The Physical Interface

Access to the User Interface

Personal Data on the PDA

Malicious Device Support Personnel

Malicious App Developer

Malicious App Support Personnel

Corporate or Third-Party Information

Malicious Wireless Service Provider (WSP)

Malicious Device Support Personnel

Malicious WSP OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Corporate or Third-Party Information Being Sent

User Online Activities, Usage Patterns, Location and Movement

Access to Network and Online Services

Malicious Device Support Personnel

Malicious WSP OMS Personnel

Malicious App Developer

Malicious Device OMS Personnel

Vulnerabilities of the Service Provider

Malicious Device OMS Personnel

The Transceiver Services

Malicious Device OMS Personnel

Access to Its Subscribers

Malicious WSP OMS Personnel

Malicious Corporate/Private Servers

Malicious Corporate/Private Server OMS Personnel

Malicious Content Providers

Malicious App Developer

Malicious App Support Personnel

Malicious WSP OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Corporate Proprietary Data and Resources

Malicious WSP OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Malicious WSP OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Corporate Proprietary Data and Resources

Malicious WSP OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Vulnerabilities of the Gateway

The Physical Gateway

Malicious OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Malicious OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Malicious OMS Personnel

Malicious App Developer

Malicious App Support Personnel

Corporate Proprietary Data and Resources