McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Wireless Fidelity (Wi-Fi) Hacking

Crimes committed using mobile computing devices such as laptops and Personal Digital Assistants (PDAs) with Wireless Fidelity (Wi-Fi) technology implicate accessing another Users Internet network connection without permission. "Wi-Fi networks use radio technologies called IEEE 802.11a, 802.11b or 802.11g to provide secure, reliable, fast wireless connectivity".

A wi-fi connection allows a User to remotely connect to their digital wi-fi device within a specific range, without the need for cables. In a house for example, a User sets up a Wi-fi connection in one room and can access the Internet using a laptop in the garden for instance without the need for any cables. As wi-fi can connect multiple computers to each other and to the Internet via a single high-speed connection, this means everyone connected can share files and documents with each other. The crime takes place when a roaming culprit accesses the wi-fi connection from outside the house without knowledge or permission of the wi-fi owner. The culprit can roam an area and search for an internet connection "hot spot areas" to connect. This is known as wi-fi hacking, accessing a wi-fi connection without permission. Section 48 of the Wireless Telegraphy Act 2006 states that "it is a criminal offence to knowingly use an apparatus with intent to obtain information as to the content, when not the intended recipient; or disclosing that information" (http://www.opsi.gov.uk/acts/acts2006/ukpga_20060036_en.pdf, p36, accessed 16/06/07).

Manaufacturers Research in Motion (RIM) highlight that in the first instance, the built-in security policies of the BlackBerry Enterprise Server would need to be in "disabled" status for "BBProxy" to be effective. Further, a central IT policy would forbid installation of unauthorised software as would the setting up of an external connection from a BlackBerry device. For "BBProxy" to execute, it would be submitted as an attachment intended for the receipient to action by clicking "Open", however the BlackBerry Enterprise Server does not allow attachement downloads, accessed 18/06/07).
As a Mobile Data Service (MDS), a BlackBerry can be configured to adhere to corporate network policies just as the corporate desktop. This feature prevents potential security breaches by disallowing access to banned sites in accordance to corporate policy. Additionally, BlackBerry devices issued to employees by companies (can) prevent installation of unauthorised third party applications. RIM BlackBerrys do not provide scripting language support as standard configuration on BlackBerrys. This consequently means certain email scripts or attachments (i.e."BBProxy") which include scripting language, will not be supported by the Blackberry hence by default eliminates the risk posed by malicious messages (Kao & Sarigumba, 2006).

BlackBerry devices feature passwords to access data; their correct use is highly recommended by RIM. Password prompts can also be set to appear after automatic timeout, which can be set after a given time lapse. A manual locking function is also available, which again would require the correct password to access data. BlackBerry devices can be paired to a Bluetooth headset for practicality, but this does increase the risk of unauthorised access. This can be prevented by disabling the Bluetooth connection when not required and also by changing the default "0000" access PIN to prevent unauthorised "pairing" (Kao & Sarigumba, 2006).

Related Links
To Top