GottaBeMobile - GottaBeSecure: WiFi and the Rookie Looks at Data Seepage (Part 5 of 5) : Tablet PC & Mobile PC News & Video Reviews, and Tablet PC Forums

Friday, October 12, 2007

« Transparent Touch Screen Video | Main | Welcome Sierra Modro to Team GBM! »

GottaBeSecure: WiFi and the Rookie Looks at Data Seepage (Part 5 of 5)

Over the past few weeks, we’ve discussed passive mobile security threats, active hacker threats, and tablet PC theft. In the final installment of this series on mobile security, we’ll be looking at an advanced mobile security issue, data seepage.

Tablet PC’s and ultra-mobile devices have opened up a whole new world of productivity and connectedness for people who need to work and stay in touch no matter where they go. However, operating computers in the unprotected realms of coffee shops and hotel broadband networks also opens up risks that most road warriors don’t anticipate.

Did you know that your tablet PC or ultra-mobile device may be leaking personal information to everyone within WiFi range? This information could include who you are, your company name, your previous IP address, where you’ve been, and much more…

Robert Graham of Errata Security revealed at July’s Black Hat security conference just how much personal data mobile computers leak with his “Ferret” WiFi information gathering tool. Graham, a security researcher and CEO of Errata Security, briefed attendees on the wide range of information mobile WiFi devices running MS Windows broadcast to anyone who’s listening to include:

- Computer name

- Computer description

- Previous IP address used (from the DHCP broadcast)

- A list of wireless network names your PC has previously connected to when it can’t find it’s “preferred” wireless network

The Ferret tool also sometimes picks up usernames and passwords sent without encryption (but WiFi and the Rookie readers already know that from Part 1 of this series…). The combination of personal information (often contained in the computer description, for example “Sally Smith’s tablet PC”) and the broadcast of previous wireless networks is a serious privacy concern. Using this information, a stalker or high-tech thief could locate your house and use your wireless network as confirmation that he has the right “Sally Smith.”

To reduce your risk from data seepage, employ basic operational security measures, like the military. Don’t give your computer a name or description that reveals your real name or work affiliation. To check or change your computer's description, follow these steps:

- Click on Control Panel from the Start menu

- Open the System icon

- Select the Computer Name tab

- Change what's in Computer description, if necessary

Also, it’s a good idea to keep your wireless network name at home generic (“linksys” should be just fine even if you’re access point is not made by Linksys) and turn off the SSID broadcast.

Unfortunately, you can’t keep MS Windows from broadcasting various bits of information to the wireless network, but you can control what some of that information looks like. For more information on data seepage, check out Robert Graham’s excellent briefing from Black Hat 2007, which is posted here: http://www.erratasec.com/BH_DC_07_Data_seepage.ppt

This concludes my initial series on mobile security. I hope you’re enjoyed reading it as much as I’ve enjoyed writing it. I plan to continue to publish these articles on a weekly basis, but need your help finding topics. Please post any ideas you have for future articles as comments to this article.

GottaBeSecure

10/12/2007 7:53 AM MST

GottaBeSecure: WiFi and the Rookie Looks at Data Seepage (Part 5 of 5) Comments [5] | Digg This | del.icio.us | Citations

Friday, October 12, 2007 8:37:35 AM (Mountain Daylight Time, UTC-06:00)

Terry, I have enjoyed and learned from your articles. Thanks so much! One thing that I have been wondering about is the choice that I have when I connect with a WiFi network of "Computer in Domain" or "Computer on the Move" (or whatever it is). It seems pretty obvious that I pick the first when I am on my own, secured network, and the second when I'm in a coffee shop, but I really don't know what the different settings do. Just a possible thought for another article. Thanks,

Sharon

SB Treloar

Friday, October 12, 2007 10:39:59 AM (Mountain Daylight Time, UTC-06:00)

Sharon,

Are you using Vista? According to the Vista help files for wireless:

"There are three network locations: Home, Work, and Public place.

Home or Work

Choose one of these locations for home or small office networks when you know and trust the people and devices on the network. Network discovery, which allows you to see other computers and devices on a network and allows other network users to see your computer, is on by default. For more information, see What is network discovery?

Public place

Choose this location for networks in public places (such as coffee shops or airports). This location is designed to keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet. Network discovery is turned off for this location."

So...if you're out and about on public networks, choose the "Computer on the Move" or "Public place." This will provide the maximum security (from a network perspective). When you're at home, you may need to switch your profile to get things like files shares (or media shares) to work properly.

Hope that answers the mail.

Terry

Terry Bradley

Friday, October 12, 2007 12:24:30 PM (Mountain Daylight Time, UTC-06:00)

Hi Terry!

Actually, what I was trying to get at was the Network Discovery settings, what they do, and whether using these settings addresses the data seepage concerns you were writing about. It's pretty clear which settings are appropriate for which locations, but I am interested in what's actually happening when I choose the various settings. One of my frustrations with Vista is that it does a good job of helping people who are newbies figure out what to do, without being very good at giving information to the intermediate/somewhat advanced user. I can go to knowledge base articles, which sometimes get over my head, or I can settle for "this setting sets the setting that you are setting" explanations in the help files. Not always a lot in between.

Thanks,

Sharon

Sharon Treloar

Monday, October 15, 2007 9:45:14 AM (Mountain Daylight Time, UTC-06:00)

Sharon,

I do now understand your question, but I am not certain what the answer is. What I would recommend is downloading Ferret and seeing for yourself what information your computer is leaking. I don't think the network discovery settings will make a big difference, though.

You can download Ferret from Errata Security's web site here: http://www.erratasec.com/ferret.html

Ferret runs from the command prompt. The first time you run Ferret, just type ferret . That will display a list of the interfaces to choose from. From that list, figure out which interface number is your wireless adapter (mine is 4) and type the command: ferret.exe -i4 -vv (where the 4 represents the number of your wireless interface).

Good luck and have fun!

Terry

Terry Bradley

Monday, October 15, 2007 3:04:55 PM (Mountain Daylight Time, UTC-06:00)

Thanks, Terry!

I just might have to do that.

Sharon

Sharon Treloar

Comments are closed.