Mobile phone security is a big concern these days when everyone has a smartphone that they have grown dependent on. According to Help Net Security, Security Expert Raul Siles has revealed an inherent weakness in smartphones that run on Android, iOS, BlackBerry and Windows Mobile operating systems. The weakness exists in the method these devices use to detect and connect to Wi-Fi networks.
According to Siles, every time the Wi-Fi of a device is turned on, the device starts checking through 802.11 probe requests for networks on a periodic basis. The probe requests search for networks on the device's Preferred Network List (PNL), and once an appropriate response is obtained, it tries connecting to the network. In simpler terms, instead of listening for signals, the devices shout out and hope for a network to shout back so that they can connect.
Vulnerabilities in the way Wi-Fi works in these devices could be a problem (Image credit:Getty Images)
Because of how these devices connect to a network, a skilled hacker can create a fake network that can capture a device and manipulate it. This mainly happens because the network discovery process is performed by sending out a generic probe request as an open broadcast with specific requests.
“This situation has been known since 2004; Microsoft fixed it for Windows XP in 2007 and recently in Windows Phone devices but it seems the other mobile device vendors are not as concerned,” says Siles.
The problem was originally acknowledged on Android devices back when the operating system numbered at 2.x (Éclair, Frozen Yoghurt and Gingerbread) and 3.x (Honeycomb), but hasn't been fixed as of yet, despite the OS reaching version 4.x (Ice Cream Sandwich and Jelly Bean). The vulnerability also exists in all versions of iOS, and BlacKBerry 7.x. Although, BlackBerry 7 users can resolve the issue by enabling the “SSID broadcasted” option from the advanced Wi-Fi settings of their devices.
“In some cases, there are options that can be changed to avoid this issue but on most devices when a Wi-Fi network is added manually it presents the vulnerable behavior and few users are aware of the security implications” Siles adds.
Publish date: May 27, 2013 3:46 pm| Modified date: December 19, 2013 11:43 am