How many wireless vulnerabilities are really out there?

Computerworld - You hear a lot about wireless security threats, but do you know how many there really are? Or what kinds of vulnerabilities exist? Or what exactly "wireless phishing" means?

The Wireless Vulnerabilities and Exploits group has been cataloging security vulnerabilities on wireless networks, primarily Bluetooth and the various flavors of 802.11, for nearly a year. Started by Network Chemistry, it now has 134 wireless vulnerabilities documented on its Web site.

"We started this because while a lot of attention is devoted to vulnerabilities in operating systems and software, much less is focused on the network layer and very little on wireless networks," says Network Chemistry Chief Technology Officer Chris Waters. Network Chemistry invited recognized experts from across the wireless industry to serve on its editorial board. They review and classify reports of vulnerabilities and exploitation attempts sent by a variety of sources.

"Anybody can send in reports," says Joshua Wright, senior security researcher at Aruba Networks and a founding member of the editorial board. Aruba recently signed up as a sponsor of the WVE. "We are very sensitive to disclosure practices, so we don't make information available to the attack community before the vendors who mitigate these problems know it," Wright says.

Tracking standards

Keeping the vendors and the public informed about security threats is one of the main purposes of the group, and the complete catalog of threats and exploits is published on the Web site. "Anybody can use it as long as they attribute it to the organization," Waters says. It also tracks emerging standards, often a confusing area in the wireless space.

He estimates that the site now has about 80% of the total vulnerabilities catalogued. "We started with the more recent issues and now are going back to earlier problems," he says. This is a useful reference for IT security and network personnel, both for potential vulnerabilities in the enterprise wireless network and of dangers their end-users face when outside enterprise walls. It covers both the vulnerabilities themselves and the methods and tools that are being used to attack them.

The other purpose behind the group is to build a common vocabulary of terms and reference numbers for vulnerabilities to facilitate communications both between humans and machines. "Often different people use different terms for the same exploit or the same term for different vulnerabilities," says Wright. "I see this especially in my classes at the SANS Institute, where I teach. One day for instance someone mentioned a 'wireless phishing attack.' To this day I don't know what wireless phishing is. We give the community a common vocabulary with published definitions. When we see that referenced in other venues, we know we are talking about the same thing." This becomes the basis for discussions about wireless security issues.