When a wireless device of any kind sends data from one location to another, the device needs to protect the data just as if it was traveling over a wired network. Unfortunately, that is often not the case as several security researchers proved at Black Hat and Def Con. Tools exist that allowed the researchers to capture data traveling over different types of wireless protocols and use it to exploit systems.
A device connected to a physical network sends data over the network cables that connect all the devices. Companies take various precautions to protect the data at the point of access and while traversing the network.
When a device is sending data wirelessly, the data travels over radio waves through the air instead of over a physical wire. Although the data is traveling over a different medium, the same security best practices apply.
Proper data security includes:
Authentication: Confirms a user trying to access the data is who they claim to be.
Authorization: Ensures the user has permission to take the requested action.
Encryption: Scrambles the data in such a way that only a person with the correct key can read it.
Protect Keys: Authentication and encryption depend on keys. Allowing an attacker to access the key makes these protections useless.
Standards: Vendors should follow well-vetted standards like FIDO, for example, which ensures a private key never leaves the owner’s device during the authentication process.
Secure Programming: Programmers should follow best practices such as those published by OWASP.
Unfortunately, vendors are taking short cuts when it comes to wireless data. Security researchers discussed and in some cases showed how to capture data and trigger actions on wireless devices. Captured data between a key fob and door of a Jeep enabled a researcher to open his car door. Altered GPS data changed an Uber bill to zero after the fact. Security researchers speculated that tornado sirens going off at the wrong time may have been a wireless replay attack, meaning the legitimate message to set off the siren captured in transit, and re-sent to trigger the sirens later at an unauthorized time.
These problems with wireless security are not new. This video explains that SCADA systems, used to manage power plants, send data unauthenticated and unencrypted: https://www.youtube.com/watch?v=8Z9JpHXfZvM. This article explains how an attacker could steal data via wireless keyboards: https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ Last year at Def Con, researchers showed how hackers could steal 24 different car models https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/ and compromise a number of Bluetooth house locks: https://www.engadget.com/2016/08/10/researcher-finds-huge-security-flaws-in-bluetooth-locks/
As one researcher put it, anything wireless is using radio waves to communicate. Anyone with the necessary equipment can access the data as it travels through the air. New devices make it easier for attackers to capture data sent via radio waves. The tools cost less as well. For this reason, manufacturers need to ensure their devices secure the data sent wirelessly over any protocol to or from any device. Hiring pen testers prior to release and leveraging bug bounties after release could help uncover these security flaws sooner. — Teri Radichel (@teriradichel)
Related Black Hat and Def Con Presentations: