ActiveSync, TCP/IP and 802.11b Wireless Vulnerabilities of WinCE-based PDAs

Page Content

Author

Pascal Meunier, Sofie Nystrom, Seny Kamara, Scott Yost, Kyle Alexander, Dan Noland, Jared Crane

Tech report number

CERIAS TR 2002-17

Entry type

inproceedings

Abstract

Researching the vulnerabilities and security concerns of WinCE-based Personal Digital Assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of some vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated unstabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC addresses on the network, which defeats MAC-address based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.

Download

PDF

Date

2002 – June – 10-12

URL

https://www.cerias.purdue.edu/papers/archive/2002-17.pdf

Booktitle

Workshops on Enabling Technologies: Infrastructure for Collabrative Enterprises

Institution

CERIAS

Key alpha

Meunier

Organization

CERIAS

Publisher

IEEE Computer Society

School

Purdue University

Affiliation

Center for Education and Research in Information Assurance Security

Publication Date

2001-01-01

Keywords

WinCE, WEP, ActiveSync, wireless, security, 802.11b, vulnerability

Language

English

Location

Carnegie Mellon University, Pittsburgh, PA

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.