ActiveSync, TCP/IP and 802.11b Wireless Vulnerabilities of WinCE-based PDAs
Author
Pascal Meunier, Sofie Nystrom, Seny Kamara, Scott Yost, Kyle Alexander, Dan Noland, Jared Crane
Tech report number
CERIAS TR 2002-17
Abstract
Researching the vulnerabilities and security concerns of WinCE-based Personal Digital Assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of some vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated unstabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC
addresses on the network, which defeats MAC-address based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.
Booktitle
Workshops on Enabling Technologies: Infrastructure for Collabrative Enterprises
Publisher
IEEE Computer Society
Affiliation
Center for Education and Research in Information Assurance Security
Publication Date
2001-01-01
Keywords
WinCE, WEP, ActiveSync, wireless, security, 802.11b, vulnerability
Location
Carnegie Mellon University, Pittsburgh, PA