x
M Finneran 12/5/2012 | 3:43:22 AM
re: WiMax's Small Steps to Security I really can't see any reason to expect that WiMAX will be less secure than cellular data services. Wi-Fi security was a mess because the tools were poor (WEP), and the networks were installed by amateurs. Carriers like Sprint know what has to be done to secure a network, and those "driver flaw" issues that were identified at Black Hat have largely been dubunked.

By the way, referencing AES as the encryption standard 802.16d (i.e. 802.16-2004) and EAP being considered for 802.16e (i.e. 802.16-2005) is a bit of apples-and-oranges. AES is an encryption standard, and EAP is a framework for authentication.
joset01 12/5/2012 | 3:43:22 AM
re: WiMax's Small Steps to Security re: AES/EAP

As far as I know AES will be part of the final mobile WiMAX profiles as well (if you know different perhaps you could enlighten me further), possibly along with possibly along with other encryption specs. I mentioned the debate over which authentication mechanisms to illustrate how fluid the whole security situation around WiMAX still seems to be.

The specific Mac Hack at Black Hat may have been debunked but I hope that doesn't mean that people stop taking these driver-level hacks seriously. The Sprint people reitarated their concerns on this point several times -- they're taking it seriously.

-- DJ
meshsecurity 12/5/2012 | 3:43:17 AM
re: WiMax's Small Steps to Security Hint:

Think about the vulnerabilities/exploits that are prevalent in the 3G world today...they exist.


mesh
turbinado 12/5/2012 | 3:43:14 AM
re: WiMax's Small Steps to Security Another point worth mentioning is KT's decision decision to use the SIM card combined with EAP functionality for Wibro authentication. KT can also leverage the secure SIM platform to roam onto KTF's 3G network and serve as a platform for other secure applications.

Gordon
meshsecurity 12/5/2012 | 3:43:04 AM
re: WiMax's Small Steps to Security EAP-SIM is old school....


http://www.cisco.com/en/US/pro...

Even they got it down about 4+ years ago....


mesh
IPobserver 12/5/2012 | 3:42:12 AM
re: WiMax's Small Steps to Security Think about the vulnerabilities/exploits that are prevalent in the 3G world today...they exist.

Yes, but for the vast majority this really isnGt an everyday problem.

Perhaps IGm being na+ve, but I feel pretty comfortable with 3G network security G and with HSPA you can run a VPN as well.

More worrying are the potentially dodgy unsigned apps you can download to Symbian, etc.
meshsecurity 12/5/2012 | 3:42:11 AM
re: WiMax's Small Steps to Security Symbian to IE exploit?

mesh
IPobserver 12/5/2012 | 3:42:11 AM
re: WiMax's Small Steps to Security I donGt know about specific exploits and such (or really understand much of this G IGm too dumb), but what IGve picked up from asking experts:

* The 3G network side has vulnerabilities (around GTP and PDP hijacks, etc), but this can be dealt with and wonGt affect end-users much. Only operators and very security-sensitive companies need worry about this.

* Inside the tunnel attacks are a major concern for everyone. Apparently, simulations show a virus loose in the handset population (i.e. that can replicate) could potentially bring down a cell network in 8 minutes!

* Attacks on the handset OS. I think Series 60 v3 (Symbian) is trying to shift to signed apps to try and mitigate this. DonGt know about Windows Mobile or Linux. Seems like a huge worry.

* Vulnerabilities from connecting your (compromised) phone to your PC. The phone becomes a Trojan horse and compromises the PC. Again, this seems like a major worry.

Is it safe for corporations to use smartphones?
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE