 So is everybody having a good time? Conference is winding down now. So I've got this lecture and I think one more after this one left over. So it's been a great weekend. I've had a lot of fun out here. Looking over the crowd today, I see a lot of familiar faces. So hello to everyone. If I haven't had a chance to talk to you. And if I haven't met you before, let me introduce myself. My name is Brett Nielsen. I'm an IT security professional by day, but I'm here independently because the company I work for doesn't necessarily condone the activities at this conference. So I'm gonna go ahead and be independent today. So I am an author of a wireless security book. It's called Maximum Wireless Security. Might also have caught Seth Fauci's talk earlier in the week that was talking about an embedded application, reverse engineering. He's also one of the co-authors of that book. So if you haven't picked it up, pick it up. It's a good book. It's got a lot of good information on wireless security and whatnot. So with that, let's go ahead and get talking about malicious code on wireless networks. What I'm gonna introduce today is more of kind of a proof of concept. You're not gonna see a major whizbang tool or anything, but it's some ideas that I've been going over and thinking about working professionally in my day-to-day job and some concepts that have kind of come up as far as what could potentially come up in the future on some wireless networks and also what has come up in some other areas. So we'll start off by talking about wireless technology networks and devices. We'll move into defining wireless threats. We'll talk about why malicious code can spread on wireless networks. We'll look at some of the vulnerabilities associated with that, some of the reasons why it makes it a little bit easier for malicious code to travel. The economic impact and potential damages to your companies or your networks as a result of these malicious code files traveling on the network. And then we'll talk about protecting against these malicious threats. So let's first do a quick overview of wireless technology. I'm sure most of you are probably familiar with wireless as a whole, but just to make sure everybody's kind of on the same playing field, we'll go ahead and review some of this stuff real quick. First of all, we have to identify what exactly is wireless. Everybody uses this term kind of openly. It says, oh, it's wireless, oh, it's wireless. My computer's wireless, I'm wireless. But nobody ever really says what exactly wireless is and what it means to be wireless. So what Merriam-Webster, when I was trying to figure this out, I said, okay, well, let's go see what the dictionary says. Basically it says having no wire or wires, pretty self-explanatory, right? That's wireless. But wireless can be a lot of different things. The basic components of a wireless system, there's three main components. You've got the antenna, which is basically like conduit. The thing that would connect to your transmitter that's going to send the RF signal or the radio frequency signal to the receiver on the other end. Without those three components, you don't really have a complete circuit and you're not gonna be able to send the data back and forth. So those are your three main components of any wireless system. So who's using it? Everybody is using wireless. Every day we all use wireless and we've been using it for a long time. It's nothing new. We've been doing this for ages. Some of the ideas there are technologies that use wireless, they're televisions of course. You've got radios, satellites, you've got these new satellite radios that do a little XM deal, you stick in your car in the Cyrus, those are great. Police, fire and EMS, those are probably the most popular when people think about walkie-talkies and two-way radios, they think about those guys. Cellular phones and pagers. How many people in here carry pagers? Yeah, a couple. How many used to carry pagers but now carry cell phones? Yeah, that's what I thought. I used to work in the paging industry, so that's always interesting to see how many people are still carrying pagers and how many used to and are now on cell phones. Building access cards, the little badges that you use, the proximity cards to get in your building, some are swipe cards but others are the wireless badge cards which are kind of like an RFID system along the same lines of the automatic toll collections or toll tags. Anybody use toll tag systems? We pay a monthly subscription or you have a credit card on file, you put the little thing in your window and you can drive them down tollways and you don't have to throw money out the window. You just have it deducted from your account conveniently. So I think it goes along the same lines of the slot credit card things that way you don't think of the money when you're driving up and down the street. But we'll look at some of the more on these technologies here in a second. Another thing is mobile data terminals. These are becoming more and more popular and I'm sure as I'm curious, I'm sure several of you are curious as you pass by these highly outfitted police cars and comm vehicles, you tend to kind of look in the window and say, hey, what's this guy got? The mobile data terminals that are in a lot of law enforcement vehicles, they are also showing up in police and fire, or excuse me, in fire, EMS and all kinds of construction workers as well are starting to use these mobile data terminals because of their capabilities. Any more, they're actually more of a laptop than a mobile data terminal. As you can see in this picture, he's actually got a laptop there and in most situations those laptops can be undocked and then taken into the office to fill out reports and things like that. The nice thing is it allows instant access to the dispatcher data. So the dispatchers, especially within police and fire, have a queue of calls and they basically rate them on a priority of which one of gunshots, obviously, more important than a cat stuck in a tree. They rate them in a priority in dispatch and when people are in off time, they can go look at that queue and pick the calls that they wanna take and then go ahead and dispatch themselves out to those calls. So in that, they're using these mobile data terminals. Now, originally they were first set up when you get pulled over, the police get on the radio and they would call back to the dispatcher and read back your license information, all that and check to see if you have any wants or warrants or anything like that. What they're starting to do is use those on mobile data terminals. So they've gone off of the radio because there's a lot of sensitive information that's transmitted over the air that way and if you had any kind of radio shack scanner, you could listen to that sensitive data being transmitted over the air. So you could quite frequently listen to your neighbors and see if they are getting pulled over for anything and find people you know and listen to basically their criminal records come transmitted clear voice over the air. So they moved over to mobile data terminals with the indication that it was more secure. Up until recently, it was actually legal to monitor mobile data terminals. So you, with the right equipment, you could hook it up to a scanner and a little decode program and you could have your own little mobile data terminal sitting in your house or in your car and watch the same data that all the police are watching. So it really wasn't that more secure. Now they've changed the laws since then and it's now illegal to monitor that and illegal to have the Havar sell the software, I believe that allows you to do that. So it's changed a little bit. One of the new features that's coming out or that I've started to see talk on is live video monitoring. And this is kind of a cool feature. It's a really neat idea. What that allows the police officers or emergency workers to do is look at live video streams on their laptops in their vehicles. The idea behind this was a lot with the combine school shootings and things like that, that the police could arrive on scene and pull up and look at the video streams of what's going on inside the school. That brings up some interesting ideas. They also talked about doing it at banks. So if there's a bank robbery, they can pull up and start looking at the video cameras inside the bank, their own surveillance systems. Because what a better tool for them to have is to look inside that building. That would be ideal. I mean, theoretically, it might have somebody on the phone being able to tell them stuff. But if that isn't available, they can pull up their own cameras, control the cameras and look at the video. But now you have questions about other people being able to pull up in their cars and look at that video as well. So the live video monitoring is also used here in Vegas. There's, I've seen a couple of specials on like discovery and things like that. I'm sure most of you have probably seen it about a gentleman that's kind of a private investigator for the casinos and he tracks people that cheat on a regular basis at casino games. And what he does is he's got a cellular link up with his laptop in his car. The casinos will call him and say, hey, I want you to check out this table. And they'll start piping the video to him as he's driving up and down the strip. He'll pull over, I would hope. Watch the video, watch the video stream and say, yep, you've got Johnny pulling this kind of card trick at this place. You need to go ahead and pick him up. Or he'll look and identify him. Yep, you have so-and-so in your casino. Keep an eye on him. And he's a private consultant that works for a lot of the hotels. And he's using actually a cellular link back and forth, which is a little bit different than what we're talking. But it still kind of applies that they're still streaming that live video. So mobile data terminals are actually becoming very popular. They're getting used in all kinds of different methods and management to go about people's daily business. Cellular technologies. Let's go over these real quick. We all first started with the first generation 1G cellular. How many people had an old cell phone? One of the big brick phones? Did anybody have one of the big bag phones? Yeah, I see a couple hands. It was like $99 a minute or something like that, right? Real expensive, big antenna. Yeah, that was the old, good old first generation. It first came out around 1983. And it's actually still present today. The analog systems are still active. They're still out there. And in a lot of cases, they're still in use. I moved to Dallas, Texas about five years ago. And I was really quite surprised when I found out that all the Dallas police cars had the actual car phones, the kind of the Coiley cord and you'd hold it up to your head, running on the analog system. So if you had the right equipment, you could easily dial up the frequency and listen to all their transmissions coming off their cellular. Because what they would do is they say, oh, let's get off the radio because this is sensitive information. I need to call you directly. Well, if you're in reasonable range, you dial up the frequency and you can listen to them. Of course, that's highly illegal listening to those things. So to prevent some of that and to add on to some of the additional features of cellular, the 2G or second generation was developed. This came to market about 1995. How many people remember when the big digital movement happened, right? And everything went digital, right? Everybody remember that? That was the coolest thing to have digital cell phones, right? But the first thing I thought is when it went digital, I was like, wait, I can't hear as well as I actually could on the analog. Everybody was original saying, oh, this is great. You got all these new features, caller ID and all this good stuff, but you couldn't hear as good as you could on the analog system. And you still couldn't make phone calls in everywhere you needed to. I've always said, you know, if we can perfect the phone calls, that would make a good network. And we can do all this cool stuff on our cell phones now, but you know, I still can't make a phone call when I need to. I can't figure it out, so. But that's where you came up with digital and the PCS services. PCS, the reason why I say PCS services is originally it was marketed by a lot of carriers as PCS being a brand of services. And they were saying PCS. PCS actually refers to a set of frequencies that are in use, not the actual services that are rendered. So PCS services, such as caller ID, text messaging, voicemail, those kind of things. We also introduced with 2G networks data speeds, where you could now actually connect these phones into some type of transmission mode and actually transfer data back and forth. So now you started to open a window of this extra communication happening from your cell phone, besides just a voice call and text messaging. Text messaging first came to light in the 2G networks where you could actually text message off the phone and send emails back and forth. 2.5G is where we're at now. 2.5G, not quite 3G, but really getting close. We started to first see that in 2001, of course it's still current today, that's also the digital PCS services, same kind of services. They've just basically enhanced the data stream. They're changing a couple things. You can get up to about 56K transmissions on there. And this is when you first got real email. When your cell phone now has an email address where you can, you know, whatever at Verizon or whatever at AT&T, and you can actually send email messages to and from the phone. So that opened up a whole big can of worms there for vulnerabilities and all kinds of other things. 3G is the Messiah. That's where we're going. That's the big promise. Our other people in this audience that are not from the United States might already be enjoying some of the benefits of 3G, but us here in the United States, since we're kind of behind the times on things, we're still working at getting there. So I think Sprint is probably the closest, if not, I'm not sure exactly where they are. I think they claim they have some 3G services, but a lot of people are doing CDPD and other things which are really the 2.5. But 3G is actually really neat. If you haven't looked at it, look it up. There's a lot of cool features, a lot of cool examples of some phones and things that are coming out. But it's promised 2002 and beyond, and it's currently in progress of being built. Data speeds of 144K and plus. Basically what they're doing now is you know how they've got all these little camera phones that you're taking still pictures? They're promising us live video on the phone. So you'll actually not record the video and send it. You'll do live video. So you'll be able to watch whoever you're talking to and they'll be able to watch you all from the palm of your hand, which is kind of cool. There's a lot of advantage to that. Think about the possibilities of remote reporters being able to do remotes without having to have a big camera crew and a whole big truck with them. They go out and get on a cellular link and they basically hold their phone out there and they can talk back and forth and do their remote report. So that's definitely some good advantages coming of that with the live video and audio. Plus the increased data speed so you can do all kinds of data transfer. Still not our regular ethernet networks or wireless networks, but it's definitely getting there. So 802.11 networks. How many people run an 802.11 network at home or at work? Yeah, that's what I figured pretty much everybody. How many people have had a lot of luck with the 802.11 network here and being able to get internet access? Yeah, there's like three people in the audience. So you guys are the lucky ones. 802.11 is definitely growing in popularity. It first started off with just base 802.11. How many people remember symphony? Anybody have a symphony system? Yeah, hardly anybody, right? Symphony was one of the first 802.11 devices that you could buy. You could buy the little wireless cards and I don't know if they call it an access point at that time or not, but the little device that would connect into ethernet. And that would allow you one to two megabits of data transfer wirelessly, which was the first time you kind of free yourself from the ethernet network. And it ran on the 2.4 gigahertz spectrum. 802.11 A and B, those kind of came out around the same time. 802.11 B was first to market, but 802.11 A was actually, I believe, standardized first. They had some complication issues which brought it out a little bit after the fact. It came out at 54 megabits and it's 5.15 to five gigahertz. And for English, these are actually very high frequency. 802.11 B, that's by far the most popular right now. They're running at 11 megabits on the 2.4 gigahertz. And 802.11 B, we're seeing it everywhere. There's been a lot of talks. I think there was one that IDefense did about hotspots this morning that was talking about the different hotspots that are getting set up and some of the vulnerabilities associated with those. So we're starting to see 802.11 B networks everywhere. And I'm sure G will be short follow as it's backwards compatible with B. So pretty much all the Starbucks now have got it. McDonald's is starting to deploy it. Back in Texas, in Houston, Schlotsky's Deli is doing a test. So there's all kinds of different companies that are doing these tests, especially any kind of food or retail organization, to get you in the door, get you to stay there, or maybe even just get you to come to that location just because they got wifi, whether you actually use it or not. So 802.11 G, it had the promise of really fast 54 megabit, but when it was actually standardized, it came out around 20, which is okay because it's still faster than 11, but I've seen mixed results in actual field testing as far as the reliability of the G network. But they're also on 2.4 gigahertz. And there are some combo devices that'll do A and B or A and G, and back and forth, so. So wireless devices, what kind of devices run on these? Well, the first thing we've got is we've got PDAs. The two biggest PDAs are the most popular, I'm sorry for your desire of people, but the POM and the IPAC are probably your most popular models out there. I've actually owned both of them. I like the IPAC better because it runs a CE operating system, gives you a few more advantages over the POM, although there's some really great tools that have come out recently for the POM, and they're definitely growing. There was strong growth in the PDA market around 2000. We saw a lot of sales with the PDAs, everybody was jumping into them, but then it slowly started to shrink after that because the PDAs really hit the market in 2000. That's when everything was being developed, everything was going forward, and it was progressing. But then after that, nothing's really new has happened. I think the coolest thing we've had now is we've had some of the other devices I'll show you in a second that have kind of redirected off of the PDA that's helped us kind of spur sales in that. But we've got some renewed interest lately with some of the new operating systems, some of the new wireless capabilities of the PDAs, so we're starting to see an upward trend again in PDA sales. Plus there's also new suppliers entering the markets in PDAs. I've got a buddy that is an embedded application engineer, and he's working on a project. He won't tell me who it's for, but it's some company that doesn't develop PDAs that is going to be releasing a PDA with all these wireless features and functions and all kinds of stuff. So that should be coming out fairly soon, but I yet have to know who it is. He won't tell me because he's under non-disclosure, so. Converged devices, these are getting more and more popular. These are your basic PDA, but they've also got a cell phone built into it. So you've got the functionality of both devices into one compact device. Now there's advantages and disadvantages of that. Personally, I don't carry one of those devices. I carry my own cell phone and my PDA separate because inevitably if I'm on the phone, I need to look at whatever's in the PDA and that's sometimes more difficult when you're trying to talk and look at the same time. I've kind of avoided those devices, but a lot of people like them because it's less on your belt. The neat thing about these is you get all the features of the PDA with all the connectivity of a cell phone because one of the worst things on the cell phone is those little interfaces. They're hard to read, it's hard to type out text messages and all that kind of stuff because you're 555, 2A, you know, whatever. And so with the PDAs being built in, you've got all the advantages of the PDA with the keyboards on screen and all the neat applications that are associated with it. The one big disadvantage to PDAs and cell phones is they're designed for size, not security. And Microsoft's pretty open about that, the fact that Windows CE has like zero security in it whatsoever, they basically pull all that out to make way for some other things. So most PDAs are pretty wide open as far as security and there's been some other talks in the week, I'm not sure if any of you caught them that talked about some of the PDA and securities and ways to bypass them. Wireless security cameras, start to see a lot more of these popping up everywhere. Basically you had IP enabled security cameras that you could connect to on a wired network but now you're starting to see these wireless security cameras which are using 802.11B, there's a couple that use A and there's some that use their own proprietary standards as well as some X10 type stuff. The neat thing is, I'm sure everybody in here is familiar with war driving, there's a variant of war driving that you actually use some wireless equipment to go out and steal or watch the video signals coming off like the X10 cameras. So people are using these to watch their babies and their kids at their house or watch their wife or whatever and you're able to pull up in the front and look at the video signal on these things. So they think it's all nice and private in their house but they forget wireless tends to go out a little bit further. So it is still a vulnerability with these wireless cameras as well because they definitely transmit outside of their perceived area. And RFID devices, I talked about these, these are something I'm kind of playing with now. RFID devices are like the toll tags. I've recently read an article that Walmart is looking at getting rid of the barcode system and putting RFIDs on all of their products, which I mean, if you think about that, that would be kind of interesting because they'd be able to push a button and there'd be like an access point type thing in the middle of the store and boom, it would go out and take instant inventory of the entire store. So what if I walk in with a cool little RFID generator type thing and set it on the shelf and all of a sudden they got 20,000 bottles of pickles on the shelf and you know, so there's some interesting ideas or just the opposite, you could do some type of jamming thing where it would say they don't have it and block the signal. So then they order the whole store again, all these trucks show up and they've got nowhere to put their inventory. So RFIDs definitely got some interesting possibilities, instant checkout, you will the little shopping cart into a little box, it tells you 29.95 and you're done. Cause I got the self-checkouts now where you take all the stuff out of your, I love that stuff, that's really good. You pull that out and you beep it over the thing yourself but now think about it, you just take the little cart, you put it in a little box and it tells you instantaneously what's in the box. So RFID is definitely gonna be something to look into, it's coming, they are wireless networks, they're things that we need to look at because there would potentially be vulnerabilities within them. So let's look at some of the wireless threats that we could face on some of these wireless networks. First of all is war driving. I haven't been in a lot of talks this year on war driving, I think it was pretty much a last year thing, everybody's pretty familiar with what it is. For those of you that aren't familiar with it is, basically you load up a wireless device in the car and you drive around in search for wireless networks, it's pretty simple. You log in and catalog where they're at and you maybe return those results for some sort of contest or something. War driving does not actually involve connecting to or exploiting that network, it's simply just finding it. So it's kind of a threat because if you have a wireless network, you don't necessarily want everybody to know you've got it because that could lead to other stuff down the road that isn't really involved in war driving but could lead to attacks. Also if people are snooping the data off there you can find other things. So data snooping, if you open up a wireless capture device, any type of sniffer that would capture the wireless packets, you can start to see MAC addresses, IP addresses and start to get a general idea of the flow of traffic on the network regardless if it's encrypted or not. Jamming, disrupting legitimate signals. This is something that's really common. There's a kind of a funny story that I heard. I used to live in Utah and there was a really popular taco place that is a fast food restaurant and they have the little wireless headsets that they talk to you in the drive-thru. Well it happens to use a really common frequency in the 100 megahertz range which is a common business band frequency and there were some individuals that didn't want to, how should I say this, wanted to cause some problems for the taco chain and took a signal on the 400 megahertz which happened to be paging and if you've ever heard that it makes a whole bunch of noise and it's really loud and cross band repeat it into the drive-thru. So anybody pulling up in the drive-thru was greeted with this and they couldn't talk to the person and the person inside says hello, can I help you? They can't hear anything. They can hear the person ordering but the other way it wouldn't happen. So jamming or disrupting the legitimate signals over drive-thrus or wireless networks or cellular networks or any type of wireless communication. Insertion attacks, unauthorized clients, NAPs. I added AirSnarf on here cause I watched that talk. How many of you went to the AirSnarf talk? That was good, wasn't it? I love that, that's gonna be a great tool. And so unauthorized clients and APs that's always been a threat. If you got other people bringing access points into your environment or wireless cards or something you can definitely run into issues with that. And so AirSnarf is gonna be a great tool for that stuff. So defining wireless threats continued in malicious code. Malicious code's kind of broken up into some different areas. First we've got viruses. Now everybody says, oh I got a virus. It's not necessarily a virus. There's virus, there's network worms and there's Trojans and there is differences between them. A virus is basically a small piece of code that can replicate itself. That defines a virus. It doesn't do anything else. It doesn't call other network shares. It doesn't have a payload wrapped inside of a fancy wrapper. It replicates itself. That's a virus. SMS and URL attachments are good ways of spreading these on cellular networks as well as email and things like that. I'm sure we all get email warnings from other people saying oh don't open this attachment cause it's bad. Worms, worms propagate and can copy themselves onto other disks. So these are the common viruses that talked before this one. Talked a lot about network worms and gave some examples of the network worms. A lot of times these programs will masquerade as a valid program so it'll be something saying hey, you got this neat little fun greeting card from your best friend. You'll go ahead and double click on it and launch the worm on your network. Trojans are a program that launches other programs or code, right? It doesn't necessarily mean it's bad. It just isn't usually used in the best of light. A lot of spyware and adware will use a Trojan-type package where it will be bundled in with something else. So you'll say oh I'm installing the Wacomole program and all of a sudden it drops something like Netbus on your system and you're unaware that that happened. So they're usually bundled with some type of valid program so the user's usually not aware that Trojan exists. So these are some of the emerging threats that we've seen so far with the wireless networks. First are wireless devices. First came the Liberty Trojan which was on the pom pod. That was back in September of 2000. Basically deleted applications but it was unable to actually replicate itself. It went on there and caused its problems and went away. And so it wasn't able to bounce around from machine to machine. It basically had to be sent to you so that's why we didn't see a big spread in that. Then the next one was the first automatic dialer which was actually seen in Spain in about January 2001. This would cause phones to be able to automatically dial other phone numbers. So you'd open the SMS message, click on the link and your phone would dial another phone number. So not short after that we saw the 911 virus. There's about 50 different names for this thing so I just put 911 virus. April 2001 that was sent over 100,000 phones and everybody that got the text message clicked on the link and their phones simultaneously dialed the 911 emergency system and I believe that was in Hong Kong if I'm not mistaken. Basically consequently shutting down that emergency network quite rapidly. Flutter August 2001 sends unwanted SMS messages. This is kind of like a mail bomber, right? Except it's two year phone and SMS messages and then Fage and Vapor September 2001 deleted files and basically hides applications within the device. So let's look at why malicious code will actually spread on wireless networks and some of the reasons associated with it. In nature viruses infect all organisms even the tiniest of bacteria. So some of the examples of viruses that we might be commonly aware with are smallpox, the plague and SARS. SARS was really big and was basically spread around recently up in Canada and some of the other areas. And so basically the malicious code in viruses that way are real similar to nature and there's a lot of similarities back and forth. If you look at the medical side of it versus the technical side, there's a lot of the differences and excuse me, a lot of similarities between the two that go back and forth. So likewise computer and viruses infect all platforms that reach any level of sophistication which is basically any of our current operating systems. Because even though it's Microsoft and already batches on Microsoft there is a certain level of sophistication you have to admit on the operating systems. It knows and understands what you're doing when you point and click. Some examples of these viruses are some of the bigger names, Melissa Lovebug, Clez and Seeple Slammer. So the four main factors associated with the malicious code spreading on the wireless network are protection is poor and non-existent. We'll get into that a little bit more here. Power of the new devices that are coming onto these networks. Standardization of the networks, this is a big one, and increased connection of devices. So let's look at poor protection on the network. There's very little protection on cellular networks as a whole from malicious code. Very little whatsoever. And on paging networks, same thing. On 802.11, there's zero protection from malicious code there. The Nokia 9000 series phone is the only phone that I currently am aware of that has any type of malicious code prevention built into it. It's got some logic in there that can help detect malicious code and prevent it. Data transmissions are protected but unchecked. Remember everybody went digital, and they said, oh, now the hackers can't listen to us on their scanners, right? And can't listen to your phone call because it's digital and encrypted and all this neat stuff. But the thing is, that's cool because I can't listen to it on my scanner, but I can still send whatever I want over that data stream and nobody's looking at it on either side, right? Because your phone doesn't have anything to look at it and the cellular carrier surely doesn't care what's going over the data stream. As long as it's getting from point A to point B and you're a happy customer, they don't care at all. Current security offers only limited protection and next to no scanning abilities. So there's some protection on the networks and the security that way, but there's zero scanning abilities of these data streams that exist. There are some wireless sniffers and things like that that can look for anomalies in the cellular data streams, but they're very limited and a lot of the cellular carriers are deploying them for more troubleshooting the network versus actually looking for the malicious code. Power of the new devices, PDAs. These things are like little mini computers, right? They're all on our hips and they're like, they can do everything now. Increased power means increased automation, which automation is generally something that virus riders will tend to target quite heavily. So these little PDAs and stuff are getting very powerful, very fast. Devices are often synchronized on a regular basis to some type of cradle wirelessly or over the internet, thus opening the doors for spread of malicious code from PDA to PDA or computer to PDA or back and forth. So there's a lot of opportunities that way. Common languages and developing applications. You can write PDA applications now and a lot of common languages, C, C++, various different things like that, compile it down and basically run it on the PDA. So it opens up the door that way for a lot of people to be able to write viruses and malicious code in these platforms. Standardization of networks. Generally this is a good thing, right? We say, let's kind of standardize on the way we're gonna do things. So as security people, we know what's different and what's not. Well, the problem we see with standardization is it makes it easier to attack. That's the same reason like Microsoft systems get attacked all the time because everybody knows it's in C, WinNT, System32, blah, blah, blah, right? We know the path because that's the default path. That's the way it is on everybody's machine. You know where the Inet Pub directory is. You know where the SAM database is. You know where all this information is on the machine because it's not necessarily the easiest to move those to other locations. So it's the same thing as in the wired world that if you standardize these networks, they're gonna tend to get attacked more because everybody is the same. The trend is moving away from like proprietary standards and is more focusing on the protocol type, exploitation of protocols and things like that, especially in network worms. We're starting to exploit protocols and use those to transmit versus exploiting a specific application on the machine because the application may or may not be there. So we're tending to see more on the side of the TCP IP related vulnerabilities and exploitations. Email standards brought us Melissa and Lovebug. Standardized wireless networks will surely bring us the same type of vulnerability or attack method as those. Increased connection of devices, there's more connectivity than ever on these PDAs, right? We've got Bluetooth, we've got Wi-Fi, we've got cellular, who knows what's coming up next. So these devices are getting connected to everything all the time everywhere. They're connected to our wired networks, they're connected to the wireless networks, they're connected at home and at the office, they're everywhere. And we talked earlier in one of the talks about taking these devices and protecting your network and building this big fortress, but then all your devices go and leave and they're off at the airport, Starbucks or whatever and they're unprotected. So then they come back into the protected environment, unscanned, unchecked. Allows for multiple ways to internet and email. You've got all these connectivity devices or connectivity methods through cellular and other technologies and now all of a sudden you can get to the internet just about anytime, anywhere, especially with some type of cellular link. And the increased popularity of SMS and MMS messaging. We don't use it here a lot in the United States, but man, they use it like crazy in some of the other countries. That's all they're doing. I just saw a thing that in Japan, they're developing a keyboard that's the layout of a phone because the people there are able to type faster with their thumbs on the phone than they are on a standard QWERTY keyboard, right? So they're making these little USB things that you hold in your hand and you thumb drive the whole thing, you push them on a button because they're quicker to type on than they can on a standard QWERTY keyboard. So it's kind of crazy, a little USB keyboard, kind of fun to have and maybe try out, but I don't think I could do it, so. So let's look at the economic impact and potential damages associated with malicious code on these wireless networks. Basically, the damages are as follows and they're pretty straightforward. User receive unwanted messages, a lot of spam, things like that coming out, devices are unwanted. Data in the devices is erased or stolen, which could be causing you problems if you have important files or whatnot on your devices. The device itself becomes unusable as a whole. The network's slowdown or congestion, similar to here, everybody's launching attacks on the 8 of 10 out of 11 networks so nobody can do anything, right? Everybody's trying to get on but everybody's sending disconnects and various things like that to prevent you from using the network whatsoever. Network performance suffers as a whole and this is a big one, especially if you've got paying customers on your network, if you're charging people for access and you've got slowdown on performance issues, you've got all kinds of problems because all these people are gonna be upset at you and want refunds on their service or might leave and go to the competitor. And then, of course, network intrusion where you've actually got people surfing around on your network that you don't want to be there. So the impact of those damages, you've got customer complaints, which are never a good thing because that means you've got higher call volumes coming into your call centers and things like that. Higher turnover for unhappy customers. They're saying, I'm out of here, I'm going over to this other company that doesn't send me 10,000 unwanted messages a day. Costs from the unwanted traffic. It might not just be dollars, right? All these calls, let's say you had a bunch of cell phones here, call another foreign country. There's gonna be a financial cost associated with that but those customers, when you try to stick them with the bill, they might leave and you're gonna lose their revenue altogether and those customers. You might also have some problems with hardware that get affected during that transaction as well. Drop calls and sessions, that's the worst thing on cellular networks. You get a lot of drop calls, we cause a lot of problems there. Uninfecting and cleaning devices, that's a big expense, and then purchasing new technology to prevent those type of attacks going forward. So it's estimated that $43 million in damages will be done in 2003, due to almost just code on wireless networks. That's gonna, estimated to go up in 2004 to 212 million and 471 million by 2005. So you can see there's a lot of financial responsibility associated with the vulnerabilities of these networks and where we might be going and the potential that exists for exploiting these. So what needs to be done? Basically the protection needs to be implemented every point, I mean this is kind of common sense but it's not done. Devices, switches, towers, COs, everything. It needs to have scanning, it needs to have monitoring, it needs to have checking. People need to be looking at the log files, we need to be looking at the data streams. You need to be verifying everything in and everything out. If we're not, it's not gonna happen. We're not gonna be able to provide the protection that we need. Mobile operators need to start offering scanning services to their clients and need to start scanning the data streams. This is what we were talking about. It's all digital so nobody can listen to it, right? You can send anything you want over the pipe because there's nobody checking either side to make sure it's valid as long as it conforms with the cellular data. This is already starting to happen with DSL and cable modems. They're now offering antivirus scanning remotely. So if you're a DSL subscriber, think AOL offers it and maybe Time Warner, I'm not sure who all the carriers are. No AOL offers it. That if you have their services, they'll scan remotely for viruses in that because you're a broadband subscriber. So when you start seeing this on the cellular side networks and these hotspot networks like Starbucks and T-Mobile need to start doing that as well and offering these services to their customers that are connecting up. Delivering a solution now rather than later could save millions of dollars. We saw the dollar figure a few seconds ago. If we deliver a solution now and start to protect against us now, we could potentially avert that from happening in the very beginning and avoid that whole thing at the very beginning. And AV vendors need to step up to play. Frankly, this is kind of an AV issue, right? We've got all this malicious code that we're talking about but to date there isn't an AV vendor out there that's providing any kind of cellular scanning for malicious code, right? We have very little AV vendors that are providing anything on the PDA. Some AV vendors are doing a passive thing where it only scans when you sync but what good's that if you're wireless and remote? A company called Air Scanner out of Dallas has released a product that actually does active scanning on the PDA, specific to IPAC I believe that will scan continuously on the PDA itself while you're there. So as you're accessing files like traditional virus scanner, it will actively scan those files and things like that. So the technology is going there and the AV vendors are going there but they're not there yet. They need to step up to the plate and do it a little bit faster. Mobile operators and device manufacturers need to have plans for addressing thousands if not millions of simultaneous infections on their network. Think about that, the 911 virus or all those people are calling 911 simultaneously. They need to have an action plan in place right now and you guys on your 802.11 networks, think about this. If somebody comes in and starts doing a denial of service tech you need to have a plan in place of how you're gonna respond to that and how you're gonna stop that. One of the problems that exists is the technology isn't there for us to actually stop it yet. So we call on all the developers in the audience to start looking at it and see what we can do and see if we can come up with something to prevent this. So when it happens, we're able to stop it right off the bat and don't have to worry about it. So in conclusion wrapping up, the four main reasons that malicious codles spread on the network, current protection or wireless networks is minimal or next to none. Increased computing power of devices, standardization of the devices and the networks and growing connectivity options within the devices. Not changing security could result in a large financial impact, 471 million per every five million users is estimated by 2005. And mobile operators, administrators, manufacturers, developers should start thinking now and act proactively instead of reacting after the fact. So that's my talk. Definitely have some time for questions. We have a couple goodies over here to give away. So I'm not sure how we wanna do this. If anybody's got questions, we can kind of give them out to question people. If not, we'll kind of randomly, I can't throw them, they told me not to throw them up people because apparently there was a problem in one of the other talks. So let's start with you right here. The question was related to McPhee recently announced an agent to be added on to specific Dell PDAs. And how about going and deploying that specifically in the environment? I am familiar with that product. McPhee also has a product called E-Policy Orchestrator that can manage those agents, which is kind of cool because you put the agent out there, you type in the policies and you can enforce it. So it's pretty straightforward that way. The nice thing about that is that's like the air scanner thing. It's actively scanning on the PDA itself. The problem and the disadvantage is it only works for the one PDA. Now, their plans going forward are to take that and span it out to other PDAs. So going forward, we should see that branching out and I would hope the other vendors, the main vendors like Symantec and that, would follow suit and do the same kind of thing with their products as well. Now, as far as actually, are you referring to deploying it in the environment or short? Well, that's the problem. He was asking, what should the response be for if there was an outbreak? The problem is there really isn't one at this point. That's kind of the idea behind the talk here is we need to as a group kind of think of how do we want to respond to these? What do we want to do when these things type, these type events happen? Because malicious code on like 802.11 networks, we haven't seen it yet. Somebody hasn't exploited it yet, but the potential exists there for it to be exploited. So going forward, that's why we need to call on like our developers and our researchers to actually look into this and kind of say, what should we do and how should we protect against that? So if you want to come up, I can give you one of these little guys up here real quick because I can't throw them out. So thank you. Next question over here with the sunglasses and the black and white shirt. Yeah, the question was what frequencies are used in the mobile data terminals for like streaming video and things like that. I'm actually not sure where they're doing the streaming video. I know that we're experimenting with some stuff on 802.11b, which is 2.4 gig. Typically mobile data terminals work in the 800 and 900 megahertz. Occasionally you'll see them down around the 440, 460 range in that area for the actual just data transmissions back and forth. So no, it's a proprietary, it's their own network. Now occasionally you will see that they'll dump off onto a CDPD type network, which piggybacks with cellular. You'll see that as well. So if you want to come up, let me grab a card here. Yeah, sorry, one more time. Oh, okay, the product, the question was, do we see anything happening with liability or you're referring to as far as like the manufacturers of these devices getting, sure, sure. If the question is, are the manufacturers basically gonna be responsible for any kind of attacks that come off of their devices? Well, 802.11 right now, like war driving for example, is kind of questionable if it's legal or not, right? There are some legislations out there, I believe it was in New Hampshire, that was basically gonna put it as a responsibility of the administrator of that network to secure it. And if somebody was able to connect to that network, it's the administrator's fault, not the connecting party's fault, which also takes the manufacturer out of the sequence. Now as far as malicious code in that, viruses by nature are illegal. So there was some question of if that could actually be related back to the vendor. I'm not really sure where that would go. But I could see it, you know what happened with the tobacco companies, right? Everybody knows smoking cigarettes is bad, but for some reason they got in trouble because people were smoking cigarettes and getting hurt. So, you know, I could definitely see that because it has happened in other areas, but I would hope laws are put up in front first that would prevent that. So if you wanna come up and grab it, there's a card and a set of speakers if you can take either one. One more question. I don't want this card, so I'm gonna change the card first. The card first. Question. Yeah. I get to ask you a question. Oh, hey, no problem at all, no problem at all. I haven't seen any yet. The information that I've been researching in that has been pretty limited in stuff that I have access to due to my profession. So I haven't seen a lot of interest. I'm sure there will be some interest in protecting because the government has been looking at 802.11 networks. There's been interest, I read an article about the Secret Service actually doing some war driving in Washington and doing some stuff like that and notifying people that their networks are open. So it's kind of questionable as far as what they will and won't do and what their interest will be. I'm sure at some point they'll jump on the bandwagon too, but I'm not really not sure where that's gonna go and how far. So another question. Yeah, right here. Well, the question was as far as viruses getting executed, it's a lot of user intervention to execute them and where do we think it's gonna kind of go for going forward? There's a lot of questions about that. I know a lot of the AV vendors are a little bit nervous because there's some talks and if any of you follow the AV world, Microsoft just did an acquisition of a AV vendor which has everybody else kind of nervous to say, what are they doing? There was talk a little while ago about Microsoft making a secure operating system that was hardware based somehow that would actually do like a sandbox and check the validity of the data, which would bring in some interesting kind of questions as far as can it start checking for viruses at this hardware level before it ever even gets up to the software. So, what was that? Yep, what was that? Go for it. I know a lot about that area because I was recently working for a company that's trying to push that. The idea is you have hardware that can suspend the operation of the operating system. So Windows is frozen. It runs applications that are controlled by the BIOS and the BIOS will only allow applications to run it. They've been signed by the BIOS vendor itself. The other way to do that is using something called TPM chip and this is what Microsoft used to be called Palladium. It's now the next generation computing base will be released with Longhorn and it's very, very interesting stuff because corporates will probably love it because it makes everything locked down. As consumers, we should be scared because of digital rights management issues. Very good. By the way, I'm a marketing guy. I'm job hunting. There's some definite trends to go to the hardware side of locking things down but a good portion of viruses do require some type of clicking. Now, unless they're exploiting some type of application vulnerability where like an outlook, the preview pane is automatically executing it for you. So in that case, it's not actually a conscious user clicking on a link. I think for a certain extent, we're going to see that that is required that some type of user invention. Now, as far as malicious code, it doesn't necessarily have to be in the form of a virus. It could be some type of malicious code that's launching an attack against a wireless network. Like sending a bunch of de-authentication packets on an 8 or 2 at 11, knocking everybody off the network. So you could start seeing that where the virus is basically living and breathing. There was a talk about metamorphic viruses. So you could theoretically have a metamorphic virus out there that's going and changing and constantly living. And those are very difficult to stop from an AV vendor standpoint. So does that kind of answer maybe a little bit? All right, so feel free to come on up and give a card. So, yeah. As far as I've seen, no. Not unless you've got the robustness of a network to do it. The question was being able to start a large denial of service attack back on the network. So I haven't seen anything as of yet other than having multiple access points, multiple internet connections, multiple ethernet connections. Kind of the same thing we do at the standpoint of a wired network or an ethernet network, so. Redundancy, I mean security ties into it, but the security wireless networks is kind of questionable to begin with. There's a lot of different things you can do, but you're always susceptible to some type of denial of service attack because it is wireless. It's just like any two-way radios are susceptible to it and they've been around for ages. But somebody can still transmit at a higher power and block your signal, so. Unless you start doing more spread spectrum, higher powers, things like that, you're gonna start preventing that. But that's gonna be pretty few and far between for people to be able to do that, so. So feel free to come on up and give a card. Yeah, was it Step On Savage? Okay, the statement was that Step On Savage has just released a paper about denial of service and protecting them at a layer too. So, yeah, I don't have any more cards, but I'll still take the question. Exactly, and companies like Network Associates provide, they have a sniffer program that will scan GSM and CDMA type data at the cellular switch, right? So we'll actually look for that. The problem is it doesn't have a virus plug-in for it to actually look for the signatures of viruses yet. So that's why there's a call on the AV vendors to kind of say, hey, let's do this. They can actually watch the data streams, but they're not looking for malicious code because the logic is in there and the tools. But theoretically, yeah, they could actually look at those tools, so question, yeah. Those came off of a, was it Gartner? Gartner? Gartner Group, yes, it was a Gartner study that was done at the beginning of this year, I believe, if I'm not mistaken. So if you email me, I can find out exactly. I got those off of an internal memo that I received, but it was Gartner Group that had it, so. Other questions? Good, well, that's my time, thank you very much.