Fortify cautions on new WiFi security threat

Richard Kirk, Fortify's European director, said that, whilst most companies have installed defences against attacks and unauthorised accesses to their wireless networks, these defences normally centre on the wireless access point or security-enabled router.

The WiFi Direct standard - which is due to be ratified  by the WiFi Alliance next year - means that almost any WiFi device will be capable of supporting a peer-to-peer connection, so bypassing the wireless access point and most of the company's networking security, he said.

"Put simply, unless a portable device - such as an iPhone or smartphone - has got robust security on board, as well as applications that are secure against hacking, then an unauthorised person could establish a peer-to-peer connection directly and launch an internal attack on the company's network", he said.

Kirk went on to say that, whilst the bulk of laptops have adequate security in place to combat this form of back door hacking, mobile devices rarely have robust enough program code to stop network security issues such as SQL injections.

Companies, he explained, are now putting more applications on their mobile devices, however these applications will often have security vulnerabilities that can be exploited by criminals unless the developers have been trained in secure application coding, or the programmes have been reviewed by competent, technology-equipped security practitioners.

The situation is made worse by the fact that a number of Apple iPhone users have jailbreaked (unlocked) from their service provider, a tweak that allows third-party - but Apple unapproved - applications to be installed on the smartphone.

Because of this, Kirk warned there is strong chance of a back door into a company's network being exploited via a jailbroken iPhone.

"And if hackers can establish a peer-to-peer connection with a smartphone inside a company, they then have a foothold with which to gain unauthorised access to the company network from the other side of the firewall and security software", he added.

What’s Hot on Infosecurity Magazine?