66 Developing Practical Wireless Applications
It’s All About Adopting a Common Sense
Approach to Wireless Security
We can liken the adoption of a common sense approach to security to that of secur-
ing our house when we leave it unoccupied. In somewhat of a paradox, manufactur-
ers and consumers need to be aware of utilizing the inherent security features of their
wireless products. On one hand, we would encourage an out-of-the-box experience
whilst, on the other, we have the inescapable need of the consumer digesting relevant
information surrounding security configuration. In such a dichotomy we need to
establish a comfortable balance between need to know and want to know. Perhaps we
should consider some default settings where the consumer is pushed into configuring
their device and, no doubt, we could spend an eternity deliberating what could or
should be done. Nevertheless, when we leave our house we always check the windows
and doors, ensuring the property is secure. Why cant we extend this notion to ensur-
ing that the most basic of wireless security requirements are met?
Initially in this chapter we discussed the sensationalized reports of BlueJacking,
WarChalking and so on. In the former example, we can alleviate such characterization
by simply requesting that all Bluetooth-enabled devices require a passkey or alterna-
tively, switching off discoverable mode (or perhaps enabling both features).
Essentially, this configuration can be made as default, ensuring that the wireless device
is already secure at the onset (or out of the box). In the WarChalking instance this
exemplifies the weakness of the inherent security or an administrator’s naivety with
WEP/WPA configuration within the device and, as such, technologists have proac-
tively ensured that safer authentication and encryption schemes are used. In a similar
manner to that of the Bluetooth device, manufacturers can also define default settings,
again ensuring that the device is secure – straight out of the box. No doubt we will
continue to see hackers and the like persistently attempting to crack a code or two,
but if we ensure that the window is locked and the door is closed, then it should
become increasingly difficult at the start for a hacker to look in.
Enabling Intelligent Connectivity
In adopting a common sense approach to wireless security we clearly still assume that
consumers will be au fait with wireless terminology and usage. And, in an attempt to
simplify the need to be familiar with such terminology perhaps we should consider a
more intelligent approach towards enabling connectivity. We discuss one such example
in Chapter 14, Near Field Communications: The Smart Choice for Enabling Connectivity.
The premise of a more simplified mechanism for connectivity is based upon the
Can we Confidently Rely on Wireless Communication? 67
Chapter 4
consumer’s intent to connect. In other words, if a consumer wishes to connect his/her
Bluetooth-enabled cellular phone to a Bluetooth-enabled headset, then the consumer
brings together the two devices where they both transparently connect, as we illustrate
in Figure 4.19. In this particular example, the authentication and configuration param-
eters remain oblivious to the consumer, and in utilizing NFC over Bluetooth, the
parameters are exchanged seamlessly between the two devices ensuring that the right
devices are connected! Similarly, a WiFi access point in an airport can be made avail-
able to the commuter. The commuter would simply approach the access point with
his/her PDA or notebook notifying the access point that this device intends to connect
to it. Overcoming security concerns are in effect momentarily put aside with this par-
ticular anecdote. With an intent and proximity of connection in mind, you may find
yourself in a situation where you may witness an individual who has invaded your pri-
vate space and is persistently moving his or her cellular phone about your person – you
can only assume that you know this person very well or you dont mind that person
invading your space as s/he is particularly gorgeous or, the more likely conclusion, is
that the individual is attempting to access private and confidential information!
Nevertheless, your wireless device has its default settings enabled and, additionally, as
part of the default mode, you may request that any device wishing to connect to your
product has to be authorized with a “yes” or “no” confirmation. Presumably, if this indi-
vidual managed to invade your space without your knowledge, then the user interface
would prompt you to make the confirmation and after a period of time will assume
no” as you havent intervened.
Figure 4.19
NFC has a short
range of around
5 to 10cm and to
enable connectivity
the user must
bring these devices
within range.

Get Developing Practical Wireless Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.