A group of security researchers has discovered a simple attack that enables them to intercept Internet traffic moving over a wireless network using gear that can be picked up at any electronics store and an easily downloadable piece of freeware. The . . .
A group of security researchers has discovered a simple attack that enables them to intercept Internet traffic moving over a wireless network using gear that can be picked up at any electronics store and an easily downloadable piece of freeware. The attack, accomplished by @Stake Inc., a security consulting company in Cambridge, Mass., affects a popular consumer version of Research In Motion Ltd.'s BlackBerry devices as well as a variety of handhelds that send unencrypted transmissions over networks such as Mobitex.

By design, the Mobitex specification, like other wireless standards such as Global System for Mobile Communications and General Packet Radio Service, sends packets in unencrypted form. The network, which handles data transmissions only, has been in operation since 1986 and has a large base of installed devices, with customers using it for everything from point-of-sale verification to e-mail.

"The attack is fairly simple," said Joe Grand, one of the researchers who perfected the technique. "The problem is, this isn't a bug. It's part of the spec that data is transmitted in the clear, just like it's part of the spec that Internet data is transmitted in the clear. The risk depends on who is using the network and when and what data they're sending."

The link for this article located at eWEEK is no longer available.