Feeds

Aha, I see you switched on your mobile Wi-Fi. YOU FOOL!

PNL bug still leaving door open to hackers - security bod

Remote control for virtualized desktops

Security expert Raul Siles has warned that years after it was first identified, the Preferred Networks List (PNL) Wi-Fi bug remains unaddressed on many an iPhone, Android phone, and Windows or BlackBerry handset.

The problem itself is simple enough, reports HelpNet Security. When searching for networks, a poor Wi-Fi implementation can result in a device exposing its PNL list to eavesdroppers. This could allow an attacker to spoof one of the network that appears on the user's list, becoming the vector for a man-in-the-middle attack.

PNL disclosure remains a problem in Android 2, 3 and 4, may occur when users add networks manually in iOS 1-6, and in BlackBerry 7, according to Siles. It has also been fixed in some versions of Windows Mobile.

Some mobile operating systems (BlackBerry, for example) give users enough control that the problem can be fixed manually – but only, Siles said, if the user knows there's a problem and knows how to fix it.

Given the growing popularity of BYOD in the business environment, there's the added danger of a fake preferred network being used to capture corporate logins. System administrators need to ensure that devices hide Wi-Fi network data (where this is possible), and Siles called for Android to be upgraded to allow users to hide new networks.

Siles adds:

I need to stress that these types of client attacks are commonly left unchecked and without consideration, the modern smartphone could become the ultimate digital "Trojan Horse", allowing attacks to breach ultra-secure locations.

®

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?