Airscanner discovered a serious flaw in the way the Windows Mobile, the Funk Odyssey client, and the Axim wireless drivers handle WEP key data (A05 firmware fixes problem).

The Oddessy client included with the Dell X50 stores the WEP keys as an encrypted string in the registry. However, once the driver is loaded, and they Oddessy client is loaded, the keys will be written in an unecnrytped format to a different part of the registry. The problem is not specifically Funk's, as they do encrypt the key, but more of a flaw in how all three (Windows Mobile, Dell wireless driver, Odyssey) work together. However, if you do not use the Odyssey client, you will not be vulnerable. The following illustrates: Byte 5 - 9 list my entered WEP keys for each entry.

>KEY4=6677889900
>KEY3=1122334455
>KEY2=eeffddeeff
>KEY1=aabbccddee

[HKEY_LOCAL_MACHINE\Comm\TIACXWLN1\Parms]
"HTCWEPDefaultKey4"=hex:
01,00,00,00,66,77,88,99,00,8c,f6,36,1d,af,90,17,5b,00,f6,36,1d,af,00,00,00...

"HTCWEPDefaultKey3"=hex:
01,00,00,00,11,22,33,44,55,8c,f6,36,1d,af,90,17,5b,00,f6,36,1d,af,00,00,00...

"HTCWEPDefaultKey2"=hex:
01,00,00,00,ee,ff,dd,ee,ff,8c,f6,36,1d,af,90,17,5b,00,f6,36,1d,af,00,00,00...

"HTCWEPDefaultKey1"=hex:
01,00,00,00,aa,bb,cc,dd,ee,8c,f6,36,1d,af,90,17,5b,00,f6,36,1d,af,00,00,00...

This could be a serious problem if a PDA is lost or borrowed. Since this information is stored as plaintext, anyone could read it and gain access to the WEP protected network.

Credits: Seth Fogie
Dell was informed 11/10/2004, but did not respond.
Funk contacted us 08/16/2005 with a minor correction.
A05 ROM upgrade (08/18/2005) appears to correct the problem.

According to this article, "Criminal cyber networks have begun creating viruses to hack into mobile phones in order to steal sensitive information off devices which are increasingly becoming mini-computers in our pockets. "

While a smartphone might look like a simple device, it is actually a mobile computer - more powerful than your desktop of 10 years ago. Keep this in mind as you surf the Internet and open attachments!

If you think you have problems, imagine being a prince. According to this article, the prince had his phone hacked by News of the World.

The details are sketchy, yet I know for a fact that this type of hack is not only possible, but probable. The point is that it doesn't matter who you are, your phone is vulnerable...

This obviously doesn't apply to Airscanner customers. However, you might want to think of your friends and relatives!

A recent report lists a few scary details of the 1000 people surveyed:

• 44 percent admitted that they do not keep security issues in mind as they surf the Web via their phones.
• 45 percent of those interviewed admitted that they have already fallen victim to malware attacks.
• 39 percent admitted that they click on a URLs carried in mobile emails without first considering the security implications.

Ouch.

Do you take smartphone security seriously?

BlackHat 2009 (Vegas) has caused quite a stir in the mobile security community. Thanks in part to the recent release of the iPhone 3GS, mobile devices are finally becoming a target for researchers and malware writers. The following two links represent some of the publically available works released at BlackHat

Spoofed Cell Phone Texts Post Malware Threat

Smart Phones, Dumb Security