Chrysler to Connect with new level of Advanced Wireless Technology

Chrysler has announced its roadmap for integrated Cellular, WiFi, and WiMAX connectivity for "increased security and convenience."

For a closer read on what Chrysler's Uconnect Web system will bring you--and what it will cost--check out Marin Perez' article at InformationWeek, Chrysler's In-Car Wi-Fi Ready To Roll Aug. 25.

Q: Driving while surfing, or surfing while driving?

Picture: Uconnect Web Site blog

'Evil twin' Wi-Fi access points proliferate

There is little consumers can do to protect themselves from hackers eavesdropping on wireless communications

Head this warning to be wary of rogue Wi-Fi access points masquerading as legitimate counterparts at hotels and airports. IDG News Service's Jeremy Kirk interviews Phil Cracknell, president of the U.K. branch of the Information Systems Security Association, who warns, "With the growth in wireless networks, the 'evil twin' type of attack is on the rise."

In April I was on the road in North Carolina and changed hotels in the Raleigh area. The new hotel had fee-for-access Wi-Fi, so why did I boot and immediately access the Wild Wild Web without ponying up my credit card? Thanks to the office of the community church visible from my window, I stumbled into their open, insecure network. At least, that's what a potential Evil Twin access point would want me to think.

Whether your access is for free or for fee, encrypt your communications before entering passwords or other sensitive data to at least provide some modicum of security. Redirect to TLS-encrypted web pages (https://) when available, and use a VPN tunnel to get back to the office or even your home network. Or even better, remember your ethernet cable and jack into the wall port. Although a crafty insider could still eavesdrop your communications, at least the drive-by sniffers in the parking lot will be left out in the dark.

Q. Would my hotel time have been better spent at the pool, anyway?

Shown: USBGEAR 802.11b/g USB Wi-Fi adapter

RSA 2007: Wi-Fi hacking, with a handheld PDA

Ryan Naraine posts on his blog that Silica was perhaps the "most scary device" at the 2007 RSA Security Conference. Silica is Aitel Immunity's palmtop tool that is able to covertly scan for open Wi-Fi access points and optionally launch hundreds of exploits at local networks. Silica runs Debian Linux on the Nokia 770 Internet Tablet and has 802.11 capabilities. Migration of the system to other hardware platforms is planned, as are capabilities for Bluetooth, ethernet-by-USB, and GPS, for automatic location identification.

The market for Silica is clearly penetration testing, not enablement of criminal hacking. From Naraine's article,

Aitel said Immunity is careful to do due diligence when selling its products, which can fall into the wrong hands and end up being used for illegal purposes. "We don't sell to anonymous users. We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to," she explained.

Despite all good intentions, Aitel goes on to admit there is no way to guarantee units sold through proper channels could not fall into unintended hands.

A greater concern to me is that I'm guessing the hundreds of exploits are not proprietary to Aitel. Aitel's differentiator is in packaging them into a mobile and seductively easy-to-use, $3,600 platform. This is a convenience for large, legitimate organizations. However, there is nothing to prevent a determined hacker form purchasing a Nokia 770 in consumer retail channels for $360, and all to many exploits are already freely available to them. Now that's something really scary.

Q. Are wireless exploits scary to your organization?

Photo: from zdnet.com.