Symbol Technologies Default WEP KEYS Vulnerability
Symbol Technologies Default WEP KEYS Vulnerability
Systems: Symbol Technologies PDT 8100
Severity: Medium
Category: Default password storage and access
Classification: Installation problem
BugTraq-ID: TBA
CVE-ID: CAN-2003-0934
SymbolTech-ID: 620646
Local Exploit: yes
Vendor URL: http://www.symbol.com
Author: Michael S. Scheidell, SECNAP Network Security
Notifications:
AutomedRX Nov 6, 2003
Symbol Technologies, Nov 7, 2003
Cert, Nov 7, 2003
Released: November 10, 2003
Discussion:
http://www.symbol.com/products/mobile_computers/mobile_pdt8100.html
Tap, Type, or Scan-Maximum Versatility in a Portable Data Terminal
The PDT 8100 Series from Symbol Technologies bridges the gap between pure
pen-based and key-based mobile data collection solutions. The first Pocket PC
device available with multiple keyboard options, the PDT 8100 is a versatile,
large-screen handheld that delivers the functionality of Pocket PC with the
convenience of tactile, key-based data entry.
Problem:
During installation, if the default WiFI keys and shared secret are not changed:
A) they can be retrieved by end user
B) used by hackers to gain unauthorized access to wireless network
Symbol Access PDT 8100 hides existing WEP keys so that users cannot view them
IF AND ONLY IF YOU CHANGE THE DEFAULTS. This is not a design flaw but rather a
feature in the PDT 8100 that is used ONLY during initial setup to facilitate
connection to client's Wireless gateways. Where the vulnerability exists is if
during installation, these keys are not changed. If not changed, the PDT 8100
will reveal them to any user in plain text by taping on the wireless icon on
lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT
8100 or copied keys can allow an insider the ability to totally compromise the
WiFi network. Unchanged factory default keys are published and should not be
used past initial testing or on a live network. Tested on model 8146-T2B940US
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CAN-2003-0934 to this issue. This is a candidate for inclusion in the CVE list
(http://cve.mitre.org), which standardizes names for security problems.
Vendor Response:
November 10, 2003:
Vendor was extremely helpful and confirmed what the default keys were, and that
changing the default keys would hide them from user. Symbol Technologies
continues to work with Wifi standards and security groups to improve both the
user experience and the security of their products and has upgraded and updated
both their software and firmware to keep up with the latest security
requirements. Symbol Technologies recommends (in their installation manuals
and guides) that all default passwords and keys be changed during installation.
Exploit:
A user just needs to clone the Wifi keys, shared secret, MAX address and SSID
to be able to have unauthorized access to the client's network.
Solution:
The installer or client needs to change both the shared secret and the Wifi
Keys.
Also see Seven Security Problems of 802.11 Wireless at:
http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html
Credit:
Problem found by Michael Scheidell, SECNAP Network Security vulnerability
research team, with assistance by John Hughes, Symbol Technologies
http://www.symbol.com and Syed Jafri, AutoMedRX, Inc. http://www.automedrx.com
Original copy of this report can be found here
http://www.secnap.net/security/031106.html
Copyright: Above Copyright(c) 2003, SECNAP Network Security, LLC. World rights
reserved.
This security report can be copied and redistributed electronically provided it
is not edited and is quoted in its entirety without written consent of SECNAP
Network Security, LLC. Additional information or permission may be obtained by
contacting SECNAP Network Security at 561-368-9561