Monday, March 17, 2008

Mobile battery power drain attack - What to do about it?

I recently came across this post http://isc.sans.org/diary.html?storyid=4150&rss

ISC SANS article and paper mentioned in the article named Battery-Based Intrusion Detection describes the intrusion detection using batter power usage in mobiles. It appears that there is significant amount of power consumption on packet processing even though there is no application listening on those packets. I guess this is due to reception and transmission on wireless interface and amount of processing that happens in the TCP/IP stack of mobile before the packets are dropped (power consumption by CPU). Mobiles supporting 802.11x wireless interface are more vulnerable to this attack due

Many mobiles are equipped with power management facilities in both mobiles and 802.11 wireless access points. It works as expected as long as there is no unintended packets are sent to the mobile. Attacks can be mounted by sending flood traffic to the IP address assigned to mobiles, there by draining the mobiles.

What are the precautions wireless infrastructure deployment can take:
  • Stop any traffic that was not in response to connections that were made by the mobiles.
  • Don't allow any unsolicited connections to the mobiles.
  • If there is need for TCP/IP connections to the mobiles, ensure that they are allowed only based on user credentials.
  • Don't allow broadcast packets by default.
  • Yet times, mobiles may have VPN connection to the Enterprise security gateways. This security gateway should ensure same precautions.
To achieve above, stateful firewall must be either part of wireless access points or wireless switch. In case of VPN tunnels, VPN server also should have stateful firewall. One should ensure that stateful firewalls also support activation of user based policies upon successful authentication.

No comments: