Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Symbol Technologies PDT 8100 Default WEP Keys May Grant Remote Users Access to the Network
|
|
SecurityTracker Alert ID: 1008142
|
|
CVE Reference: CAN-2003-0934
(Links to External Site)
|
Date: Nov 10 2003
|
Impact: Host/resource access via network, User access via network
|
Advisory: SECNAP
|
Version(s): Tested on Model 8146-T2B940US
|
Description: A default configuration vulnerability was reported in the Symbol Technologies PDT 8100 portable data terminal. A remote user can gain access to the target user's network.
SECNAP Network Security reported that the system uses common default wireless encryption protocol (WEP) keys and permits the user
to view the default keys.
If the user does not change the default keys, a remote user can gain access to the wireless network.
The
following notification timeline is provided:
AutomedRX Nov 6, 2003
Symbol Technologies, Nov 7, 2003
Cert, Nov 7, 2003
Released:
November 10, 2003
|
Impact: A remote user can gain access to the target user's network.
|
Solution: The report indicates that the vendor recommends that the user change all default passwords and keys during installation.
|
Vendor URL: www.symbol.com/products/mobile_computers/mobile_pdt8100.html (Links to External Site)
|
Cause: Configuration error
|
Reported By: "Michael Scheidell" <scheidell@secnap.net>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 10 Nov 2003 16:02:15 -0500
From: "Michael Scheidell" <scheidell@secnap.net>
Subject: Symbol Technologies Default WEP KEYS Vulnerability
|
Symbol Technologies Default WEP KEYS Vulnerability
Systems: Symbol Technologies PDT 8100
Severity: Medium
Category: Default password storage and access
Classification: Installation problem
BugTraq-ID: TBA
CVE-ID: CAN-2003-0934
SymbolTech-ID: 620646
Local Exploit: yes
Vendor URL: http://www.symbol.com
Author: Michael S. Scheidell, SECNAP Network Security
Notifications:
AutomedRX Nov 6, 2003
Symbol Technologies, Nov 7, 2003
Cert, Nov 7, 2003
Released: November 10, 2003
Discussion:
http://www.symbol.com/products/mobile_computers/mobile_pdt8100.html
Tap, Type, or Scan-Maximum Versatility in a Portable Data Terminal
The PDT 8100 Series from Symbol Technologies bridges the gap between pure pen-based and key-based mob
ile data collection solutions.
The first Pocket PC device available with multiple keyboard options, the PDT 8100 is a versatile, la
rge-screen handheld that delivers
the functionality of Pocket PC with the convenience of tactile, key-based data entry.
Problem:
During installation, if the default WiFI keys and shared secret are not changed:
A) they can be retrieved by end user
B) used by hackers to gain unauthorized access to wireless network
Symbol Access PDT 8100 hides existing WEP keys so that users cannot view them IF AND ONLY IF YOU CHAN
GE THE DEFAULTS. This is not
a design flaw but rather a feature in the PDT 8100 that is used ONLY during initial setup to facilit
ate connection to client's Wireless
gateways. Where the vulnerability exists is if during installation, these keys are not changed. If
not changed, the PDT 8100 will
reveal them to any user in plain text by taping on the wireless icon on lower right hand of 8100 and
scrolling to the 'encryption
tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the W
iFi network. Unchanged factory
default keys are published and should not be used past initial testing or on a live network. Tested
on model 8146-T2B940US
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0934 to this is
sue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Vendor Response:
November 10, 2003:
Vendor was extremely helpful and confirmed what the default keys were, and that changing the default
keys would hide them from user.
Symbol Technologies continues to work with Wifi standards and security groups to improve both the us
er experience and the security
of their products and has upgraded and updated both their software and firmware to keep up with the
latest security requirements.
Symbol Technologies recommends (in their installation manuals and guides) that all default password
s and keys be changed during
installation.
Exploit:
A user just needs to clone the Wifi keys, shared secret, MAX address and SSID to be able to have unau
thorized access to the client's
network.
Solution:
The installer or client needs to change both the shared secret and the Wifi Keys.
Also see Seven Security Problems of 802.11 Wireless at:
http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html
Credit:
Problem found by Michael Scheidell, SECNAP Network Security vulnerability research team, with assista
nce by John Hughes, Symbol Technologies
http://www.symbol.com and Syed Jafri, AutoMedRX, Inc. http://www.automedrx.com
Original copy of this report can be found here
http://www.secnap.net/security/031106.html
Copyright: Above Copyright(c) 2003, SECNAP Network Security, LLC. World rights reserved.
This security report can be copied and redistributed electronically provided it is not edited and is
quoted in its entirety without
written consent of SECNAP Network Security, LLC. Additional information or permission may be obtaine
d by contacting SECNAP Network
Security at 561-368-9561
|
|
Go to the Top of This SecurityTracker Archive Page
|
