Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Worldwide WEP vulnerability

From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 9 Sep 2005 09:41:06 -0400 (EDT)

====================
Product:    Remote Wireless Panties
            http://www.kissntellparties.com/wirelessremote.html
Versions:   All
Bug:        DoS vulnerability
Impact:     Attacker's can cause overflow.
Date:       Septmber 09, 2005
Author:     Spinoza DesCartes
            Infiltrated dot Net Security Team
            Email: techn9ne () infiltrated net
====================

///-->
Introduction
///-->

Remote Wireless Panties are something of a novelty used by women for
pleasure. Although this may not be the proper forum for it, it is
nevertheless a security problem. At first I was reluctant to post this
message for fear of ridicule, but I figured I would let the experts handle
this one. Besides it is a wireless issue.

///-->
The bug
///-->

These wireless panties run off of a wireless frequency ranges of 2.400GHz
to 2.500GHz which is typical of say a cordless phone wireless router,
etal. When someone uses this product there seems to be some form of
interference coming from multiple wireless products which causes the
product to behave erratic and jack up its speed.

///-->
The Fix
///-->

Create a Wireless Tunnel between the product and the product's remote this
helps ensure that only the intended product alone understands the
transmitted signals. Tunnled signals are encrypted and unless using
encryption - transmitted data may reach unintended recipients.

Encrypting also ensures that it remains uncorrupted throughout the
connection and allows the user to flexibility move about freely sending
and receiving signals. Temporal Key Integrity Protocol (TKIP) and in 2004,
Advanced Encryption Standard points can be used in the future as well
depending on the need for high level encrption.

///-->
The exploit
///-->

No known exploits exist however cordless telephones, ham radios, and all
other sorts of wireless products seem to interfere with the product which
makes it somewhat of a danger (if viewed this way) to anyone using the
product.

Attacker can adjust speeds, and flicker with the power. This can lead to
sensory overload for the client.

///-->
The fix
///-->

VPN's or WEPS can be used to secure the connection to the product but one
might want to simply avoid using it near other wireless products

///-->
Vendor Status
///-->

Vendor notified


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

It is much easier to suggest solutions when you know nothing
about the problem. -- Niklaus Wirth
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: