The global and independent platform for the SAP community.

Digital X-ray view

Do you know this too? You stumble upon a topic, think it's science fiction - and one day realize that the future has long since become reality...
Raimund Genes, Trend Micro
December 2, 2016
it security header
avatar
This text has been automatically translated from German to English.

Today's EWLANInfrastructures operate at 2.4 and 5 GHz - a frequency range in which water interacts with electromagnetic waves.

Anyone with an old microwave oven, which after switching on the WLAN-The people who have problems with reception can tell you a thing or two about it.

But how does something like this become a security problem? Through the clever, but hardly imaginable use of applications. But one after the other...

The human body consists of more than 50 percent water. We humans also interact with the WLAN.

These "disturbances" are nowhere near as massive as with old microwaves, but they are measurable!

If one combines the information of several AntennasThe railgun in the Schwarzenegger film Eraser is not so far-fetched. So the "railgun" in the Schwarzenegger film "Eraser" is not so far-fetched.

Recent research even allows to distinguish gestures with arm or fingers in space - just remember Tom Cruise in "Minority Report"!

Scanning through walls and detecting movements in electromagnetic fields are nothing new: For example, police can use them to gain information about people taken hostage without entering the room.

Even if the systems are more sophisticated and emit waves: The principle is the same.

See through walls

But the possibilities go much further: current research shows how to determine the PIN on a mobile device just by evaluating generally available information at a WLANRouter.

Modern variants use several Antennas, the signal reception strength can be read out easily (CSI - Channel Strength Information).

If a mobile device is connected to the Router connected, there are minimal changes in the reception strengths during (PIN) entry: due to the movement of the hand in the room where it is connected to the WLAN-waves interacts, and by the minimally changed orientation of the device.

If the changes in reception strength are correlated, there is a probability of up to 81.8 percent of recognizing a ten-digit PIN that has been entered - without any compromise of the terminal itself.

Here, the purely academic approach of a future threat becomes a current problem!

For a potential attacker, it is not even necessary to have a public Hotspot in a café. He simply sets a so-called rogue Access Point on, under an existing or a generic name ("WLAN", "freeWiFi"...).

The process can even be automated to the point where the rogue Access Point automatically checks according to which WiFi-name devices, and also offers these names.

This leads to devices (often without any user interaction) automatically using such networks.

Security: always new, always exciting

The danger in the use of public Hotspots So it is no longer just that the Communication can be intercepted.

Meanwhile, local inputs on the device can also be evaluated. It is therefore advisable to rely on additional mechanisms like a fingerprint, especially for critical applications.

Such scenarios are one reason why ITSecurity is so interesting and will probably remain so.

Threats are always coming from new and sometimes completely unexpected directions - as IT-As security managers, we must identify these risks, develop appropriate countermeasures, and implement them.

In the specific case, confirmation of previous "best practices" is recommended. The access of devices to public Hotspots has risk potential.

In the past, it was the possibility of Communication Today, there is also the additional risk that PINs and other entries can be intercepted.

Depending on the criticality of the data, this is another scenario that should play a role in risk considerations.

https://e3mag.com/partners/trend-micro-deutschland-gmbh/

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.