Future? It was already on yesterday!

Today's EWLANInfrastructures operate at 2.4 and 5 GHz - a frequency range in which water interacts with electromagnetic waves. Anyone with an old microwave oven that, when switched on, emits the WLAN-The people who have problems with reception can tell you a thing or two about it.

But how does something like this become a security problem? Through the clever, but hardly imaginable use of applications. But one after the other...

The human body consists of more than 50 percent water. We humans also interact with the WLAN. These "disturbances" are by far not as massive as with old microwaves, but measurable!

If one combines the information of several AntennasThe railgun in the Schwarzenegger film Eraser is not so far-fetched. So the "railgun" in the Schwarzenegger film "Eraser" is not so far-fetched.

Recent research even allows to distinguish gestures with arm or fingers in space - just remember Tom Cruise in "Minority Report"!

Scanning through walls and detecting movements in electromagnetic fields are nothing new: For example, police can use them to gain information about people taken hostage without entering the room.

Even if the systems are more sophisticated and emit waves: The principle is the same.

See through walls

But the possibilities go much further: current research shows how to determine the PIN on a mobile device just by evaluating generally available information at a WLAN-Router.

Modern variants use several Antennas, the signal reception strength can be read out easily (CSI - Channel Strength Information). If a mobile device is connected to the Router connected, there are minimal changes in the reception strengths during (PIN) entry: due to the movement of the hand in the room where it is connected to the WLAN-waves interacts, and by the minimally changed orientation of the device.

If the changes in reception strength are correlated, there is a probability of up to 81.8 percent of recognizing a ten-digit PIN that has been entered - without any compromise of the terminal device itself. This is where the purely academic approach to a future threat becomes an actual problem!

For a potential attacker, it is not even necessary to have a public Hotspot in a café. He simply sets a so-called rogue Access Point on, under an existing or a generic name ("WLAN", "freeWiFi"...).

The process can even be automated to the point where the rogue Access Point automatically checks according to which WiFi-name devices, and also offers these names. This leads to devices (often without any user interaction) offering such Nets use automatically.

Security: always new, always exciting

The danger in the use of public Hotspots So it is no longer just that the Communication can be intercepted. Meanwhile, local inputs can also be evaluated on the device.

So, especially for critical applications, it is advisable to rely on additional mechanisms such as a fingerprint. Such scenarios are one reason why IT-Security is so interesting and will probably remain so.

Threats are always coming from new and sometimes completely unexpected directions - as IT-As security managers, we must identify these risks, develop appropriate countermeasures, and implement them.

In the specific case, it is recommended to confirm previous "Best Practices". The access of devices to public Hotspots has risk potential. In the past, it was the possibility of Communication Today, there is also the additional risk that PINs and other entries can be intercepted.

Depending on the criticality of the Data thus another scenario that should play a role in risk considerations.