CHICAGO (January 28, 2010) - Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, announces that two of the company's information security experts will deliver briefings at ShmooCon, February 5-7, 2010, in Washington, D.C. The presentations will be delivered by members of SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing, application security and security research.
Zack Fasel and Matthew Jakubowski, both Security Consultants, will deliver, A Tale of Infrastructure Weaknesses in Distributed Wireless Communication Services, which will look at the inherent security risks of distributing trusted end-user hardware devices to consumers for personal use.
Wireless communication providers have designed and issued distributed wireless communication devices to help increase wireless coverage for consumers - a mini cell phone tower for the individual user. While this does increase customer satisfaction, it introduces a major security risk into the general marketplace if the wireless devices are not properly secured by the manufacturers.
Cell phones are programmed to trust the cell tower. The cell phone does not possess business logic to avoid connecting to a wireless device, acting as a tower, which has experienced tampering. Therefore, if a malicious user tampers with a wireless device, the cell phone inherently trusts that tower. It is in this instance that other user phones could potentially connect to the compromised cell tower and trust it as it would the rest of the network, which would include calls and data traffic. Theoretically, an attacker can sniff data traffic as it traverses the fake network and obtain confidential, proprietary or personally identifiable information.
Additionally, Fasel and Jakubowski will provide theoretical evidence that this is an infringement on privacy. Each cell phone has its own unique identification number. For those malicious users that tamper with a wireless device and create a fake tower, they can then monitor the movement of people based on their unique cell phone identification number. While this is not a security implication, it is a loss of privacy.
"Cell carriers are deploying wireless communication devices to help businesses and consumers stay connected where traditional networks cannot reach," says Robert J. McCullen, chairman and CEO of Trustwave. "Confidential data is being transmitted across these networks in increasing capacity, without concern for securing the entire infrastructure, which could result in the loss of proprietary or personally identifiable data."
About Trustwave
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com/en-us/.
