As a child in rural Ohio, I marveled over descriptions in the weekly Junior Scholastic of President Eisenhower’s proposed Interstate Highway System that would contact the east and west coasts for high-speed, unimpeded, toll-free travel. Innovative cloverleaf exit and entrance ramps, with their ingenious reverse direction to change direction configuration, would encourage safe throughput by eliminating right-angle turns and sudden stops: Cars, trucks, and motorcycles would merge easily with others. I was eager to cruise this highway and enjoy its streamlined efficiency without all the speed traps and slowdowns in small town that vexed my father and delayed family and vacation visits.
And that’s what we were promised with the information super highway as well: free high-speed communications to the whole world of knowledge and instantaneous communication. On the one hand, success can be measured by global adoption rates of Internet and smartphone use that are pushing 67% and 43%, respectively (for those between the ages of 18 and 35, the numbers are much higher).1 But we’re also encountering similar disappointing realities in digital space as in physical space: disconnects in end-to-end movement, constant repair, random events—and the cyber equivalent of drunken driving, road rage, recklessness, and accidents. We appreciate the need for commonly understood and practiced rules of the road, protective gear, situational awareness, and defensive navigation.
In the pursuit of speed, convenience, low cost, and entertainment, however, we have inadvertently created pathways for opportunistic predators who do not believe in behavioral limits or respect for the rights (and property) of others. In this book I’ve attempted to show from a mobile, wireless perspective where these bad actors can find vulnerabilities and seek to take advantage. By looking at real-world attack scenarios, we can begin to think like them: What would attackers do? They have many tools and choices—as do we. We can operate our mobile devices more safely, we can navigate our wireless highways more thoughtfully, and we can purchase products more judiciously. We can use what we know and learn what we don’t already.
The first two chapters describe the general historical and technical background for wireless access points (WAPs): definitions, specifications, standards, and emerging trends. The third chapter looks at hacker motivations and different categories of attacks. The next chapters focus on different operational environments for WAPs: individual consumer (Chapter 4); commercial/industrial (Chapter 5); medical and health care (Chapter 6); civilian government (Chapter 7); non-civilian government for public safety, emergency management, and national security (Chapter 8). Chapters 4 through 7 include at least one actual attack scenario and a list of takeaways. Due to the greater caution taken with attack scenarios that occur within the non-civilian government environment, no attack scenario is outlined here. Chapter 9 summarizes observations and takeaways, and delivers a call to action and makes an appeal for the responsible use of technology. The Appendix contains a glossary of WAP-related terms and attack tree diagrams.
This exploration covers a broad territory: The drill down into each focus environment could become a book in its own right. It is intended to be suggestive, disturbing, and accessible, as any good call to action ought to be. I hope it brings readers to the conclusion that it is time for them to get cracking, recognize hacking, and impede signal jacking.