The IrDA specified a number of standards that relate to the transfer and exchange of data over infrared light using direct line of sight point-to-point connections. The term IrDA, used in the industry, actually relates to IrDA-Data, an IrDA standard which has a number of protocols defining how data is transferred between two devices. IrDA-Control, the other major standard defines how peripherals interact with varied host devices. IrDA is an extremely cheap, easy, reliable solution to facilitate data transfer. Speed of transfer can range upwards from 115 Kb/s with SerialIrDA (SIR), through FastIrDA (FIR) at 4Mb/s, VeryFastIrDA (VFIR) 16Mb/s, the new IrSimple protocol at 4 - 16Mb/s and upward speeds of 100 - 500 Mb/s are in the planning and implementation stages. [2] Generally IrDA data transfer takes place over small distances at less than 1m; at longer distances the bit rate very quickly attenuates with a maximum observed working distance at 3 km [3][4]. No security is in-built into this technology. IrDA Vulnerabilities A number of vulnerabilities affect IrDA notably: Eavesdropping – It is possible to detect reflected light, filtering out any other surrounding ambient noise i.e. lighting, data then may be able to be retrieved. DoS Attacks – Crafted IrDA packets can be injected into the receiver to cause a DoS or reboot of the host device. [5] Privilege Escalation – Various exploits exist potentially allowing a local attacker to access data that would normally not be accessible to them as a low privileged user [6]. No link-level security - All information is transmitted in an unencrypted format.[1]
Note: - Although not a vulnerability atmospheric conditions reduce the effectiveness of IrDA transmissions, which could alternatively be seen as a countermeasure against information leakage. IrDA Countermeasures Effective countermeasures against IrDA hacking includes: Physical Security – As IrDA attacks potentially require close access, a direct line of sight, within a 30◦ angle and limited distance, appropriate physical security methods may thwart eavesdropping and DoS attacks. Personnel Security - As above, effective vetting polices could preclude some attacks from disaffected/disgruntled staff. Protocol Security – Ensure supporting protocols provide adequate authentication, authorisation and encryption. Patching – OS and related applications.
References: 1. Sanghera, Paul et al, (2007) “How to cheat at – Deploying and securing RFID” Syngress. 2. Whitehouse, Ollie, (2003) “War Nibbling: Bluetooth Insecurity” @STAKE INC. 3. Haataja, Keijo, (2006) “Security in Bluetooth, WLAN and IrDA: a comparison” University of Kuopio 4. IRDA, (2009) “IRDA” Available online from: http://www.irda.org [Accessed 24 Oct 09] 5. Microsoft, (2009) “MS Security Bulletin MS01-046” Available online from: http://www.microsoft.com/technet/security/bulletins/ms01-046.aspx [Accessed 24 Oct 09] 6. Mitre.org, (2009) “CVE-2009-3002” Available online from: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3002 [Accessed 24 Oct 09]
|