Monday, January 17, 2005
Security Flaw in x50 WiFi WEP Key Store
Posted by Janak Parekh in "ARTICLE" @ 02:00 PM
"Airscanner discovered a serious flaw in the way the Windows Mobile Odyssey client manages the WEP key information. The Odyssey client included with the Dell X50 stores the WEP keys as plaintext in the registry. The following illustrates: Byte 5 - 9 list my entered WEP keys for each entry."
In other words, if someone gets their physical hands on your x50, it's possible to extract the WEP key without too much hassle. It isn't great that a unit stores WEP keys in plaintext, but on the other hand, WEP isn't that secure anyway. If you're using WEP to secure critical business interests, you should have already developed a migration path to WPA. And for personal use, I wouldn't worry too much about it, since this only becomes an issue if you lose your PDA.
In other words, if someone gets their physical hands on your x50, it's possible to extract the WEP key without too much hassle. It isn't great that a unit stores WEP keys in plaintext, but on the other hand, WEP isn't that secure anyway. If you're using WEP to secure critical business interests, you should have already developed a migration path to WPA. And for personal use, I wouldn't worry too much about it, since this only becomes an issue if you lose your PDA.
