exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

symbol.txt

symbol.txt
Posted Nov 14, 2003
Authored by Michael Scheidell

The Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.

tags | advisory
advisories | CVE-2003-0934
SHA-256 | 0ef878b8880cfbb42ed45bacdfc32fa99f275624901e1d58461985859e733d1f

symbol.txt

Change Mirror Download
Symbol Technologies Default WEP KEYS Vulnerability
Systems: Symbol Technologies PDT 8100
Severity: Medium=20
Category: Default password storage and access
Classification: Installation problem
BugTraq-ID: TBA
CVE-ID: CAN-2003-0934
SymbolTech-ID: 620646
Local Exploit: yes=20
Vendor URL: http://www.symbol.com
Author: Michael S. Scheidell, SECNAP Network Security=20
Notifications:
AutomedRX Nov 6, 2003
Symbol Technologies, Nov 7, 2003
Cert, Nov 7, 2003
Released: November 10, 2003


Discussion:=20
http://www.symbol.com/products/mobile_computers/mobile_pdt8100.html

Tap, Type, or Scan-Maximum Versatility in a Portable Data Terminal=20
The PDT 8100 Series from Symbol Technologies bridges the gap between =
pure pen-based and key-based mobile data collection solutions. The first =
Pocket PC device available with multiple keyboard options, the PDT 8100 =
is a versatile, large-screen handheld that delivers the functionality of =
Pocket PC with the convenience of tactile, key-based data entry.

Problem:=20
During installation, if the default WiFI keys and shared secret are not =
changed:
A) they can be retrieved by end user
B) used by hackers to gain unauthorized access to wireless network

Symbol Access PDT 8100 hides existing WEP keys so that users cannot view =
them IF AND ONLY IF YOU CHANGE THE DEFAULTS. This is not a design flaw =
but rather a feature in the PDT 8100 that is used ONLY during initial =
setup to facilitate connection to client's Wireless gateways. Where the =
vulnerability exists is if during installation, these keys are not =
changed. If not changed, the PDT 8100 will reveal them to any user in =
plain text by taping on the wireless icon on lower right hand of 8100 =
and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys =
can allow an insider the ability to totally compromise the WiFi network. =
Unchanged factory default keys are published and should not be used =
past initial testing or on a live network. Tested on model =
8146-T2B940US

The Common Vulnerabilities and Exposures (CVE) project has assigned the =
name CAN-2003-0934 to this issue. This is a candidate for inclusion in =
the CVE list (http://cve.mitre.org), which standardizes names for =
security problems.

Vendor Response:=20
November 10, 2003:
Vendor was extremely helpful and confirmed what the default keys were, =
and that changing the default keys would hide them from user. Symbol =
Technologies continues to work with Wifi standards and security groups =
to improve both the user experience and the security of their products =
and has upgraded and updated both their software and firmware to keep up =
with the latest security requirements. Symbol Technologies recommends =
(in their installation manuals and guides) that all default passwords =
and keys be changed during installation.

Exploit:=20
A user just needs to clone the Wifi keys, shared secret, MAX address and =
SSID to be able to have unauthorized access to the client's network.

Solution:=20
The installer or client needs to change both the shared secret and the =
Wifi Keys.
Also see Seven Security Problems of 802.11 Wireless at:
http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html

Credit:=20
Problem found by Michael Scheidell, SECNAP Network Security =
vulnerability research team, with assistance by John Hughes, Symbol =
Technologies http://www.symbol.com and Syed Jafri, AutoMedRX, Inc. =
http://www.automedrx.com

Original copy of this report can be found here=20
http://www.secnap.net/security/031106.html
Copyright: Above Copyright(c) 2003, SECNAP Network Security, LLC. World =
rights reserved.=20
This security report can be copied and redistributed electronically =
provided it is not edited and is quoted in its entirety without written =
consent of SECNAP Network Security, LLC. Additional information or =
permission may be obtained by contacting SECNAP Network Security at =
561-368-9561=20
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close