Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentesting a wireless Symbol Technologies barcode scanner system
From: Glenn Larsson <ichinin () swipnet se>
Date: Wed, 21 Aug 2002 00:27:23 +0200

bserra () forsythesolutions com wrote:

Does anyone have any information or has done a wireless pen-test on a
Symbol Technologies manufacturing barcode scanning system? I have heard
that it is possibly 802.11 but uses some propriety encryption and/or
protocol. Any insight would be helpful.


All i know is that Symbol have developed their own kerberos
implementation for
their handhelds + Wireless Networker & Companion, it does not say any
about the implementation, i.e. using kerberos for _key exchange_ but
still using
rc4 for encryption. Try some basic kerberos attacks against it and see
yourself (Would not be surprised if you found something usefull)

- My _guess_ is that the whole system it's backwards compatible with WEP
security can be logon-downgraded via an old client that want to speak to

- Symbol AP(*)/Bridge Default pwd's: "Symbol" & "SYMBOL".

- If you find an old PDT, the wep key is found under
(i think.)ยจ This can be transfered to another device then reused on that
(Did it back in 2000 - worked fine)

- PocketPC 3.0 was also succeptible to a nobrainer ICMP-DoS attack;
did write an advisory regarding this (not tried PPC 2k+2)

- Note that old clients run dos binaries (PPT 31xx/61xx), usual software
found == MCL & wavelink, you can have fun with these as well.

If you want to know more, i suggest you ask OSP people to send you
regarding security, also, i think there is a whitepaper on regarding
kerberos, i've never read it.


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]