Application security vulnerability specialist Fortify Software is warning that the proposed WiFi Direct standard – which will allow WD-enabled WiFi devices to link with each other on an ad-hoc basis – poses a potentially serious security threat to companies using WiFi networks.
Richard Kirk, Fortify's European director, says that, while most manufacturers have installed defences against attacks and unauthorised accesses to their wireless networks, these normally centre on the wireless access point.
"The WiFi Direct standard, which is due to be ratified next year, means that almost any WiFi device will be capable of supporting a peer-to-peer connection – so bypassing the wireless access point and most of the company's networking security," says Kirk.
"Put simply, unless a portable device, such as an iPhone or smartphone, has got robust security on board, as well as applications that are secure against hacking, then an unauthorised person could establish a peer-to-peer connection directly and launch an internal attack on the company's network," he adds.
He explains that although most netbooks and laptops have adequate security to combat this form of 'back door' hacking, mobile devices rarely have robust enough to stop "network nasties, such as SQL Injections".
His advice: developers need to be trained in secure coding practices and code needs to be reviewed by competent, technology-equipped security practitioners.