Chapter 78 · Security Advisory

Securing Wireless and Mobile

Site surveys and heat maps. Wireless survey tools and spectrum analyzers. MDM, BYOD, COPE, and CYOD. Cellular, Wi-Fi, and Bluetooth threat vectors. Security controls for every layer of wireless and mobile infrastructure.

WIRELESS-2024-001
Wireless Site Surveys and Survey Tools
Severity: High

Why Site Surveys Come Before Wireless Deployment

Wireless signals do not obey network topology diagrams. Radio frequency energy propagates through walls, reflects off metal surfaces, absorbs into concrete, and competes with every other device transmitting on the same or adjacent frequencies. Before deploying or troubleshooting a wireless network, a security and network administrator needs to understand the actual RF environment they are working in — not the theoretical one. A wireless site survey is the systematic process of gathering that understanding.

The first objective of a site survey is to catalog all existing access points in the area. This includes access points that belong to the organization — but critically, it also includes access points that do not. A neighboring business sharing a wall, an apartment above the office, a coffee shop across the street — all may have wireless networks operating on frequencies that overlap with the organization's planned deployment. An administrator cannot choose channels, frequencies, or access point placement rationally without knowing what else is already occupying the spectrum in that physical space.

Access points that the organization does not control cannot be eliminated, but they can be worked around. If channels 1, 6, and 11 (the non-overlapping 2.4 GHz channels) are already heavily used by neighboring networks, the site survey reveals this before deployment so the organization can plan for 5 GHz operation or channel separation. Without this knowledge, administrators would be configuring blindly and encountering unexplained interference issues after the fact.

A site survey also identifies security risks from unmanaged access points. An unauthorized access point detected during a survey — one that is not in the organization's inventory — is a rogue access point that requires investigation. It may be an employee who plugged in a consumer-grade router for convenience, creating an unmanaged network entry point. It may be an attacker who placed a device to intercept traffic. Either way, identifying it during a site survey allows the organization to address it.

Site surveys should not be one-time events. Wireless environments change: new neighboring tenants move in, employees bring new devices, construction modifies how signals propagate, and new access points are installed. Scheduled periodic site surveys — quarterly or annually depending on the rate of environmental change — maintain current knowledge of the wireless landscape and catch rogue access points and interference sources before they become persistent problems.

Heat Maps — Visualizing Signal Strength Across Physical Space

One of the most useful outputs of a wireless site survey is a heat map. A heat map overlays wireless signal strength data onto a floor plan or physical map of a space, using colors to represent signal intensity. Strong signal areas appear in warm colors (red, yellow, orange); weak signal areas appear in cool colors (blue, purple). The result is an intuitive visual representation of where the wireless network provides reliable coverage and where it does not.

Heat maps allow administrators to see exactly how signal propagates through a specific physical environment — including through walls, around obstacles, and across floors. What looks like complete coverage from an access point placement diagram may reveal dead zones, weak signal corridors, and unexpected signal bleed outside the building when actually measured. Heat maps expose these realities that theoretical planning cannot predict.

From a security perspective, heat maps are equally valuable for identifying areas where signal extends beyond intended boundaries. Wireless signal that radiates into parking lots, adjacent buildings, or public spaces creates attack surface — an attacker sitting outside can connect to a network that was intended for interior use. Heat maps make this visible, allowing administrators to adjust access point power levels or placement to contain signal within appropriate boundaries.

Wireless Survey Tools and Spectrum Analyzers

Several categories of tools support wireless site surveys and ongoing wireless security monitoring.

Built-in OS tools provide basic wireless information — the list of visible SSIDs, signal strength of nearby networks, and connection status information. Every wireless-capable device has some version of this. These tools are useful for quick assessments but lack the depth for serious site survey work.

Third-party wireless survey applications (such as NetSpot, Ekahau, or inSSIDer) provide much richer data: a list of all visible access points with SSID, BSSID (the access point's MAC address), channel, frequency band, signal strength, and security type. They can track signal strength as the user walks through a space, building the data needed for heat map generation. These tools make it possible to identify which specific access points are creating interference, whether neighboring networks are on conflicting channels, and which areas of a building have coverage gaps.

Spectrum analyzers are the most powerful tool in this category and serve a distinct purpose. While wireless survey tools show information about 802.11 Wi-Fi devices specifically, a spectrum analyzer shows all radio frequency activity across the wireless bands — Wi-Fi and non-Wi-Fi alike. Microwave ovens, baby monitors, wireless cameras, cordless phones, and Bluetooth devices all transmit on the 2.4 GHz band that Wi-Fi also uses. If a mysterious interference source is disrupting a wireless network, a spectrum analyzer can identify it even when it is not a Wi-Fi device and therefore invisible to standard wireless survey tools. A spectrum analyzer is essential when unexplained interference persists and standard tools cannot identify the source.

WIRELESS-2024-002
Mobile Device Management and Ownership Models
Severity: High

MDM — The Central Control Platform for Mobile Security

Mobile devices present a unique management challenge. Unlike workstations and servers that sit within the data center or office and connect to managed networks, mobile devices travel everywhere, connect to uncontrolled networks, and are used for both work and personal purposes. A security policy that exists only in a document has no enforcement mechanism on a device that spends most of its time outside the corporate network. Mobile Device Management (MDM) is the platform that provides that enforcement mechanism.

An MDM platform allows a system administrator to centrally manage all enrolled mobile devices — whether company-owned or employee-owned — from a single console. Policies defined in the MDM are pushed to enrolled devices and enforced automatically without requiring any action from the device user. This creates a scalable management layer that covers hundreds or thousands of devices with consistent policy application.

Feature control. MDM can enable or disable specific device features based on context. The classic example: the device camera can be automatically disabled when the device is connected to the corporate network or physically inside the corporate building, and re-enabled when the device leaves. This prevents unauthorized photography of sensitive areas, whiteboards, or screens without requiring the employee to remember any policy. Feature controls can similarly restrict microphone use, Bluetooth, tethering, or access to specific application categories based on organizational policy.

Application management. MDM platforms can control which applications are installed on enrolled devices — requiring mandatory security applications, blocking application categories, or allowing only applications from an approved list. This prevents employees from installing applications that could exfiltrate corporate data, introduce malware, or bypass security controls.

Data segmentation. MDM can create a logical partition on a mobile device that is dedicated to corporate data and applications, separate from personal content. The corporate partition operates under full organizational policy; the personal partition is the employee's own space. This dual-partition model is how BYOD and COPE devices can coexist personal and corporate use without mixing data. The MDM can delete the corporate partition — removing all corporate data — without touching the personal partition. This is the critical capability for device disposal, employee termination, or lost device scenarios.

Access control enforcement. MDM enforces screen lock after a configurable inactivity period, requires a PIN or password to unlock, and can require device encryption as a precondition for enrollment. These controls ensure that a lost or stolen device is not immediately accessible to whoever finds it. Remote wipe — the ability to erase an enrolled device from the MDM console — provides the last line of defense: if a device is confirmed lost or stolen, its data can be destroyed remotely before it is accessed.

BYOD — Security Complexity at the Price of Flexibility

Bring Your Own Device (BYOD) — also called Bring Your Own Technology (BYOT) — is the policy of allowing employees to use their personal smartphones, tablets, or laptops for work purposes. The appeal is significant: employees prefer using devices they are comfortable with, hardware costs shift from the organization to the employee, and productivity can improve when employees use the tools they know best.

The security complexity is equally significant. A BYOD device is simultaneously a personal device and a work device. It contains the employee's personal photos, messages, and apps alongside corporate email, documents, and applications. The organization does not own the device and cannot apply the same level of control it would apply to a corporate-owned asset. The employee has reasonable privacy expectations around their personal content. This tension between organizational security requirements and employee privacy rights makes BYOD policies genuinely difficult to implement securely.

For BYOD to work within an MDM framework, the device must meet minimum requirements — a minimum OS version, encryption enabled, screen lock configured — before it can enroll. The MDM then manages only the corporate partition, leaving the personal portion of the device outside organizational control. This is the standard compromise: the organization gets security over corporate data, and the employee retains privacy over personal data.

A frequently overlooked BYOD challenge is the device lifecycle. When an employee upgrades their phone, sells their old device, or trades it in, the corporate data on that device must be wiped before it leaves their possession. Organizations need explicit policies and procedures for BYOD offboarding — how the MDM remote wipe of the corporate partition is triggered, who is responsible for confirming completion, and what happens if a device is sold before the wipe occurs.

COPE and CYOD — Corporate Ownership with Personal Use

Corporate Owned, Personally Enabled (COPE) is the organizational model where the company purchases and owns the mobile device but enables personal use on that device. The employee gets the convenience of a single device that handles both work and personal needs; the organization gets full ownership and control of the device from the start.

Because the organization owns the device, the security dynamic is fundamentally different from BYOD. The company can enforce any policy it chooses without the privacy tensions of a personally-owned device. Corporate data occupies a partition under full corporate policy control, and personal use is permitted in a separate partition — but the organization retains the right to wipe the entire device at any time, including the personal partition. Employees using COPE devices understand this as the terms of use.

This is directly analogous to how organizations have historically managed laptops: the company buys the asset, assigns it to a user, allows some personal use, but retains ownership and the right to access or wipe the device at any time. COPE applies this same model to mobile devices.

Choose Your Own Device (CYOD) is a variant of COPE where the organization purchases the device but allows the employee to select from an approved list of models and configurations. The employee gets a degree of preference — choosing Android vs. iOS, or a preferred form factor — while the organization maintains control because only pre-approved device models with known security properties are permitted. CYOD balances employee preference with the security and support benefits of a managed, company-owned device fleet.

WIRELESS-2024-003
Cellular, Wi-Fi, and Bluetooth Security Threats
Severity: Medium

Cellular Networks — Security at Scale

Modern cellular networks (4G LTE, 5G) divide geographic areas into cells, each served by antenna infrastructure that handles communication for mobile devices within that cell. As a device moves between cells, the network hands off the connection to the appropriate antenna. This infrastructure is entirely outside the organization's control — owned and operated by cellular carriers.

The security concerns specific to cellular communication fall into several categories. Traffic monitoring — although 4G and 5G encrypt communications between the device and the cell tower, weaker legacy protocols and protocol downgrade attacks have historically allowed traffic interception. Equipment known as IMSI catchers (or "stingrays") can impersonate cell towers, forcing nearby devices to connect and allowing traffic interception and location tracking without the knowledge of the device owner.

Location tracking is inherent to cellular operation — the network must know which cell a device is in to route calls and data to it. This means that a cellular device's approximate location is continuously known to the carrier, and that location data can be obtained through legal process, leaked through vulnerabilities, or inferred by third parties. For users handling sensitive information, cellular location tracking is a meaningful operational security consideration.

Global accessibility means that a mobile device connected to a cellular network is reachable from anywhere in the world. This is useful; it is also a risk. Unpatched vulnerabilities, exposed services, and compromised applications on mobile devices are accessible to any attacker globally, not just those physically nearby. This is why maintaining software updates on mobile devices is especially critical — the attack surface is globally exposed.

Wi-Fi — Three Security Threats and Their Defenses

Wi-Fi provides local wireless network access — the wireless LAN that connects devices within a building or campus to the organization's network and the internet. Its security threats stem from the fundamental nature of radio frequency communication: the signals travel through the air and can be received by any device within range that has a wireless antenna.

Data capture — the eavesdropping threat. An attacker within Wi-Fi range can potentially capture wireless network traffic using freely available tools. If the traffic is unencrypted — as was common before widespread TLS adoption, and as is still the case for some legacy applications — the attacker can read the contents of communications. The defense is encryption: use WPA3 or WPA2 for the wireless network itself, ensure applications use TLS, and use a VPN when connecting to networks outside organizational control (hotels, coffee shops, airports). Encrypting data in transit ensures that even if an attacker captures the wireless frames, the content is unreadable.

On-path attacks — the interception threat. An attacker who sets up a rogue access point with the same SSID as a legitimate network, or who uses ARP poisoning on a wireless LAN, can position themselves between a client device and the actual network — an on-path (formerly "man-in-the-middle") attack. The attacker receives the victim's traffic, may read or modify it, and forwards it to the intended destination. The victim sees a normal connection; the attacker reads everything. Defenses include strong wireless authentication (WPA3 Enterprise with certificate-based authentication makes rogue AP attacks much harder) and ensuring critical traffic is encrypted end-to-end even over a trusted network.

Denial of service — the interference threat. Wireless networks are uniquely vulnerable to denial-of-service attacks via radio frequency interference. An attacker can flood the wireless frequencies with traffic or noise, preventing legitimate devices from communicating. Wi-Fi deauthentication attacks exploit a management frame in 802.11 that is not authenticated by default — an attacker can send forged deauthentication frames to disconnect clients from access points, repeatedly. The result is persistent service disruption without requiring any access to the network. Newer Wi-Fi standards (WPA3, 802.11w management frame protection) address deauthentication attacks by authenticating management frames.

Bluetooth — Short Range, Real Risk

Bluetooth is a short-range wireless communication technology (typically 10–100 meters depending on power class) designed for Personal Area Networks (PANs). It connects the ecosystem of devices that surrounds a smartphone or laptop: wireless headsets and headphones, smartwatches, fitness monitors, automotive hands-free systems, external speakers, and wireless keyboards and mice.

The security model for Bluetooth is built around the pairing process. When two Bluetooth devices connect for the first time, they go through a pairing procedure that establishes a shared security key — this key is then used to authenticate and encrypt subsequent connections between those specific devices. The pairing process typically requires user confirmation (accepting a pairing request, confirming a PIN displayed on both devices, or approving a numeric comparison) to prevent unauthorized devices from connecting.

The risks arise when this pairing model is circumvented or ignored. Unauthorized pairing occurs when a device accepts a connection from an unknown Bluetooth device without adequate user confirmation — either because the device is in discoverable mode, the pairing process was poorly implemented, or the user approved a pairing request from an unfamiliar device. Once paired, a malicious device can potentially access data on the target device.

The practical guidance is clear: do not accept Bluetooth pairing requests from unknown devices, do not leave devices in discoverable mode when pairing is not actively needed, and be cautious about automatic connection to remembered devices in public spaces — a malicious actor could be operating a device with the same name as a trusted device the target phone will auto-connect to. Bluetooth should be disabled when not actively in use, particularly in high-risk environments, to eliminate the attack surface entirely.