Light Reading

Users Eye New 802.11 Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
8/11/2006
50%
50%

Some of the underlying 802.11 security issues revealed at the recent Black Hat security show have led some experts to recommend that users turn off their WiFi radios when not in use.

A presentation by Jon Ellch and David Maynor showed a video demo of a hack using the underlying wireless drivers to quickly access a Mac computer, although the attack also works against Windows machines. (See Intel's Centrino Vulnerability.) The two researchers demonstrated how wireless drivers could establish a connection and seize control of a laptop, even if the laptop was not associated with any WiFi access point. The two-step demonstration forced the victim's notebook to establish a connection to the hacker's PC, and seized control of the laptop once the connection was established.

This exploit could potentially allow attackers to commandeer anyone's laptop -- as long as a wireless capability is installed and enabled. The demo has renewed enterprise concerns about the security fitness of 802.11 once again.

Roger Cass, CTO at healthcare firm MediSync, says he will take a number of measures to protect against the threat. "Our first step would be to caution our laptop users to leave their radios off unless they are actively using them," he tells Unstrung. "Next would be to avoid using hotspots unless necessary."

"Lastly, we would have to wait for driver fixes from the radio manufacturers. Since this was a hot topic, I imagine some patches will be forthcoming. The key is to find the updated drivers and install them," Cass said.

Third-party WiFi security companies such as AirTight Networks Inc. and Network Chemistry Inc. have already piped up to say that their products protect against the hack.

The key danger, however, is likely to be a lack of user awareness about when their WiFi radio is actually enabled. Often, many users simply do not realize that they are connected via WiFi -- either in the office or in a public space. (See Five WiFi VOIP Security Issues .)

— Dan Jones, Site Editor, Unstrung

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
alockhart
50%
50%
alockhart,
User Rank: Light Beer
12/5/2012 | 3:44:53 AM
re: Users Eye New 802.11 Security Issues
It should be noted that these vulnerabilities are caused by poor coding and/or testing in the drivers for wireless cards from Intel and Apple. To put the risk into perspective, at DEFCON, over 60 percent of the wireless devices detected were from these two vendors. However, these types of issues have a much broader reach and likely affect more than just Intel and Apple.

These latest examples of vulnerabilities in wireless cards reflect a growing trend of vulnerabilities being found in the wireless client packages and drivers. Prior examples have been recognized and documented by the Wireless Vulnerabilities and Exploits project (www.wirelessve.org). Earlier this year an integer overflow was discovered in FreeBSDGÇÖs 802.11 stack (WVE-2006-0004). Additionally, both Linux and Windows have driver and other low-level disclosure vulnerabilities that can reveal the contents of a systemGÇÖs memory to remote attackers (WVE-2006-0005, WVE-2006-0047, and WVE-2006-0043).
Flash Poll
From The Founder
Last week I dropped in on "Hotlanta," Georgia to moderate Light Reading's inaugural DroneComm conference – a unique colloquium investigating the potential for drone communications to disrupt the world's telecom ecosystem. As you will see, it was a day of exploration and epiphany...
Between the CEOs
Affirmed Networks CEO: Digging Into NFV

5|28|15   |   40:26   |   (2) comments


Hassan Ahmed, CEO of Affirmed Networks, is making some big claims for his NFV startup. I sat down with him at the Light Reading HQ in New York City to get the skinny on what this Acton, Mass.-based startup is up to.
LRTV Documentaries
Cable Eyeing SDN for Headend, Home Uses

5|26|15   |   05:57   |   (1) comment


CableLabs is looking at virtualizing CMTS and CCAP devices in the headend, as well as in-home devices, says CableLabs' Karthik Sundaresan.
LRTV Documentaries
Verizon's Emmons: SDN Key to Cost-Effective Scaling

5|22|15   |   03:53   |   (0) comments


For Verizon and other network operators to ramp up available bandwidth cost effectively, they need to move to SDN and agree on how to do that.
LRTV Documentaries
Lack of Universal SDN a Challenge

5|21|15   |   04:51   |   (3) comments


Heavy Reading Analyst Sterling Perrin talks about how uncertainty about SDN standards and approaches may be slowing deployment.
LRTV Custom TV
Steve Vogelsang Interview: Carrier SDN

5|20|15   |   05:02   |   (0) comments


Sterling Perrin speaks to Steve Vogelsang, Alcatel-Lucent CTO for IP Routing & Transport business, about the new Carrier SDN-enabling Network Services Platform and the operator challenges it solves.
LRTV Custom TV
Carrier SDN: On-Demand Networks for an On-Demand World

5|20|15   |   20:52   |   (0) comments


Steve Vogelsang, Alcatel-Lucent CTO for IP Routing & Transport business, talks about requirements and benefits of Carrier SDN during the keynote address at the Light Reading Carrier SDN event May 2015.
LRTV Documentaries
The Security Challenge of SDN

5|19|15   |   02:52   |   (0) comments


CenturyLink VP James Feger discusses concerns that virtualization could create new vulnerabilities unless network operators build in safeguards.
LRTV Custom TV
NFV Elasticity – Highly Available VNF Scale-Out Architectures for the Mobile Edge

5|18|15   |   5:50   |   (0) comments


Peter Marek and Paul Stevens from Advantech Networks and Communications Group talk about their NFV Elasticity initiative and the company's latest platforms for deploying virtual network functions at the edge of the network. Packetarium XL and the new Versatile Server Module: 'designed to reach parts of the network that other servers cannot reach.'
LRTV Huawei Video Resource Center
Bay Area Spark Meetup 2015

5|14|15   |   3:54   |   (0) comments


Developed in 2009, Apache Spark is a powerful open source processing engine built around speed, ease of use and sophisticated analytics. This spring, Huawei hosted a meetup for Spark developers and data scientists in Santa Clara, California. Light Reading spoke with organizers and attendees about Huawei's code contributions and long-term commitment to Spark.
LRTV Custom TV
The Transport SDN Buzz

5|12|15   |   06:01   |   (1) comment


Sterling Perrin, senior analyst at Heavy Reading, speaks with Peter Ashwood-Smith of Huawei and Guru Parulkar of ON.Lab about the evolution of transport SDN and the integration of technologies.
LRTV Custom TV
Next-Generation CCAP: Cisco cBR-8 Evolved CCAP

5|5|15   |   04:49   |   (0) comments


John Chapman, Cisco's CTO of Cable Access Business Unit and Cisco Fellow, explained the innovation design of Cisco's cBR-8, the industry's first Evolved CCAP, including DOCSIS 3.1 design from ground-up, distributed CCAP with Remote PHY and path to virtualization. Cisco's cBR-8 Evolved CCAP is the platform that will last through the transitions.
LRTV Custom TV
Meeting the Demands of Bandwidth & Service Group Growth

5|1|15   |   5:35   |   (0) comments


Jorge Salinger, Comcast's Vice President of Access Architecture, explains how DOCSIS 3.1 and multi-service CCAP can meet the demands of the bandwidth and service group growth.
Upcoming Live Events
June 8, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 10, 2015, Chicago, IL
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 6, 2015, The Westin Peachtree Plaza, Atlanta, GA
October 6, 2015, Westin Peachtree Plaza, Atlanta, GA
All Upcoming Live Events
Infographics
Procera has gathered facts, stats and customer experience feedback from a survey of 540 users from across the globe.
Hot Topics
Charter Seals Deals for TWC, Bright House
Mari Silbey, Senior Editor, Cable/Video, 5/26/2015
Eurobites: Alcatel-Lucent Trials 400G in Czech Republic
Paul Rainford, Assistant Editor, Europe, 5/26/2015
Will Carriers Follow Facebook's Networking Lead?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 5/28/2015
Charter Plans Business Services, Wireless Push
Alan Breznick, Cable/Video Practice Leader, 5/27/2015
Facebook Reinvents Data Center Networking
Mitch Wagner, West Coast Bureau Chief, Light Reading, 5/26/2015
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
On May 29th 1 PM ET, Steve Saunders, founder and CEO of Light Reading, will be drilling into the "pains and gains" of NFV with Saar Gillai, SVP & GM for NFV at Hewlett-Packard Co. (NYSE: HPQ) (HP). He has defined a four-step NFV model describing a sequence of technology innovation. It's a must-read doc for any network architect looking to get to grips with their NFV migration strategy. Join us for the interview, and the chance to ask Saar your NFV questions directly!
Hassan Ahmed, CEO of Affirmed Networks, is making some big claims for his NFV startup. I sat down with him at the Light Reading HQ in New York City to get the skinny on what this Acton, Mass.-based startup is up to.
Cats with Phones