Light Reading

Users Eye New 802.11 Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
8/11/2006
50%
50%

Some of the underlying 802.11 security issues revealed at the recent Black Hat security show have led some experts to recommend that users turn off their WiFi radios when not in use.

A presentation by Jon Ellch and David Maynor showed a video demo of a hack using the underlying wireless drivers to quickly access a Mac computer, although the attack also works against Windows machines. (See Intel's Centrino Vulnerability.) The two researchers demonstrated how wireless drivers could establish a connection and seize control of a laptop, even if the laptop was not associated with any WiFi access point. The two-step demonstration forced the victim's notebook to establish a connection to the hacker's PC, and seized control of the laptop once the connection was established.

This exploit could potentially allow attackers to commandeer anyone's laptop -- as long as a wireless capability is installed and enabled. The demo has renewed enterprise concerns about the security fitness of 802.11 once again.

Roger Cass, CTO at healthcare firm MediSync, says he will take a number of measures to protect against the threat. "Our first step would be to caution our laptop users to leave their radios off unless they are actively using them," he tells Unstrung. "Next would be to avoid using hotspots unless necessary."

"Lastly, we would have to wait for driver fixes from the radio manufacturers. Since this was a hot topic, I imagine some patches will be forthcoming. The key is to find the updated drivers and install them," Cass said.

Third-party WiFi security companies such as AirTight Networks Inc. and Network Chemistry Inc. have already piped up to say that their products protect against the hack.

The key danger, however, is likely to be a lack of user awareness about when their WiFi radio is actually enabled. Often, many users simply do not realize that they are connected via WiFi -- either in the office or in a public space. (See Five WiFi VOIP Security Issues .)

— Dan Jones, Site Editor, Unstrung

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
alockhart
50%
50%
alockhart,
User Rank: Light Beer
12/5/2012 | 3:44:53 AM
re: Users Eye New 802.11 Security Issues
It should be noted that these vulnerabilities are caused by poor coding and/or testing in the drivers for wireless cards from Intel and Apple. To put the risk into perspective, at DEFCON, over 60 percent of the wireless devices detected were from these two vendors. However, these types of issues have a much broader reach and likely affect more than just Intel and Apple.

These latest examples of vulnerabilities in wireless cards reflect a growing trend of vulnerabilities being found in the wireless client packages and drivers. Prior examples have been recognized and documented by the Wireless Vulnerabilities and Exploits project (www.wirelessve.org). Earlier this year an integer overflow was discovered in FreeBSDGÇÖs 802.11 stack (WVE-2006-0004). Additionally, both Linux and Windows have driver and other low-level disclosure vulnerabilities that can reveal the contents of a systemGÇÖs memory to remote attackers (WVE-2006-0005, WVE-2006-0047, and WVE-2006-0043).
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
CenturyLink: Building the Case for NFV

12|19|14   |   02:14   |   (0) comments


At the 2020 Vision Executive Summit, James Feger, VP, Network Strategy & Development at CenturyLink, talks about how the US operator is approaching virtual network functions from an operational and business case perspective.
LRTV Interviews
Liberty Global Sees Business Goldmine

12|18|14   |     |   (0) comments


Steen Sorensen, VP of business services for Liberty Global, explains where the giant international MSO sees growth potential.
LRTV Documentaries
EE: The Road to 5G

12|16|14   |   16:02   |   (1) comment


Andy Sutton, the principal network architect at UK mobile operator EE, explains how his company is using Wembley stadium as a wireless test bed and how that's helping EE to plan the evolution to 5G.
LRTV Huawei Video Resource Center
Highlights of Huawei's NFV Open Cloud Forum 2014

12|16|14   |     |   (0) comments


Huawei hosted its inaugural NFV Open Cloud Forum during the SDN & OpenFlow World Congress 2014 in Düsseldorf, Germany. The Forum brought together technology thought leaders, senior executives and telecom professionals from global carriers, industry associations, as well as other partner companies in the ecosystem, to exchange views on and collectively explore how ...
LRTV Custom TV
Realizing Operators' Digital Vision

12|16|14   |   5:23   |   (0) comments


Leveraging technology is fundamental to digital transformation but understanding customers and serving them really well is at the heart of digital businesses. TM Forum lists the following as the strategic pillars of the digital business: business agility and rapid innovation, operational agility and effectiveness, IT and data centricity, plus customer centricity. ...
LRTV Documentaries
US Cellular Injects Analytics Into LTE

12|16|14   |   2:57   |   (1) comment


US Cellular's Mario Vela explains how the operator uses analytics for network planning and what comes next as the carrier looks to eke more value out of its metrics.
LRTV Interviews
How Cox Biz Plans to Keep Growing

12|15|14   |     |   (2) comments


Steve Rowley, SVP of Cox Business, details how the third-biggest US MSO intends to boost its revenues to $2 billion and beyond over the rest of the decade
LRTV Huawei Video Resource Center
Interview With Bill Zhang, Director of SoftCOM Product Management, Huawei

12|15|14   |   2:50   |   (0) comments


Bill Zhang elaborated on Huawei's open philosophy in NFV solution development and network architecture design at the SDN & OpenFlow World Congress 2014.
LRTV Huawei Video Resource Center
Event Highlights: Huawei at SDN & OpenFlow World Congress 2014

12|15|14   |   3:43   |   (0) comments


Huawei joined the 2014 SDN & OpenFlow Congress as one of the key sponsors and contributors. At the event, Huawei reinforced the openness and flexibility of its network infrastructure strategies, and provided updates on its SDN and NVF innovations. Through participations at the exhibitions, forums and speeches, Huawei encouraged the industry to "think bigger and ...
LRTV Interviews
How Cable Biz Services Hit $10B Mark

12|12|14   |     |   (1) comment


Cable operators reached $10 billion in annual business services revenues by delving deeper into their vertical markets and expanding beyond the smallest firms.
LRTV Documentaries
Mediacom Aims to Test Connected Tractors

12|11|14   |   05:07   |   (3) comments


Cable business service provider is taking its services to the 'agribusiness' sector in partnership with farm equipment specialist John Deere and is getting involved in Gigabit Cities developments.
LRTV Interviews
TWC Business Looks Beyond $3B

12|10|14   |     |   (0) comments


TWC Business Services chief Phil Meeks explains how his unit has reached $3 billion in annual revenues and what its plans are for next year.
Upcoming Live Events
February 10, 2015, The Westin Peachtree Plaza, Atlanta, GA
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Hot Topics
T-Mobile, BlackBerry Flirt With Reuniting
Sarah Reedy, Senior Editor, 12/17/2014
1-Gig: Coming to a Small Town Near You
Jason Meyers, Senior Editor, Gigabit Cities/IoT, 12/17/2014
Comcast Launches 4K Streaming Service
Alan Breznick, Cable/Video Practice Leader, 12/18/2014
US Carriers, You're Going to Cuba!
Mitch Wagner, West Coast Bureau Chief, Light Reading, 12/18/2014
T-Mobile Lights Up 27 Wideband LTE Cities
Sarah Reedy, Senior Editor, 12/15/2014
Like Us on Facebook
Twitter Feed
Webinar Archive