& cplSiteName &

Users Eye New 802.11 Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
8/11/2006
50%
50%

Some of the underlying 802.11 security issues revealed at the recent Black Hat security show have led some experts to recommend that users turn off their WiFi radios when not in use.

A presentation by Jon Ellch and David Maynor showed a video demo of a hack using the underlying wireless drivers to quickly access a Mac computer, although the attack also works against Windows machines. (See Intel's Centrino Vulnerability.) The two researchers demonstrated how wireless drivers could establish a connection and seize control of a laptop, even if the laptop was not associated with any WiFi access point. The two-step demonstration forced the victim's notebook to establish a connection to the hacker's PC, and seized control of the laptop once the connection was established.

This exploit could potentially allow attackers to commandeer anyone's laptop -- as long as a wireless capability is installed and enabled. The demo has renewed enterprise concerns about the security fitness of 802.11 once again.

Roger Cass, CTO at healthcare firm MediSync, says he will take a number of measures to protect against the threat. "Our first step would be to caution our laptop users to leave their radios off unless they are actively using them," he tells Unstrung. "Next would be to avoid using hotspots unless necessary."

"Lastly, we would have to wait for driver fixes from the radio manufacturers. Since this was a hot topic, I imagine some patches will be forthcoming. The key is to find the updated drivers and install them," Cass said.

Third-party WiFi security companies such as AirTight Networks Inc. and Network Chemistry Inc. have already piped up to say that their products protect against the hack.

The key danger, however, is likely to be a lack of user awareness about when their WiFi radio is actually enabled. Often, many users simply do not realize that they are connected via WiFi -- either in the office or in a public space. (See Five WiFi VOIP Security Issues .)

— Dan Jones, Site Editor, Unstrung

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
alockhart
50%
50%
alockhart,
User Rank: Light Beer
12/5/2012 | 3:44:53 AM
re: Users Eye New 802.11 Security Issues
It should be noted that these vulnerabilities are caused by poor coding and/or testing in the drivers for wireless cards from Intel and Apple. To put the risk into perspective, at DEFCON, over 60 percent of the wireless devices detected were from these two vendors. However, these types of issues have a much broader reach and likely affect more than just Intel and Apple.

These latest examples of vulnerabilities in wireless cards reflect a growing trend of vulnerabilities being found in the wireless client packages and drivers. Prior examples have been recognized and documented by the Wireless Vulnerabilities and Exploits project (www.wirelessve.org). Earlier this year an integer overflow was discovered in FreeBSDGÇÖs 802.11 stack (WVE-2006-0004). Additionally, both Linux and Windows have driver and other low-level disclosure vulnerabilities that can reveal the contents of a systemGÇÖs memory to remote attackers (WVE-2006-0005, WVE-2006-0047, and WVE-2006-0043).
Light Reading’s Upskill U is a FREE, interactive, online educational resource that delivers must-have education on themes that relate to the overall business transformation taking place in the communications industry.
NEXT COURSE
Wednesday, October 5, 1:00PM EDT
Gigabit & Smart Cities
Joe Kochan, COO & Co-Founder, US Ignite
UPCOMING COURSE SCHEDULE
Friday, October 7, 1:00PM EDT
Gigabit & DOCSIS 3.1
Ty Pearman, Director, Access Architecture, Comcast
Wednesday, October 19, 1:00PM EDT
Securing a Virtual World
Rita Marty, Executive Director, Mobility and Cloud Security, Chief Security Office, AT&T
Friday, October 21, 1:00PM EDT
Security: Evolving the Data Center
Rasool Kareem Irfan, Head, Telecom & Infrastructure Security Practice, Tata Communications Transformation Services Ltd (TCTS)
in association with:
From The Founder
Light Reading today starts a new voyage as part of a larger Enterprise.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Documentaries
From Philly, With Love

9|30|16   |     |   (5) comments


Join Alan Breznick, cable's answer to the Italian Stallion, as he runs through the highlights of SCTE Cable-Tec Expo, lumbers along in Rocky Balboa's footsteps and searches for the perfect Philadelphia cheesesteak.
LRTV Interviews
CenturyLink: SD-WAN Customers Looking for Value Not Cost Savings

9|30|16   |   5:31   |   (0) comments


At NFV & Carrier SDN in Denver, CenturyLink's Eric Nowak told Light Reading that when customers launch SD-WAN, they aren't necessary looking to save money, but instead they are looking for more value from what they're spending. He also shared some unique case studies and lessons learned from launching SD-WAN services.
LRTV Custom TV
Flexible Deployment Approaches for the Gigabit Services Evolution

9|29|16   |     |   (0) comments


For many operators, the gigabit evolution begins with the shift from DOCSIS 3.0 to DOCSIS 3.1. But that move represents a change not only in the protocol itself, but in the approach to architecting their entire DOCSIS delivery chain -- from the headend to the outside plant and home gateway components.

Jonathan Ruff, senior director of global technical ...

LRTV Interviews
Level 3 VP: Enterprises Need More for Less

9|29|16   |   05:27   |   (0) comments


Andrew Dugan, Level 3 group vice president of global technology and IT, says enterprises need more bandwidth and they need it faster and with greater security, but they want to spend less, if possible. They are looking to carriers to reduce their network complexity and help protect them from cyberattacks as well.
LRTV Interviews
CenturyLink: SDN/NFV Pose New Interconnection Possibilities

9|28|16   |   04:37   |   (0) comments


Network operators should develop new APIs and business processes for reselling virtual assets to each other, says CenturyLink's Bill Walker. That will enable them to build digital business portfolios that help them avoid becoming commodity transport providers.
LRTV Interviews
Level 3: Overcoming Terror of Being Supplier, Integrator & Developer

9|28|16   |     |   (0) comments


At Light Reading's NFV & Carrier SDN event in Denver, Travis Ewert of Level 3 Communications said there is terror in becoming supplier, integrator and developer, but it can be overcome and be cost effective.
LRTV Custom TV
Introducing IoT World News

9|27|16   |   01:43   |   (0) comments


Self-driving cars, medical sensors, smart cities... and refrigerators. In order to address the huge scope of IoT, KNect365 has created a unique online community that will help businesses to understand and monetize the opportunities that live within the IoT market. We look forward to welcoming you to IoT World News -- your gateway to a better connected future.
LRTV Interviews
AT&T: Reusable Functions Next NFV Key

9|27|16   |   06:03   |   (0) comments


The next generation of NFV has to break functions down into reusable software chunks, making everything much more cloud-like.
LRTV Interviews
Masergy on Security: Attackers Gaining Upper Hand

9|27|16   |   5:10   |   (2) comments


At Light Reading's NFV & Carrier SDN event in Denver, Ray Watson, vice president of Global Technology at Masergy, says that because of the growth in virtualization, the threat landscape is shifting in favor of the attackers. As a result, service providers need to think beyond just defending the perimeter and take a more holistic approach to security.
LRTV Interviews
Verizon Takes Next Step on Biz Virtualization Journey

9|26|16   |   4:38   |   (2) comments


At September's NFV & Carrier SDN event in Denver, Light Reading sat down with Victoria Lonker, director of Product and New Business Innovation at Verizon, to chat about where the carrier is with delivering virtualized services to business customers.
LRTV Interviews
Global Services: The $40B Face-Off

9|26|16   |   05:53   |   (1) comment


More service providers than ever before are battling it out to win a slice of what is now a $40 billion global communications services pie, explains Ovum Principal Analyst David Molony.
LRTV Documentaries
MEC Congress: The Key Takeaways

9|22|16   |   03:25   |   (3) comments


Three key takeaways from the Mobile Edge Computing (MEC) Congress in Munich, Germany.
Upcoming Live Events
November 3, 2016, The Montcalm Marble Arch, London
November 30, 2016, The Westin Times Square, New York City
December 1, 2016, The Westin Times Square, New York, NY
December 6-8, 2016, The Westin Excelsior, Rome
May 16-17, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
Hot Topics
Eurobites: Telefónica Taps Juniper for Network Security
Paul Rainford, Assistant Editor, Europe, 9/26/2016
AT&T CEO Backs Black Lives Matter
Dan Jones, Mobile Editor, 9/30/2016
Powell Kills the Cable Show
Mari Silbey, Senior Editor, Cable/Video, 9/29/2016
Telstra Sees Quadrupled Data Capacity by 2020
Carol Wilson, Editor-at-large, 9/28/2016
From Philly, With Love
Alan Breznick, Cable/Video Practice Leader, Light Reading, 9/30/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Light Reading CEO Steve Saunders and UXP Systems CEO Gemini Waghmare discuss the strategic importance of digital identity for operators in the midst of transformation.
Join us for an in-depth interview between Steve Saunders of Light Reading and Alexis Black Bjorlin of Intel as they discuss the release of the company's Silicon Photonics platform, its performance, long-term prospects, customer expectations and much more.
Animals with Phones
There's Nothing Like Missing a Full Minute of Pokémon Go Click Here
Live Digital Audio

A vital part of increasing the number of women in comms is transforming the ways companies can support and empower women. While progressive company policies that support both men and women in achieving work-life balance are a step in the right direction, creating a company culture that supports those policies can at times be more challenging.

During this show, we'll talk to Lynn Comp, Senior Director of Industry and Sales Enabling (ISE) in the Network Platforms Group at Intel, about why those challenges exist and how companies can overcome them. She'll provide insight into how Intel has worked to create a culture that supports work-life balance, and provide steps and guidance for other companies wishing to do the same. We will also leave plenty of time to get your questions answered live on the air.