Light Reading

Users Eye New 802.11 Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
8/11/2006
50%
50%

Some of the underlying 802.11 security issues revealed at the recent Black Hat security show have led some experts to recommend that users turn off their WiFi radios when not in use.

A presentation by Jon Ellch and David Maynor showed a video demo of a hack using the underlying wireless drivers to quickly access a Mac computer, although the attack also works against Windows machines. (See Intel's Centrino Vulnerability.) The two researchers demonstrated how wireless drivers could establish a connection and seize control of a laptop, even if the laptop was not associated with any WiFi access point. The two-step demonstration forced the victim's notebook to establish a connection to the hacker's PC, and seized control of the laptop once the connection was established.

This exploit could potentially allow attackers to commandeer anyone's laptop -- as long as a wireless capability is installed and enabled. The demo has renewed enterprise concerns about the security fitness of 802.11 once again.

Roger Cass, CTO at healthcare firm MediSync, says he will take a number of measures to protect against the threat. "Our first step would be to caution our laptop users to leave their radios off unless they are actively using them," he tells Unstrung. "Next would be to avoid using hotspots unless necessary."

"Lastly, we would have to wait for driver fixes from the radio manufacturers. Since this was a hot topic, I imagine some patches will be forthcoming. The key is to find the updated drivers and install them," Cass said.

Third-party WiFi security companies such as AirTight Networks Inc. and Network Chemistry Inc. have already piped up to say that their products protect against the hack.

The key danger, however, is likely to be a lack of user awareness about when their WiFi radio is actually enabled. Often, many users simply do not realize that they are connected via WiFi -- either in the office or in a public space. (See Five WiFi VOIP Security Issues .)

— Dan Jones, Site Editor, Unstrung

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
alockhart
50%
50%
alockhart,
User Rank: Light Beer
12/5/2012 | 3:44:53 AM
re: Users Eye New 802.11 Security Issues
It should be noted that these vulnerabilities are caused by poor coding and/or testing in the drivers for wireless cards from Intel and Apple. To put the risk into perspective, at DEFCON, over 60 percent of the wireless devices detected were from these two vendors. However, these types of issues have a much broader reach and likely affect more than just Intel and Apple.

These latest examples of vulnerabilities in wireless cards reflect a growing trend of vulnerabilities being found in the wireless client packages and drivers. Prior examples have been recognized and documented by the Wireless Vulnerabilities and Exploits project (www.wirelessve.org). Earlier this year an integer overflow was discovered in FreeBSDGÇÖs 802.11 stack (WVE-2006-0004). Additionally, both Linux and Windows have driver and other low-level disclosure vulnerabilities that can reveal the contents of a systemGÇÖs memory to remote attackers (WVE-2006-0005, WVE-2006-0047, and WVE-2006-0043).
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Custom TV
Razorsight Expert's Advice on Real-Time Analytics

11|27|14   |   1:43   |   (0) comments


Razorsight's powerful cloud-based Predictive Analytics solutions are used by the world's leading communications and media brands to drive smarter decisions, enable faster actions and optimize outcomes. Get expert advice.
LRTV Interviews
From 4G to 5G: Alcatel-Lucent's Dave Geary

11|25|14   |   09:09   |   (1) comment


Dave Geary, President of Wireless at Alcatel-Lucent, talks about the evolution of the 4G market, small cells, partnerships, 5G and the IoT.
LRTV Huawei Video Resource Center
Building a Secure Telefonica Network With Huawei's High-End Firewall

11|24|14   |   4:37   |   (0) comments


Andrew Davies, IP architect of the Telefonica, a leading digital communications company, discusses the Huawei security gateway solution and putting the solution into the testbed.
LRTV Huawei Video Resource Center
Huawei Partners with Spirent to Verify CE12816's 10GE Port & TRILL Networking Capabilities

11|24|14   |   2:50   |   (0) comments


Spirent Communications is the world's leading supplier for telecom testing appliances and solutions. Spirent has been in a close partnership with Huawei for a long time.
LRTV Huawei Video Resource Center
Saudi Airlines & Its ICT Transformation

11|24|14   |   2:07   |   (0) comments


In this video, Saudi Airlines discusses its network problems and how Huawei's Agile Network is its all-in-one solution.
LRTV Huawei Video Resource Center
Huawei's Agile Switch Benefiting Saudi Arabia's Yamamah Hospital

11|24|14   |   2:40   |   (0) comments


Saudi Arabia's Yamamah Hospital speaks about how Huawei's Agile Switch has improved the medical service's network infrastructure.
LRTV Huawei Video Resource Center
FanPlay & Huawei Build a Wireless Agile Smart Stadium

11|24|14   |   2:13   |   (0) comments


FanPlay is a cloud-based white label service, which is effectively a football fan engagement platform underpinned by mobile payment technology.
LRTV Huawei Video Resource Center
Building an Agile Stadium

11|24|14   |   3:54   |   (0) comments


Stadiums may be thousands of tons of concrete and steel, but they now need to be agile. Being at the stadium may not be as alluring as it once was. Sports franchises and stadium operators discuss how to get fans back.
LRTV Huawei Video Resource Center
Huawei Helps ChinaCache Tackle Challenges in the Internet Industry

11|24|14   |   3:09   |   (0) comments


ChinaCache is China's largest content distribution network supplier. Huawei's CE12800 has provided ChinaCache with very strong support in its establishment of an infrastructure network.
LRTV Huawei Video Resource Center
Cefinity on Managed Security Services & Next-Generation Firewall

11|24|14   |   7:05   |   (0) comments


Cefinity is a cloud management service provider in Southeast Asia. Ivan Zhang, CEO of the company, discusses the implementation of security service management in the cloud era.
LRTV Huawei Video Resource Center
Huawei's Agile Gateway in the Eyes of Cefinity

11|24|14   |   2:11   |   (0) comments


Cefinity is a managed service provider for enterprise networks. The company currently uses Huawei's AR series routers for the most complete range of functions. CEO Ivan Zhang speaks about the advantages of the AR series routers.
LRTV Huawei Video Resource Center
CTO of Bus-Online Talks About Huawei's Agile Gateway

11|24|14   |   2:53   |   (0) comments


Bus-Online covers around 100 million users everyday. In addition to providing mobile TV, and advertising services to the public, Bus-Online has also entered the field of mobile Internet.
Upcoming Live Events
December 2, 2014, New York City
December 3, 2014, New York City
December 8-10, 2014, Reykjavik, Iceland
February 10, 2015, Atlanta, GA
April 14, 2015, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
Irish Telecom outlines the rise of VoIP technology, including its adoption within businesses and their perception of its quality.
Hot Topics
Net Neutrality Even Mark Cuban Could Love
Mitch Wagner, West Coast Bureau Chief, Light Reading, 11/26/2014
Eurobites: Net Neutrality Battle Looms
Paul Rainford, Assistant Editor, Europe, 11/27/2014
Why 5G Is a Different Beast
Robert Clark, 11/26/2014
New Juniper CEO Can Be Thankful for $14.5M
Mitch Wagner, West Coast Bureau Chief, Light Reading, 11/25/2014
Amazon Eyes Ad-Supported Video – NY Post
Mari Silbey, Independent Technology Editor, 11/25/2014
Like Us on Facebook
Twitter Feed