New flaw takes Wi-Fi off the air
By Patrick Gray, Security Focus (drew.cullen@theregister.co.uk)
Published Thursday 13th May 2004 21:29 GMT
<http://www.theregister.co.uk/2004/05/13/wifi_security_flaw/>
A newly-discovered vulnerability in the 802.11 wireless standard allows
attackers to jam wireless networks within a radius of one kilometre using
off-the-shelf equipment.
Affecting various hardware implementations of the IEEE 802.11 wireless
networking standard - including widely used 802.11b devices - the flaw was
found in the collision avoidance routines used to prevent multiple devices
from transmitting at the same moment.
"When under attack, the device behaves as if the channel is always busy,
preventing the transmission of any data over the wireless network," a
security advisory (http://www.auscert.org.au/render.html?it=4091) released
by AusCERT reads.
The weakness allows miscreants to take down networks within five seconds,
according to researchers at Australia's Queensland University of
Technology's Information Security Research Centre (ISRC), which discovered
the vulnerability.
ISRC's leader of network and systems security research, Associate Professor
Mark Looi, whose PhD students, Christian Wullems, Kevin Tham and Jason
Smith discovered the flaw, said any organization that relies heavily on
wireless infrastructure should take the threat seriously.
"Anyone who's relying on the availability of a wireless network should
really consider that their wireless network can be knocked offline at any
time," said Looi. "They need to very seriously evaluate that network and
decide if it's possible to move away from wireless technology."
While previous denial of service attacks against wireless networks have
required specialised hardware and relied on high-power antennas, the new
attack will make knocking a wireless network off the air an option for a
"semi-skilled" attacker using standard hardware.
"An attacker using a low-powered, portable device such as an electronic PDA
and a commonly available wireless networking card may cause significant
disruption to all WLAN traffic within range, in a manner that makes
identification... of the attacker difficult," The AusCERT advisory read.
Because the flaw is in the 802.11 protocol itself, the vulnerability cannot
be mitigated through the use of software or encryption schemes. Replacing
wireless devices with those not affected by the flaw seems the only option,
said Looi.
"Mitigation strategies are few and far between," Looi said "Organisations
could deploy wireless networks that don't use this technology, [but] it
will be a very expensive exercise."
The flaw is only present in devices using a Direct Sequence Spread Spectrum
(DSSS) physical layer, including IEEE 802.11, 802.11b and 802.11g wireless
devices operating at low speed. 802.11a and 802.11g wireless devices
configured to operate at speeds above 20Mbps are not affected by the glitch,
AusCERT senior security analyst Jamie Gillespie does not anticipate the
wide exploitation of the vulnerability.
"For the average corporate user, we're not expecting to see ongoing denial
of service attacks. However, if you have remote equipment that is only
connected through wireless it is possible that the connection could be
disrupted," Gillespie said. "Some critical infrastructure providers may not
deploy wireless... but if any do then they should be looking at mitigation
strategies."
The lack of a "measurable result" during an attack is likely to render the
average attacker bored, Gillespie added.
Unlike flaws discovered in the WEP encryption scheme, the newly-disclosed
vulnerability will not allow an attacker to snoop on network communications.
The ISRC findings will be presented to the Institute of Electrical and
Electronic Engineers (IEEE) Wireless Telecommunication Symposium in
California on Friday.
Archives at: <http://Wireless.Com/Dewayne-Net>
Weblog at: <http://weblog.warpspeed.com>
