Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hacker conference shows WiFi woes

A good place to learn about the problems.

Article comments

This year's DEFCON was a lively one for wireless security. Probably the most significant event in the wireless realm was Johnny "Cache" Ellch's and David Maynor's presentation on wireless driver vulnerabilities. This talk was presented at Blackhat by the duo a couple of days earlier.

For those who were skeptical about what a vulnerability in a wireless driver can allow, the demonstration proved to be an eye opener. In the demonstration Maynor was able to infiltrate a MacBook at the kernel level and easily take control of the system. Hackers can exploit this vulnerability to remotely execute malicious code on target machines and devices. More importantly, this can put corporate assets directly at risk as attackers can then obtain access to critical network information and confidential data.

Another interesting set of vulnerabilities that was released at the conference involved PocketPC phones and MMS (Multimedia Messaging Service) messages. According to Collin Mulliner of the Trifinite group, PocketPC phones not only are able to receive MMS messages on their cellular interfaces, but over their 802.11 interfaces as well.

This enables attackers to craft their own MMS messages and bypass any sanitising that the cellular carrier would normally perform on them. By doing this an attacker can overflow certain message headers, allowing them to take control of an affected device (Mulliner's slides).

In addition to the vulnerabilities that were disclosed, some wireless tools were released as well. Researchers from the University of Colorado released the Zulu tool to make injecting arbitrary 802.11 frames easier.

In concept it's very similar to hping, which allows a user to create arbitrary IP datagrams. Also, the Church of WiFi debuted a new version of coWPAtty that can crack WPA2-PSK and several Linksys WRT54G based wardriving platforms created by its members.

Finally on a fun note, there was Rick Hill's presentation on what is arguably the most efficient way to find a large number of wireless networks quickly. Was it Warflying? No, but it's pretty close. Hill showed the crowd how to scan an area for wireless networks by launching a rocket loaded with 802.11 equipment to an altitude of 1.5 miles. At that altitude the rocket has visibility to networks over a 50 square mile area. Unfortunately due to the remoteness of the launch site, only a small number of APs were discovered. However, Hill noted that he was able to discover APs that he didn't pick up when scanning from the ground.

That all being said, the release of new wireless vulnerabilities and tools definitely made for an interesting DEFCON this year.

Andrew Lockhart is lead security analyst at Network Chemistry, security book author, and author of Snort-Wireless, an open source project adding wireless intrusion detection to Snort. He is also an editorial board member of the WVE. This column appeared in Network World.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *