Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Wireless security starts with drivers

Little considered, but wireless drivers are now a major vulnerability.

Article comments

Wireless network card drivers have been under attack since the Black Hat USA 2006 conference, and nearly every super-popular driver now appears vulnerable. Security researchers David Maynor and Jon Ellch started things off by targeting an Apple MacBook's wireless driver at the August show, and hackers' interest in the new attack vector was quickly piqued.

Intel Centrino wireless drivers were among the first to fall , tumbling in July of this year. On November 11, hacker Johnny Cache reported a stack-based buffer overflow in the widely used Broadcom wireless driver. Broadcom drivers are used in Cisco, Linksys, and Dell wireless NICs.

Netgear wireless devices were found vulnerable just last week, and D-link wireless drivers are also exploitable . We're talking tens of millions of exploitable desktop computers, laptops, and other wireless devices.

Proof-of-concept exploit code abounds. Metasploit released at least two exploit code modules (for Netgear and Broadcom), and others are cropping up all around the Internet. Most exploit code currently works against Microsoft Windows or Mac OS X, but exploit code writers note that Linux and FreeBSD systems are just as likely to be exploitable.

Even though I have no specific information to back up my postulations, I'm speculating that many more wireless drivers will fall in the coming months. If I was a network system administrator, I would assume that unless my wireless vendor told me different, my wireless driver is not safe.

And because wireless drivers usually run in the system or root security contexts, a malicious attacker may remotely execute arbitrary code on a vulnerable computer. You can be walking around with your laptop in a hotel lobby or airport and get completely owned.

Initially, I thought it would be hard to worm this type of exploit, but upon further reflection, a remote wireless attack is ripe for automated exploitation. The first attacker could manually infect the first wireless victim, and let the worm search for new victims from there.

It gets worse: Most laptops come with their wireless cards enabled, even if they aren't used. Unbeknownst to you, your laptop could be sending out its wireless broadcast signal. A hacker scans the airwaves to find victims: In most cases, even without special antennas or other signal boosters, they need only be within 120 feet of your laptop's physical location to compromise it.

I was recently on an US Air Force base scanning for unauthorised wireless access points. Every laptop I saw had a broadcasting Centrino chipset, even though the base's policy disallowed wireless connections. If you don't need wireless connectivity with an embedded chipset, make sure you disable it in the BIOS.

It's true that affected wireless card vendors responded relatively quickly to the exploits and introduced updated drivers without the previous buffer overflows. Most vendors, however, haven't made the drivers overly easy to find, although that is changing. Click these links to find the new drivers for Dell , Intel , and Linksys .

My gut feeling tells me that this round of wireless exploits won't be the next Slammer or Code Red, but who wants to be exploited by some jerk or professional criminal while computing in an airport or using a laptop in your own building? It's better to get patched.

Take an inventory of all your wireless devices: wireless access points, wireless PCMCIA cards, built-in wireless chipsets, etc. Find out the driver version numbers or dates, and then search the related vendor's Web site to make sure every device has the most up to date patch available.

It's a lot of new work, I know. Patching your wireless drivers probably isn't your number one security priority, but don't let it slip off the radar.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *