It appears that every two steps forward are followed by at least one step backward. So it is with WLAN security, as clever security researchers said they have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. David Maynor and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, CA, will demonstrate the flaw at the upcoming Black Hat USA 2006 conference.
Maynor and Ellch "fuzzed" various wireless cards-- hacker slang for throwing a lot of wireless packets at the cards. This can cause programs to fail or run unauthorized software. They were able to access a laptop through a wireless device. "You don't have to necessarily be connected for these device driver flaws to come into play," Ellch said. "Just because your wireless card is on and looking for a network could be enough."
For more ion the latest WLAN security problem
- read Robert McMillan's NetworkWorld report [1]
- and Peter Judge's ZDNet UK report [2]
For more about the Black Hat event
- check out the event's Web site [3]
PLUS:This is an opportune time for the National Institute for Standards and Technology (NIST) to issue its draft guide for 802.11i-based WLAN security. Report [4]
Links:
[1] http://www.networkworld.com/news/2006/062206-black-hat-researchers-use-wi-fi.html
[2] http://news.zdnet.co.uk/communications/0,39020336,39277241,00.htm
[3] http://www.blackhat.com/html/bh-link/briefings.html
[4] http://www.networkworld.com/weblogs/wireless/012837.html