DEFCON 16 presentation: Tricking Cisco WLAN APs into committing suicide

According to the wireless security researchers at AirTight Networks, this Saturday, August 9th at 4:30PM in the Riviera Las Vegas, they will be sharing with DEFCON 16 their findings about self destructive behavior spotted in select open source and commercial wireless LAN Access Points.

Below is a sneak peek at what the presentation will cover, in AirTight's own words:

An autoimmune disorder is a condition that occurs when the immune system mistakenly attacks and destroys healthy body tissue.

This presentation is about discovery of autoimmunity disorder in select open source and commercial 802.11 AP implementations.

By sending specially crafted packets, it is possible to trigger autoimmunity disorder and cause AP to turn hostile against its own clients.

Eight examples of autoimmune disorder will be demonstrated.

Autoimmunity disorder can be exploited to craft new DoS attacks.

Although 802.11w promises immunity from DoS attacks, we show that autoimmunity disorder leaves a door open through which DoS attacks can still be launched.

One example of DoS attack against MFP(11w) will be demonstrated.

Similarities between biological systems and security systems have been known for years.

Both systems are known to possess some degree of attack resistance (self defense) capability.

An autoimmune disorder is a condition that occurs when the immune system mistakenly starts attacking and destroying healthy body cells.

This suicidal tendency is known to exist in biological systems.

We spotted similar self destructive behavior in WLAN Systems.

An attacker only needs to inject a stimulus to trigger self destructive behavior.

The rest of the damage is inflicted by the AP upon its own clients.

During the presentation we’ll show an example stimulus packet which will cause a select set of WLAN APs to turn against their own clients.

This attack exploits implementation bugs (not protocol flaws) in select open source and commercial WLAN APs.

We’ll demonstrate eight additional examples.

These attacks do not make WLANs any more vulnerable than they already are – except that they cause destruction by triggering suicidal tendencies imbedded in faulty software code of WLAN APs.

Cisco’s self defending WLAN network implement Management Frame Protection (MFP).

MFP capability is supposed to make Cisco WLAN networks attack resistant.

We’ll show an example stimulus packet which will turn a Cisco self defending WLAN AP into a self destructing WLAN AP!

Security software is very hard to get right until extreme care is taken in designing and coding it correctly.

View more information about this DEFCON 16 presentation.

Do YOU believe it's possible that a Cisco self defending WLAN AP can be turned into a suicidal self-destructing WLAN AP?

http://www.BradReese.Com

Search 49,398 current Cisco Job openings worldwide.

	Is Juniper working on a major re-launch of their WAN acceleration platform?
	Motorola: Global video on demand subscribers could grow from 58M in 2007 to 165M in 2011
	F5 Networks: Viprion high end modular switches continue to see robust demand
	CCIE water cooler gossip: 55% of all new CCIEs are coming from the Pacific Rim
	40 million credit and debit card numbers stolen: What could have prevented this theft?
	Brad Reese on Cisco Story Archives

• Cisco
• LANs / WANs
• VoIP / Convergence
• Wireless / Mobile
• Attack exploits
• Management Frame Protection (MFP)
• Turn a Cisco self defending WLAN AP into a self destructing WLAN AP
• Wireless security researchers at AirTight Networks