Skip Links

Wireless LAN attacks grow in sophistication

By , Network World
October 24, 2002 04:31 PM ET

Network World - It was a chilling moment: Jim Bowen, a security expert with Internet Security Systems of Atlanta, had tracked down an unidentified radio signal outside the building of a client.

Someone had set up an 802.11b access point near enough to be able to receive communications from wireless clients inside the building. Posing as an official access point on the corporate wireless LAN, this decoy could accept traffic that revealed key data, network names and media access control (MAC) addresses. In other words, a wealth of corporate information that, if passed onto a wireless laptop and a set of freeware tools, could let an outsider access resources on the wired LAN.

"This shows an increased level of sophistication in wireless threats," says Patrick Wheeler, an ISS product manager, who oversees software called Wireless Scanner, which can detect such decoys. "You have to work hard to set up something like this that close to the corporate environment."

During the past year, wireless LAN security threats have multiplied, according to users, vendors and consultants. There are more attack applications available, the applications are more sophisticated and highly automated and the weaknesses of various wireless hardware and software products are documented more extensively and precisely.

Attackers are continually updating freeware utilities and other programs for such things as automatically unscrambling the Wired Equivalent Privacy (WEP) encryption keys, which form the basic, although flawed, 802.11b security layer. These programs include WEPcrack and Airsnort. Other programs, such as kismet, pick up an access point's Service Set Identifier, which acts like a kind of password for clients to join the wireless LAN,

"It's definitely getting to the point where we need to move to [a VPN] for our wireless LAN," says Dennis Moul, director of IS for CoManage, a Wexford, Pa., carrier software vendor. A VPN would require each wireless user to authenticate, for example, via a Remote Authentication Dial-In User Service server, and then would encrypt or scramble the data moved between the wireless devices and the access point.

But even a VPN can be exploited in the wireless world. The decoy mentioned earlier is a variant of the so-called "man in the middle" attack, which lets an intruder glean network information about access points or client adapters, such as MAC addresses, and use this to impersonate already authenticated wireless LAN devices. One university network manager at a southeastern university recently invited an intrusion-detection vendor to demonstrate its product on campus. Within minutes, the manager witnessed two attempts at identity theft - using someone else's authenticated identity.

During the past year there has been an upsurge in Web sites, such as www.wigle.net (for Wireless Geographic Logging Engine), where anyone can upload readings from wireless detection programs such as NetStumbler, along with coordinates from a satellite-based geographic positioning system.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News