- Steve Jobs is a man of a few words
- Internet routing blasts into space
- 15 free downloads to pep up your old PC
- IBM smartphone software translates 11 languages
- New attack fells Internet Explorer
Joanie Wexler looks at how enterprises can take advantage of wireless LANs and WANs.
Along with the potential performance and coverage benefits of 802.11n come a few new security risks, says industry security guru Joshua Wright. Wright presented a Webinar last week that outlined several new vulnerabilities that high-speed 802.11n networks introduce.
Wright, who has spent a decade ferreting out wireless security attacks (Compare WLAN Security products), is an instructor for the SANS Institute, an information technology watchdog organization that offers information security training, certification and information resources. He’s also a senior security researcher at Aruba Networks.
Here are a few 802.11n vulnerabilities he highlighted:
* Wireless intrusion detection system (WIDS) gap.
If using channel bonding to transmit across 40MHz channels (recommended primarily for the channel-abundant 5GHz band), it
will take WIDSs twice as long to scan the frequencies for malicious patterns as it did to scan earlier 20MHz channels. The
situation effectively doubles the time a hacker has to penetrate a given frequency until the scanner makes its way around
to that frequency again – from about 4 seconds to about 8 seconds, Wright says.
Viewed another way, in a 20MHz channel, an attack must last about 4 seconds to be detected; in a 40MHz channel, it has to last 8 seconds. What kind of attack could be mounted in 4 to 8 seconds? “Mostly driver exploits [see below], which are 1- or 2-packet attacks,” says Wright.
* Driver exploits.
Wright says there is “lots of vulnerable code out there driven by the [industry] frenzy to get 802.11n into the hands of users.
When you have a driver vulnerability, a hacker can gain administrative access.”
Of possible help here is a free tool from Aruba called the WiFi Driver Enumerator (WiFiDEnum). Using a database of known wireless vulnerabilities, WiFiDEnum assesses the versions of installed drivers and produces a vulnerability report, identifying systems and specific drivers that are at risk to wireless driver exploit attacks.
* No protection yet for “block” acknowledgements (ACK).
IEEE 802.11n introduces a mechanism to acknowledge a block of packets, instead of individual packets, identified by a beginning
and ending sequence identifier. “This block ACK mechanism is not protected; any attacker can spoof one of these messages and
create an obscenely large window within which frames can be sent with no ACK,” thereby creating an 802.11n denial-of-service
vulnerability, says Wright. At this juncture, “There is no fix for this mechanism,” he says.
Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.
Comments (8)
Risks - But what's their impact...By Anonymous on July 16, 2008, 10:12 amWith all technologies, there are associated security risks, no question there. The real question is what's the threat level. I too listened in Joshua Wright's...
Reply | Read entire comment
Don't sensationalize non-issues!By Anon on July 16, 2008, 2:38 pm1. If the company is worth 2 pennies, they can figure out detecting 40Mhz shouldn't have to take twice the time! 2. Please provide proof of driver vulnerability....
Reply | Read entire comment
Follow-up on issues reportedBy joswr1ght on July 16, 2008, 3:20 pmThanks for the comments, I appreciate the chance to follow-up. It's hard to get many long hours of research into a 40-minute presentation, so my apologies if I...
Reply | Read entire comment
Impact of 802.11n RisksBy joswr1ght on July 16, 2008, 3:28 pmAnother great set of comments, and I thank this poster for his insight. He/She makes a great point in that I did not spend a lot of time helping listeners apply...
Reply | Read entire comment
Interesting, but wanted more ...By psiphon on July 16, 2008, 4:29 pmAs usual, your article was very informative. I only wish that it were a bit longer. I felt like it lacked a conclusion and I would have liked to have seen more...
Reply | Read entire comment
Doesn't Joshua work for a Wi-Fi vendor?By Anon on July 16, 2008, 11:44 pmJoanie : Did you accidentally leave out the fact that Joshua works for a Wi-Fi vendor?
Reply | Read entire comment
View all comments