Apple's Airport Upgraded To 128-bit Encryption

ElecMoHwk writes: "Another fine upgrade from Mad Science Research Labs ... Apple's wireless Airport base station for 802.11 ethernet can be upgraded to 128-bit RC4 encryption. It's an easy fix, but priceless for the paranoid." This is really cool news. I never knew it was just a wireless card in a pretty box. Either way, it's still a cool way to do it. Where would I be without hardware hackers? Thanks, people! I look forward to more of Mad Science Research Labs' stuff in the future.

Sleepytime?

-

Emmet, what the HELL are you doing awake?? Go to bed!!

-

Re:Sleepytime?

[luckykaa]

What do you mean? Since when did geeks have any concept of such abstract ideas as "Night" and "Day"?

Anyway, real geeks just run xsleep as a background task.

Re:Apple's Airport.

[troc]

Wasn't really trying to be funny, just letting my mind wander whilst I wiped the coffee off my laptop :)

I know the recent Macs have shipped with various 9.0.x builds, it's just the recent 9.0.4 is out, no it isn't, I downloaded it, my software update doesn't see it, mine does, what update?, it's up,no it ain't, I've been having nothing but positive thoughs about that OS upgrade all day, confusion :)

Troc

Amen! Aviator rocks

[Booker]

Yep, I just got a pair of wireless cards from WebGear (the Aviator 2.4) because my wife was tired of dragging an ethernet cable around behind her laptop, and tired of waiting for me to wire the house. It works extremely well! Even with a DSL line behind it, it's transparent for all but the largest downloads.

I love it when I can spend $150 on geek toys and have my wife appreciate it! :) Of course, the biggest coup was installing the X10 light switch remote. The other night, she said "That's the best thing you've ever done!" I'm still trying to decide if that's a good thing... :-)

---

Re:RC4

[GoRK]

Key testing is going to take a while too over 1Mb/s which is the speed at which the WLAN authentication is done. :) Unless you capture a packet and try to decode it brute force. Either way, hope you have a few hundred years or a very large supercomputer.

I am curious to know what brand card you have. I haven't seen one that lists ESSID's! Please let me know. Thanks,

~GoRK

Re:RC4

[GoRK]

Well actually, what you have just described is three (maybe four) seperate attacks. First, you need the ESSID to talk on the WLAN before you can even authenticate. The ESSID is not too difficult to discover if you have physical access to another piece of equipment on the network (especially with the apple stuff), but if you have to crack it, it's similar to a password attack. Then you need the WEP keys for auth. The WEP keys are usually password protected in the configuration software, so unless you desolder the EEPROM and read the contents out, you will have yet another password to crack. Finally, after you are authenticated with WEP then you will have to break the stream cypher. Oh, and by the way, it's 2^128 keys not 128^2. Your number of keys falls short by about 3.4 x 10^38. And brute-forcing WEP is going to be a pair of 56 bit keys if you have to do that. Needless to say, your'e going to spend quite a while breaking into this one. And this is why wireless is more secure than wireline, even without stream encryption. Funny how banks seem to get really paranoid when we tell them that stream crypto isnt really necessary on their wireless links when they aren't requiring wireline crypto on their leased lines. Of course, explaining the whole mess to them usually gets me a nice sale of some 3DES routers :)

Re:Airport -- with 3Com or Cisco?

[wik]

The $60 is just for an PCMCIA controller that attaches to the ISA bus. You place a (separately purchased) WaveLAN PCMCIA card on there. You can find cheaper PCMCIA controllers that give you two or more slots, for instance the PC-700 (I forget the company name, but just search on buy.com) works great with Linux and a WaveLAN card for $50.

Re:Apple's Airport.

[Pope]

that the recent upgrade to MacOS 9.0.4 is to avoid hassles with the OS-9

I know you're trying to be funny, but my G4 shipped with 9.0.2, so it's a moot point.

Pope

Re:Cheapskate's Linux alternative

[hey!]

I'm pretty sure this will not thwart the NSA, but if you want to secure your SMB traffic from the other %99.9 of the population, you might just slap a cheap Linux box next to your Windows system, connect them via Ethernet, and install sslproxy. Then you can tunnel your Samba traffic with SSH

Actually, choosing a long random ESSID will probably thwart better 99.9% of the population, since without the ESSID you need to set up special receiver hardware and software to monitor all frequencies in the band simultaneously. Because of this, wireless is more secure in most environments than wired networks. I use OpenSSH over my cable modem connection because any idiot can set up packet sniffing software on a wire. However without the ESSID, you can't sniff packets off 802.11 just by having a compatible card. I doubt you could even sniff a single 802.11 packet without special hardware.

The remaining modicum of security you get by encrypting packet would only make sense if you were concerned about a determined enemy with considerable technical resources. In that case, you'd better have some pretty good physical security against black bag jobs too.

Article on HomeRF versus 802.11B standards

[Cy+Guy]

http://dailynews.yahoo.com/h/cn/20000406/tc/200004 06121.html

Intel's HomeRF standard only handles 2 Mbs, though they do make a business product that supports 802.11B. Article points out that this makes no sense for notebook users that would have to have seperate cards for work and home.

Re:Cheapskate's Linux alternative

[TurkishGeek]

I also have an extensive Aviator 2.4 setup at home.

If I were trying to hide my SMB traffic from the NSA, then I'd be out of luck without WEP, though ;-)

You can tunnel SMB over SSH between two Linux boxen. I understand your Windows system mounts the SMB shares directly from the Linux box, and since there are no SSH SMB clients for Windows easily available, you're right. In my setup, I have a Windows box upstairs which needs to access the Linux box downstairs, but there also happens to be a Linux box upstairs too. The Linux boxes are connected with a wireless link, and all SMB traffic is tunneled over SSH, with sslproxy. The connection between the Linux and Windows boxes is plain Ethernet, so no unencrypted SMB traffic goes over the wireless line.

I'm pretty sure this will not thwart the NSA, but if you want to secure your SMB traffic from the other %99.9 of the population, you might just slap a cheap Linux box next to your Windows system, connect them via Ethernet, and install sslproxy. Then you can tunnel your Samba traffic with SSH.

--

BluetoothCentral.com
A site for everything Bluetooth. Coming soon.

Do you need the base unit

[wowbagger]

I've been keeping my eyes on the Lucent cards - they seem reasonbly priced and they have a decent throughput. However, the base units are a little pricey.

Is it possible to just get two cards, put them in two computers, and link the two machines? In other words is the base unit needed for anything other than connection to the main network?

After all, I already have a Linux firewall machine on my network: adding a wireless NIC to it would be child's play.

Re:Do you need the base unit

[wik]

Yes, you can do this. The mode called 'ad-hoc' mode is available on Lucent cards (it's not an 802.11-compliant mode) and allows many machines to talk to each other directly, without the need for an access point/base station. I have personally tested it with up to 6 cards and it works like a charm. The setting is available simply as a little option in the driver (or checkbox in Windows). I don't think any other brands support 'ad-hoc networking.'

Wireless network how-to

[GHz]

There is a wireless network how-to that shows you how to hack Proxim Symphonys for a better antenna and higher power.

Re:RC4

[troc]

Well I assume it uses rolling codes, so unless you intercept the data, save it and decrypt it later on using your supercomputer, cluster or pet distributed client etc, the data will change too quickly for you to crack it (using current technology)

Encryption works as long as the data expires before the meantime to decrypt - i.e. if your data is sensitive for 10 years, make sure you use a key that'll take a minimum of >10 years to crack.

Troc

Apple's Airport.

[troc]

Cupertino, 5/4/00.

Apple today announced that despite the recent 'upgrade' by certain airlines, their Airport would still operate on the official 40bit system. Any systems attempting to land at the Airport with a 128bit airplane would be refused permission, even if they are painted a really cool pale blue colour.

"We are considering taking them to court over this one - after all, these new airlines look and feel just like our own so who is going to know which is the real one?" Steve Jobs was quoted as saying.

In other news, Apple have deniew rumours that the recent upgrade to MacOS 9.0.4 is to avoid hassles with the OS-9 trademark issue.

We also telephoned Steve Jobs to enquire about the recent Microsoft ruling but all we heard was insane giggling.

Re:Airport -- with 3Com or Cisco?

[.@.]

it uses SNMP though so other software should be usable. The author mentions that the Karlbridge software for Windows does everything right.

Not quite. The Karlbridge firmware is what Apple installed in the AirPort Base Stations. However, the Windows KarlBridge configurator cannot completely provision an AirPort Base Station. You cannot set up NAT or DHCP with it, and you cannot control the encryption modes.

The reason for this is: Apple (and the folks who made the KarlBridge) did some nasty stuff with the configuration. Yes, the base station responds to SNMP. However, the MIB tree via which the BS is configured is a set of 64 256-byte strings with shecksumming. To make matters worse, people are having to reverse-engineer how Apple mapped out those strings, and how the checksumming's being done.

I have been working on this for a while, as has a friend of mine (who I believe was linked to on the MSRL page against his wishes. That info is old and invalid -- people should not use it). There is working code that allows one to change most of the configuration options, but not NAT or DHCP, nor encryption. The reason for the problems with encryption is that Apple didn't follow the WEP standards, and has some unique algorithm for generating the WEP keys. They supposedly corrected this in v1.1 of the Base Station firmware, but I've yet to verify that.

Cheapskate's Linux alternative

[hey!]

I recently installed the Aviator 2.4 GHz card from WebGear. It's quite a bit slower (2 Mb/s signal rate, 1.5Mb/s) but has longer range (500 vs 100 ft) than WaveLAN. In any case it's cheaper than WaveLAN and very adequate for most purposes, especially Internet sharing.

The Aviator card is available in three different versions:

WebGear Aviator2.4
WebGear AviatorPRO
Raytheon Raylink

These are all the same card, but come with different drivers. I am using the Raytheon driver on my Windows laptop with the Aviator2.4 card. The Aviator 2.4 driver only supports peer to peer mode; The AviatorPRO and Raylink can talk to a wireless access point (basically an Ethernet to 802.11 bridge). Supposedly the AviatorPro is will do WEP, but since the Raylink driver doesn't support this yet, I doubt the AviatorPro does yet. The Linux driver does not support WEP IIRC. When it does, and the Windows version of the raytheon driver does, then you can have WEP too (the latest Linux WaveLAN driver DOES have WEP).

However, lack of driver level support is no big deal. First of all, it ain't easy to intercept spread spectrum communications unless you can guess the ESSID the stations are using, and even then it's not something for casual snoopers. Second, I personally use OpenSSH instead of telnet and you can forward your X using OpenSSH and get your choice of blowfish or triple DES. For windows boxes most of my sensitive web traffic goes over https if it isn't using SSH to a Unix box. If I were trying to hide my SMB traffic from the NSA, then I'd be out of luck without WEP, though ;-)

I set the cheap Aviator cards up with a linux box with IPChains and a new subnet and bingo -- I have a perfectly functional network that is highly secure when I need it to be. I got a pair of aviators with a ISA PC Cards for 169.95; this is the cheapest way to get a pair of them. Don't get your Linux drivers from WebGEAR, however. The driver is included in the latest pcmcia packages. I initially had a big headache getting this thing working with RH 6.1, but when I decided to upgrade to pcmcia-cs-3.0.14-22 the card configured itself cleanly and worked like a charm.

I suppose you could also set up your

Re:Airport -- with 3Com or Cisco?

[hawkbsd]

I'm using Lucent's Silver WaveLAN card with Apple's AirPort base on my FreeBSD laptop (IBM ThinkPad 600E). I don't know about the 3Com or Cisco cards, but the Silver WaveLAN was ~$150 from all the places I priced it. For $299 ($281 if you're at an .edu) and $150 for the card, it's a pretty good deal.

Airport -- with 3Com or Cisco?

[Caffeinated]

OK, so I want some wireless ethernet, but I don't have an Apple... the 3Com and Cisco wireless cards look pretty good, and not completely unreasonable at $250 each (see this article), but the "wireless hubs" cost over $1000 each!!! Does anyone know for sure if one of those swank Apple $300 Base Stations will work with a Cisco or 3Com wireless card?

- - - - -

Re:Airport -- with 3Com or Cisco?

[jsergent]

Buy the base station from Apple for $300 and then buy the cards from Lucent -- the WaveLAN (now Orinoco) cards are supported on lots of hardware and operating systems.

We've done this here at the office (used the Lucent cards with the WaveLAN) and it works great. You may need to use a Mac to configure the base station the way you want it -- it uses SNMP though so other software should be usable. The author mentions that the Karlbridge software for Windows does everything right. Else you can figure out what its default IP address is and use that (it's listed in the documentation somewhere, or maybe on http://til.info.apple.com/). Or get friendly with someone who owns a PowerBook... or bring the base station with you to some sort of public computing facility that has Macs on ethernet and use the Airport Admin Utility which is a free download from Apple's web site (you don't have to install the AirPort software; you can just unpack the archive and there is a copy of the admin utility there that you can run).

Other AirPort hacks...

[jsergent]

The other good thing to do to your base station is to get one of the Lucent range extenders and then drill another little hole in the case to run the wire in... you can get stronger range this way.

The things really do work awfully well. Very handy when setting up new headless machines for me to telnet into the console server from a laptop over the wireless net and then be able to carry around the console terminal if I need to go back to fiddle with the hardware... without losing my console session and having to continually connect back in.

One thing the author didn't quite explain is that there are more reasons than the lack of an integrated antenna that the AirPort cards will not work in machines other than late model Apple machines. The bus is weird. The AirPort card actually sits on an ATA bus!

One final interesting AirPort hint is that if you have an older Mac and want to use the Lucent card with it under MacOS, you can use the AirPort 1.1 software with it instead of the drivers Lucent provides, which seem to be shoddy in our experience here (they really mess up the system on MacOS 9 since it somehow manages to install the 68k version of the driver by mistake).