Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Apple's AirPort Base Station

Posted by pudge on from the newsflash-wireless-is-insecure dept.

inditek writes "At Stake has issued a security warning today about a vulnerability in Apple's AirPort Base Station: 'Apple's AirPort device is a wireless access point, providing 802.11 services to network clients. Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.'"

4 of 60 comments (clear)

  1. Strange by bobibleyboo · · Score: 5, Informative

    I wonder what promped them to release this. It is obvious that you could "sniff" the password for the airport since it uses clear text for the password. If this considered a security hole then linksys, dlink, belkin, cisco, 3com, asante, maxgate, netgear, samsung, unex and virtually every one else who makes wireless ap's has the same problem.

  2. not just wifi weaknesses - xor obfuscation by inditek · · Score: 2, Informative

    read the advisory, they just XOR stuff and it's easily reversible. other basestations aren't quite so lame. my submitted post got edited, and one should read the links first anyway.

  3. Er.. since when has WEP been "secure"? by skinfitz · · Score: 5, Informative

    From the article: Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.
    ...
    If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an anonymous attacker that can sniff the network can obtain administrative access to the AirPort. If WEP is enabled, then the attack is limited to WEP authenticated attackers.

    It is well known that WEP can quickly and easily be broken, so really what this is saying is that all Airport base stations that are administered are vulnerable, regardless of whether WEP is used or not

    Workaround: Only admin the Airport from a Mac connected directly to the cabled ethernet interface using a crossover cable until this issue is patched.

  4. Unimportant by birdman666 · · Score: 3, Informative

    This has nothing to do with the Airport device in specific. The same is true for any 802.11 device. If you're connecting to it not using WEP, then it's insecure. We know this. It's not an Apple thing.

    --

    Nothing from nowhere I'm no one at all