Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Apple's AirPort Base Station

Posted by pudge on from the newsflash-wireless-is-insecure dept.

inditek writes "At Stake has issued a security warning today about a vulnerability in Apple's AirPort Base Station: 'Apple's AirPort device is a wireless access point, providing 802.11 services to network clients. Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.'"

8 of 60 comments (clear)

  1. Re:Not really a big problem. by Electrum · · Score: 3, Insightful

    Besides if you're using a switch instead of a stupid hub they can't sniff you anyway.

    You'd like to think that, wouldn't you? arpspoof from the dsniff package lets you sniff on a switched network. So does ettercap.

  2. duh by trouser · · Score: 5, Insightful

    I think what they're saying is that the Airport base station, which is an 802.11 base station, has exactly the same security vulnerability as an 802.11 base station.

    This is very old news.

    --
    Now wash your hands.
    1. Re:duh by Lizard_King · · Score: 3, Insightful

      uhhh... not exactly. If you read the article, you'll notice that they've discovered the obfuscation technique that the Airport uses to scramble it's administrative passwords. Quite interesting if you're keeping tabs on the different techniques between access points.

      True, you'll actually have to read the article to discover what the "News" is here, but it's a practice that I recommend.

      --
      "My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
  3. Re:Not really a big problem. by skinfitz · · Score: 3, Insightful

    However, I stand by the fact that airport is intended for home use where the exploit isn't much of a risk anyway.

    Really? A device designed to support 50 computers simultaneously designed only for home use. You better tell that to all of the business and academic users quick - or are they all using the "other" version of the Airport?

  4. turn off encryption and its a flaw - well blow me by zenst · · Score: 2, Insightful

    Is this seriously copnsidered a flaw given that most remote managed access points can be explioted in such a way - hmmm any network tbh. be it snmp or hidden udp ports for administration there there and can be found.

    --
    Nothing new to see here move along
    --

  5. Re:Er.. since when has WEP been "secure"? by Stigmata669 · · Score: 4, Insightful
    There is a common misconception that WEP is "quickly and easily broken" because there are several open source projects that work on a weakness in the RC-4 key scheduling.

    What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.

    WEP is perfectly secure for a standard network, and anyone who is willing to spend 100 hours standing in my driveway just for access to a network on which everything else is passworded is simply insane.

    Anyone who acts like WEP is worthless is simply misinformed.

    --
    Yawn.
  6. well, duh. by option8 · · Score: 2, Insightful

    from the post (not having bothered to read the article, as it seems there's no point...): ...administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort (emphasis mine)

    well, big frickin' duh, if you'll pardon my french.

    if i administrate any computer or for that matter any access point via an insecure connection or any connection that can be sniffed by an intruder well, no doubt it can be compromised!

    why is this news? why, more specifically is this apple news?

    why not create a new /. section - commonsense.slashdot.org - to address these kinds of posts.

    --
    - Entertaining Bits from the Ancient Kernel Tree
  7. Re:Not really a big problem. by Trurl's+Machine · · Score: 2, Insightful

    Considering most Airports are at home.

    My Graphite Airport Base Station is in my house. I still get the range when I'm about 50 meters from the building (yes, I did the ultimate nerdish test, walking around the property with an iBook and iChatting with a friend to see if I loose him). Unfortunately, this means that I would also catch Airport on the neighboring properties. Now, I'm not that much afraid of malicious hacker parking a big black van in front of my house, but actually if some neighbor kid would turn out to be a script kiddie, I'd be a dead duck.