Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Apple's AirPort Base Station

Posted by pudge on from the newsflash-wireless-is-insecure dept.

inditek writes "At Stake has issued a security warning today about a vulnerability in Apple's AirPort Base Station: 'Apple's AirPort device is a wireless access point, providing 802.11 services to network clients. Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.'"

10 of 60 comments (clear)

  1. Re:Not really a big problem. by Electrum · · Score: 3, Insightful

    Besides if you're using a switch instead of a stupid hub they can't sniff you anyway.

    You'd like to think that, wouldn't you? arpspoof from the dsniff package lets you sniff on a switched network. So does ettercap.

  2. duh by trouser · · Score: 5, Insightful

    I think what they're saying is that the Airport base station, which is an 802.11 base station, has exactly the same security vulnerability as an 802.11 base station.

    This is very old news.

    --
    Now wash your hands.
    1. Re:duh by Lizard_King · · Score: 3, Insightful

      uhhh... not exactly. If you read the article, you'll notice that they've discovered the obfuscation technique that the Airport uses to scramble it's administrative passwords. Quite interesting if you're keeping tabs on the different techniques between access points.

      True, you'll actually have to read the article to discover what the "News" is here, but it's a practice that I recommend.

      --
      "My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
  3. Strange by bobibleyboo · · Score: 5, Informative

    I wonder what promped them to release this. It is obvious that you could "sniff" the password for the airport since it uses clear text for the password. If this considered a security hole then linksys, dlink, belkin, cisco, 3com, asante, maxgate, netgear, samsung, unex and virtually every one else who makes wireless ap's has the same problem.

  4. Re:Not really a big problem. by skinfitz · · Score: 3, Insightful

    However, I stand by the fact that airport is intended for home use where the exploit isn't much of a risk anyway.

    Really? A device designed to support 50 computers simultaneously designed only for home use. You better tell that to all of the business and academic users quick - or are they all using the "other" version of the Airport?

  5. Er.. since when has WEP been "secure"? by skinfitz · · Score: 5, Informative

    From the article: Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.
    ...
    If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an anonymous attacker that can sniff the network can obtain administrative access to the AirPort. If WEP is enabled, then the attack is limited to WEP authenticated attackers.

    It is well known that WEP can quickly and easily be broken, so really what this is saying is that all Airport base stations that are administered are vulnerable, regardless of whether WEP is used or not

    Workaround: Only admin the Airport from a Mac connected directly to the cabled ethernet interface using a crossover cable until this issue is patched.

  6. Re:Er.. since when has WEP been "secure"? by Anonymous Coward · · Score: 3, Interesting

    Yeah, WEP isn't secure, but even without WEP some access points take some efforts to make the admin access a little less easy to get, since it's just hanging out out there.

    The point of the security advisory is that this access point's efforts in that realm are really silly and make it worse than the other access points. None of them are really "secure." The part you quoted seems to allude or infer that some are, and that's kind of dumb of them to say - but you're getting distracted from the point.

  7. Re:Er.. since when has WEP been "secure"? by Stigmata669 · · Score: 4, Insightful
    There is a common misconception that WEP is "quickly and easily broken" because there are several open source projects that work on a weakness in the RC-4 key scheduling.

    What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.

    WEP is perfectly secure for a standard network, and anyone who is willing to spend 100 hours standing in my driveway just for access to a network on which everything else is passworded is simply insane.

    Anyone who acts like WEP is worthless is simply misinformed.

    --
    Yawn.
  8. Unimportant by birdman666 · · Score: 3, Informative

    This has nothing to do with the Airport device in specific. The same is true for any 802.11 device. If you're connecting to it not using WEP, then it's insecure. We know this. It's not an Apple thing.

    --

    Nothing from nowhere I'm no one at all
  9. Re:Er.. since when has WEP been "secure"? by mrpuffypants · · Score: 3, Funny

    I'd hit em with my car....that'll stop script kiddies on their iBook!