Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11 WiFi Denial of Service Exploit Discovered

Posted by simoniker on from the block-block-kick dept.

CRC'99 writes "The Queensland University of Technology has today announced yet another flaw in 802.11 products. AusCERT has the official statement, noting: 'An attacker using a low-powered, portable device such as an electronic PDA and a commonly available wireless networking card may cause significant disruption to all WLAN traffic within range, in a manner that makes identification and localisation of the attacker difficult.' Nice to know that a simple PDA could bring a WiFi network to its knees."

17 of 251 comments (clear)

  1. jammers? by tasinet · · Score: 5, Interesting

    weren't they called JAMMERS back in the nice radio-sharks times? Jam the 11 802.11 band frequencies and you have a "DoS" attack...

    1. Re:jammers? by Anonymous Coward · · Score: 1, Interesting

      The advisory gives reasons why simply jamming the wifi band is a much less likely attack: You're "easily" detectable and it requires special hardware.

    2. Re:jammers? by RollingThunder · · Score: 3, Interesting

      They do refer to that in the alert - that's what the "high powered saturation" method is.

      This sounds more subtle, working with the data side of the network and confusing the nodes, rather than just squashing the RF.

    3. Re:jammers? by mlush · · Score: 2, Interesting
      weren't they called JAMMERS back in the nice radio-sharks times? Jam the 11 802.11 band frequencies and you have a "DoS" attack...

      A jammer is pumping out a lot of power to swamp the radio frequences and would be trivial to trace (all you need is a directional antenna). This is more akin to poisoning a lake, you know something is wrong (all the dead fish are a clue), but tracking down the source of the poison is hard it could be anywhere in the lake. I one way to find the DoS would be to switching off the AP's but this would not work well in a public place with lots of people packing WiFi devices (say a university)

  2. No workaround... by Rico_za · · Score: 2, Interesting
    At this time a comprehensive solution, in the form of software or firmware upgrade, is not available for retrofit to existing devices. Fundamentally, the issue is inherent in the protocol implementation of IEEE 802.11 DSSS.

    This could be a huge problem. Let's say you have a business where you have high sales volumes at certain times, with these times determined by unknown external factors (like a stock broker). If your network is down at those critical times, you loose business and money. Now all your competition needs to do is take out your network during one of these critical times, and all your customers will turn to them.

  3. Why WiFi? by bcmm · · Score: 2, Interesting

    I've never quite understood WiFi.

    I know people who have dailup internet connections and two or three computers, none of them laptops, but still use wifi in preference to RJ-45. (In fact I know people who connect one fixed computer to it's dial-up with WiFi, cause RJ11 phone cable is ugly.)

    It's very fashionable, but doesn't seem to work very well. Everyone I know with a WiFi home network has had problems with it.

    That said, the idea of free connections in cafes would be cool if there where more of them...

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  4. Re:I wonder... by ezzzD55J · · Score: 3, Interesting
    And of course, how long it will take before the manufacturers will be having a firmware update for this. It seems that most firmware updates only add extra functionality to gain an edge over the competitors, but basic stuff like optimalisation is kind of a non-issue. I'm crossing my fingers this will be fixed shortly, but I'm having doubts about it.
    From the AUSCERT advisory:
    3. Workarounds/Mitigation

    At this time a comprehensive solution, in the form of software or
    firmware upgrade, is not available for retrofit to existing
    devices. Fundamentally, the issue is inherent in the protocol
    implementation of IEEE 802.11 DSSS.
    So it looks like firmware won't be able to stop it if it wants to implement the protocol correctly. There might be a grey area of course.

    Personally, I don't think it's a big deal, there are already plenty of ethernet- and ip-level DoS possibilities to worry about another one at the physical level.. The symptoms will be a bit more mysterious though.

  5. what's the news by tomreagan · · Score: 2, Interesting

    this just in...wireless networks are open to a range of attack vectors generally closed to wired networks...competitive interefence leads to signal degradation and loss of service...film at 11

    seriously, and i haven't even read the article yet, what could possibly be the news here. i'm imagining that, what, certain tiny packet sequences have a disproportionately large disruptive impact on the protocol by causing extended resets and delays? how is that any different from the recent tcp packet spoofing attacks except in free space?

    it would still be easier to get a big antenna and a transceiver and just blanket the spectrum.

    move along, nothing to see here.

  6. Probably obvious to the people who made protocol by Anonymous Coward · · Score: 1, Interesting

    Any CS course teaches that CSMA/CD only works because of binary exponential backoff ensuring that there isn't a continous stream of collisions. (Basic idea: once a collision occurs, transmitters will wait a random amount of time to retransmit to avoid a collision involving exactly the same transmitters) All you have to do to ensure guaranteed collisions is to have one bad player who 'doesn't backoff' The 'attack' probably just involves changing a '2' somewhre in the firmware to '1'. If they transmit continously, you have a DoS Note, I only know about the theoretical side of CSMA/CD, but as far I can see, its an ineherent flaw in communicating over shared broadcast channels.

  7. So you want to DOS a wifi ?? by pair-a-noyd · · Score: 4, Interesting

    Can you say, "cheap microwave oven" ???

    The cheaper, the better.

    Want to screw your neighbor over?
    take the cover off the oven and turn it on.
    Just don't be in the same room when you throw the switch, sort of like when the executioner lights up a prisoner in "Old Sparky"...

    Pick one up off the side of the road and then do a google site search on /. for HERF.....

    Have fun kiddies!!

  8. big f-n deal by P0lyh34) · · Score: 1, Interesting

    I can bring a cat 5 network down with one simple cable. Remember kids, hot to data! It should be noted that 460 3phase does signficant damage to networks and will arc about 1 inch to compleate the circut. :D

    --
    -Polyhead-
  9. It was an obvious problem by CastrTroy · · Score: 4, Interesting

    it's easy to flood a wireless network, when using colision avoidance, if you're the only one not playing by the rules, you can own the network. It's like being on a token ring, and editing your protocol stack, to never put new tokens on, once you get one, Nobody else gets to send. Any protocol can be broken if you have computers that don't follow the protocol.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  10. Seeing as how the 2.4GHz band is unregulated... by Anonymous Coward · · Score: 3, Interesting

    I can't imagine how this got on the front page. A regular 2.4GHz cordless phone is enough to take down a WiFi network. And if you're willing to go with a non-portable solution, a cheap microwave will quite easily act as an on-off switch for the whole network.

    I remember vacuum cleaners used to destroy TV reception, so I can't imagine they're good for wireless networking either. Any ideas?

    aQazaQa

  11. This affects WiFi phones by ewg · · Score: 2, Interesting

    This affects WiFi phones as well, based on the AusCERT description of the problem as targeting the physical layer. Good to know before deploying an IP telephony solutions that include a WiFi component.

    --
    org.slashdot.post.SignatureNotFoundException: ewg
  12. Re:Exactly how is this surprising? by dachshund · · Score: 4, Interesting
    A microwave oven can bring down a WiFi network. You could plug a 110 volt line into an Ethernet jack if you felt like it. All shared media networks require cooperation in order to run correctly.

    Because I can't carry a microwave around in my pocket, and it would require some significant source of electricity. This requires only a PDA, and presumably doesn't drain its batteries in a matter of seconds the way RF jamming would.

    Honestly, this isn't as useful an attack as some of the targeted ones (see a paper written by Bellardo and Savage) where you can knock a specific individual off the net (and then potentially reconnect them to your own "access point".) But it still has some advantages over brute-force jamming.

  13. This could be used for Good by 8400_RPM · · Score: 2, Interesting

    As a network admin, I would love to have several 802.11 jammers, and plant them all over the building. This would keep people from installing rouge wireless networks.

  14. Ad-Hoc mode DOS/Trojan by TheSync · · Score: 3, Interesting

    At a recent conference I worked, we provided 802.11b wireless Internet access. Lots of people were complaining about the conenction, so I fired up NetStumbler and noticed that there was an Ad-Hoc node on the same channel and same SSID as our AP.

    Evidently, a lot of the "automagic" features on laptops to find and connect to an AP decided to connect to the Ad-Hoc node (in Ad-Hoc mode, of course).

    Also I am really of the impression that the existence of an Ad-Hoc node on the same channel as an AP causes severe degredation of the channel throughput. Maybe someone can confirm/deny this.

    Anyway, I used my amateur radio transmitter hunting skills to track down the guy stuck on Ad-Hoc mode, including wrapping a cone of aluminum foil around my PCMCIA 802.11b card to give it some directionality. I finally found the guy, asked him to turn off his wireless card. He said he had no idea what Ad-Hoc mode was...

    By the way, this attack would be a killer way to distribute a virus at a trade show...I suppose someone could even have a trojan horse AP to do something like that as well.