Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11 WiFi Denial of Service Exploit Discovered

Posted by simoniker on from the block-block-kick dept.

CRC'99 writes "The Queensland University of Technology has today announced yet another flaw in 802.11 products. AusCERT has the official statement, noting: 'An attacker using a low-powered, portable device such as an electronic PDA and a commonly available wireless networking card may cause significant disruption to all WLAN traffic within range, in a manner that makes identification and localisation of the attacker difficult.' Nice to know that a simple PDA could bring a WiFi network to its knees."

8 of 251 comments (clear)

  1. jammers? by tasinet · · Score: 5, Interesting

    weren't they called JAMMERS back in the nice radio-sharks times? Jam the 11 802.11 band frequencies and you have a "DoS" attack...

    1. Re:jammers? by RollingThunder · · Score: 3, Interesting

      They do refer to that in the alert - that's what the "high powered saturation" method is.

      This sounds more subtle, working with the data side of the network and confusing the nodes, rather than just squashing the RF.

  2. Re:I wonder... by ezzzD55J · · Score: 3, Interesting
    And of course, how long it will take before the manufacturers will be having a firmware update for this. It seems that most firmware updates only add extra functionality to gain an edge over the competitors, but basic stuff like optimalisation is kind of a non-issue. I'm crossing my fingers this will be fixed shortly, but I'm having doubts about it.
    From the AUSCERT advisory:
    3. Workarounds/Mitigation

    At this time a comprehensive solution, in the form of software or
    firmware upgrade, is not available for retrofit to existing
    devices. Fundamentally, the issue is inherent in the protocol
    implementation of IEEE 802.11 DSSS.
    So it looks like firmware won't be able to stop it if it wants to implement the protocol correctly. There might be a grey area of course.

    Personally, I don't think it's a big deal, there are already plenty of ethernet- and ip-level DoS possibilities to worry about another one at the physical level.. The symptoms will be a bit more mysterious though.

  3. So you want to DOS a wifi ?? by pair-a-noyd · · Score: 4, Interesting

    Can you say, "cheap microwave oven" ???

    The cheaper, the better.

    Want to screw your neighbor over?
    take the cover off the oven and turn it on.
    Just don't be in the same room when you throw the switch, sort of like when the executioner lights up a prisoner in "Old Sparky"...

    Pick one up off the side of the road and then do a google site search on /. for HERF.....

    Have fun kiddies!!

  4. It was an obvious problem by CastrTroy · · Score: 4, Interesting

    it's easy to flood a wireless network, when using colision avoidance, if you're the only one not playing by the rules, you can own the network. It's like being on a token ring, and editing your protocol stack, to never put new tokens on, once you get one, Nobody else gets to send. Any protocol can be broken if you have computers that don't follow the protocol.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  5. Seeing as how the 2.4GHz band is unregulated... by Anonymous Coward · · Score: 3, Interesting

    I can't imagine how this got on the front page. A regular 2.4GHz cordless phone is enough to take down a WiFi network. And if you're willing to go with a non-portable solution, a cheap microwave will quite easily act as an on-off switch for the whole network.

    I remember vacuum cleaners used to destroy TV reception, so I can't imagine they're good for wireless networking either. Any ideas?

    aQazaQa

  6. Re:Exactly how is this surprising? by dachshund · · Score: 4, Interesting
    A microwave oven can bring down a WiFi network. You could plug a 110 volt line into an Ethernet jack if you felt like it. All shared media networks require cooperation in order to run correctly.

    Because I can't carry a microwave around in my pocket, and it would require some significant source of electricity. This requires only a PDA, and presumably doesn't drain its batteries in a matter of seconds the way RF jamming would.

    Honestly, this isn't as useful an attack as some of the targeted ones (see a paper written by Bellardo and Savage) where you can knock a specific individual off the net (and then potentially reconnect them to your own "access point".) But it still has some advantages over brute-force jamming.

  7. Ad-Hoc mode DOS/Trojan by TheSync · · Score: 3, Interesting

    At a recent conference I worked, we provided 802.11b wireless Internet access. Lots of people were complaining about the conenction, so I fired up NetStumbler and noticed that there was an Ad-Hoc node on the same channel and same SSID as our AP.

    Evidently, a lot of the "automagic" features on laptops to find and connect to an AP decided to connect to the Ad-Hoc node (in Ad-Hoc mode, of course).

    Also I am really of the impression that the existence of an Ad-Hoc node on the same channel as an AP causes severe degredation of the channel throughput. Maybe someone can confirm/deny this.

    Anyway, I used my amateur radio transmitter hunting skills to track down the guy stuck on Ad-Hoc mode, including wrapping a cone of aluminum foil around my PCMCIA 802.11b card to give it some directionality. I finally found the guy, asked him to turn off his wireless card. He said he had no idea what Ad-Hoc mode was...

    By the way, this attack would be a killer way to distribute a virus at a trade show...I suppose someone could even have a trojan horse AP to do something like that as well.