Researchers Hack Wi-Fi driver to Breach Laptop

InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."

Fixed in FreeBSD five months ago.

[cperciva]

Ok, this might be a different bug; but FreeBSD fixed a remote kernel code execution bug which affected systems scanning for existing 802.11 wireless networks. The bug was discovered and reported to the FreeBSD Security Team by Karl Janmar.

Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver

Whether this is a new bug or not, it's certainly not a new type of bug.

Download link + mirror

[qcs-rf.com]

lorcon info: http://www.802.11mercenary.net/lorcon/
lorcon d/l: http://802.11ninja.net/code/lorcon-current.tgz
airbase info: http://www.802.11mercenary.net/
airbase d/l: http://www.802.11mercenary.net/code/airbase-stable .tar.gz

code mirror: http://www.qcs-rf.com/slashdot