Slashdot Mirror
Researchers Hack Wi-Fi driver to Breach Laptop
InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."
Helps explain OpenBSD's stance on not having blobs, they'd have been able to audit the driver code, and fix it quicker to boot.
Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?
They are illegal. Not in words on paper, but in practice. Prosecutors like smoking guns, and thats how they use trivial shit. Just get yourself suspected of a related crime, and then have said tools on your laptop."Was there any evidence that the defendant used such tools?" "Yes ma'am, we found something called 'cracklib' on his laptop which is used with other tools to cracking passwords, there is no other reason for it your honor".
I also learned one other thing that day; judges have zero sense of humor. I think its a requirement for the job or something.
I think you underestimate just how much I just dont care.
Of course, users should apply critical updates. Even in a perfect world, where drivers are only changed for critical stuff, the problem is: how are they going to know? You might say "Windows Update", but that only works for Windows drivers and you know as well as I do that most, if not all, drivers are third-party drivers.
My example for Logitec mice stands: I am pretty much the only one that buys a mouse, plugs it in and it works. Other people *think* they need to install *everything* that is on the included CD. It is not the responsibility of Microsoft to push third-party driver updates over Windows Update. It is not their responsibility nor their role.
The only other solution to the problem is: every single driver needs to check the "mothership" for updates every other time. Just like antivirus programs do, just like Windows Update works. I do not even want to imagine what kind of resources that would use, and even less what kind of havoc it might cause because a "bad driver" got released that borks about every second computer in the world. Oh, and I'm ignoring all privacy issue that such a system would bring with it.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Don't they have Wifi too? And I bet this is old news for NSA, Mossad and the like.
Timo's Audio Software http://www.esseraudio.com
Since when was Scheme object-oriented? Also, as a Schemer, I can say that in most cases there *is* a large speed penalty involved, often on the order of a magnitude (or worse). It's much more of an issue if the speed hit matters than pretending it doesn't exist.
For the record, it is also perfectly possible to write safe C code with a good deal of rigor and some basic knowledge of the platform. You certainly don't need to know how to write at a lower level as long as you understand the concepts involved and the particular features of the hardware. People do it all the time and plenty of libraries exist to enable this.
And finally, people hardly switched to Java for "no apparent reason". It's not in the least my language of choice, but for some groups it has a distinct number of advantages over C or C++. In summary, I'm convinced you have no idea what you're talking about.
Again we hear of a vulnerability and again it is one which need never have existed in the first place. We know a song about that!
It's time that access to source code for device drivers was mandated by law: if hardware manufacturers will not supply the source code for their drivers, then they simply should not be allowed to sell the product. It has to be demanded from above, because of the {false, and patently so} perception that releasing driver source code or specifications might benefit competitors: if everyone has to do it then no-one will benefit unfairly.
Now, in the case of wireless devices, there is a definite possibility that the device could be reprogrammed to operate in a different way to that for which type-approval was granted. So it should be made clear that the approval covers the hardware and software as a combination, and altering the software may cause the device to operate in a non-approved manner. Just by the general principle of "innocent until proven guilty", anyone using a modified version of a device driver would only be liable for prosecution if they actually caused undesirable interference. Anyway, this is how it works in industry: type-approval procedures are published, you can certify your own products, but if at a later date they are discovered not to meet the requirements, then it's your responsibility to deal with it.
Je fume. Tu fumes. Nous fûmes!