Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Hack Wi-Fi driver to Breach Laptop

Posted by ryuzaki0 on from the reach-out-and-hack-someone dept.

InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."

4 of 199 comments (clear)

  1. OpenBSD by ivan+kk · · Score: 5, Interesting

    Helps explain OpenBSD's stance on not having blobs, they'd have been able to audit the driver code, and fix it quicker to boot.

  2. Re:Clearly the solution is... by dilvish_the_damned · · Score: 5, Interesting

    Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?

    They are illegal. Not in words on paper, but in practice. Prosecutors like smoking guns, and thats how they use trivial shit. Just get yourself suspected of a related crime, and then have said tools on your laptop."Was there any evidence that the defendant used such tools?" "Yes ma'am, we found something called 'cracklib' on his laptop which is used with other tools to cracking passwords, there is no other reason for it your honor".

    I also learned one other thing that day; judges have zero sense of humor. I think its a requirement for the job or something.

    --
    I think you underestimate just how much I just dont care.
  3. Diebold's voting machines by Timo_UK · · Score: 5, Interesting

    Don't they have Wifi too? And I bet this is old news for NSA, Mossad and the like.

    --
    Timo's Audio Software http://www.esseraudio.com
  4. mod parent down by John+Nowak · · Score: 5, Interesting

    Since when was Scheme object-oriented? Also, as a Schemer, I can say that in most cases there *is* a large speed penalty involved, often on the order of a magnitude (or worse). It's much more of an issue if the speed hit matters than pretending it doesn't exist.

    For the record, it is also perfectly possible to write safe C code with a good deal of rigor and some basic knowledge of the platform. You certainly don't need to know how to write at a lower level as long as you understand the concepts involved and the particular features of the hardware. People do it all the time and plenty of libraries exist to enable this.

    And finally, people hardly switched to Java for "no apparent reason". It's not in the least my language of choice, but for some groups it has a distinct number of advantages over C or C++. In summary, I'm convinced you have no idea what you're talking about.