Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprinting Wireless Drivers

Posted by ryuzaki0 on from the tighten-that-standard dept.

jfleck writes with news that researchers at Sandia National Laboratories have released a paper on a technique they have developed for passively fingerprinting wireless device drivers (PDF). The researchers comment, "This technique is valuable to an attacker wishing to conduct reconnaissance against a potential target so that he may launch a driver-specific exploit." They sketch the loose language in the 802.11 standard describing the way client devices should probe for access points. Because probing is not spelled out in any detail, the authors say, "...implementing active scanning within wireless drivers [is] a poorly guided task. This has led to the development of many drivers that perform probing using slightly different techniques. By characterizing these implementation-dependent probing algorithms, we are able to passively identify the wireless driver employed by a device." This technique beats Wi-Fi Fingerprints by a country mile.

2 of 29 comments (clear)

  1. By a country mile? by fatboy · · Score: 4, Informative

    They are not the same thing. One is for dectecting the type of client, the other is for detecting a specific client.

    --
    --fatboy
  2. Error: Incompatable Types by Kesch · · Score: 5, Informative

    I'm not sure why the submitter brought up WiFi Fingerprinting since these two techniques address different issues. The technique described in the pdf refers to identifying a device driver by categorizing the probing algoritm used. Because the 802.11 spec is loose regarding the probing method, implementations between drivers are inconsistent enough to spot the differences using passive scanning. This allows attackers to then exploit the known vulnerabilities in the specific driver.

    OTOH, WiFi Fingerprinting monitors the fluctuations in the radio output caused by minute differences in the hardware(.04% differences between transistors, etc.) which give every single piece of wifi hardware a unique signature. Personally, I'd say that WiFi fingerprinting is cooler and useful for something other than hacking since it can defeat MAC spoofing. I don't know why the submitter thinks that determining the driver used instead of unique characteristics of the hardware is better by a country mile.

    --
    If this signature is witty enough, maybe somebody will like me.