Thought this article was quite interestin,
RESEARCHERS at the Queensland University of Technology have discovered an easily-exploited vulnerability which can be used to take down most 802.11 wireless networks.
The flaw operates at lower network layers than most previously-discovered security flaws in 802.11 networking, and affect any network operating at the 2.4GHz frequency - which is the sole frequency used by the most popular wireless protocol, 802.11b.
Associate Professor Mark Looi's PhD students Christian Wullems, Kevin Tham and Jason Smith discovered the flaw while investigating wireless security mechanisms.
Mr Wullems will present at an Institute of Electrical and Electronic Engineers (IEEE) Wireless Telecommunication Symposium in the US tomorrow and AusCERT has issued an advisory today.
The researchers said the vulnerability was "trivial" - or easy - to exploit. Testing was carried out in the small hours to avoid accidentally taking down other networks, and the researchers used a laptop running Linux Fedora Core 1 and a Compaq Ipaq running Familiar Linux.
The attack works by sending signals used at the physical and MAC address layers which are used to warn that devices are busy. As it applies to the 2.4GHz frequency, 802.11b is most vulnerable. The 802.11g standard also uses the 2.4GHz spectrum but depending on configuration, some 802.11g networks would be able to ignore such an attack.
"I don't think it's necessarily going to cause widescale panic," Professor Looi said of the discovery. "The hopeful effect will be it's going to cause a lot of organisations to evaluate carefully what they use wireless networks for, and put in place necessary actions to prevent problems."
Several well-publicised security vulnerabilities have been discovered in 802.11b concerning wireless encryption protocol or WEP, which can be relatively easily penetrated.
However unlike the WEP problems, the flaws discovered by the QUT researchers cannot be addressed using encryption and will not be addressed by the emerging 802.11i standard.
Professor Looi said despite the WEP flaws, many organisations were not cautious enough about their wireless networks. He recommended any organisation running an 802.11b or 802.11g network to carry out a radio survey to determine how far away their network can be accessed.
"If they discover they can be attacked from out on the street or the carpark, for example, they need to think seriously about re-planning their network," he said.
AusCERT senior security analyst James Gillespie said proprietary solutions would also be useless against the attack.
"If it's in 2.4GHz and using DSSS (direct sequence spread spectrum) in the physical layer, it doesn't matter if you're using encryption or any of the new Cisco LEAP protocols or anything like that... it's at the lowest level," Mr Gillespie said.
However he pointed out that the vulnerability could not be used to intercept data.
Despite the ease with which the vulnerability could be exploited, he said AusCERT did not expect that to see widespread network attacks using the newly-discovered method.
"It doesn't have rewards for most people - there are of course instances where a targeted DOS would serve the purpose of the attacker, however most attackers have been interested in taking down entire networks, not just a wireless network," he said.
Mr Gillespie said relevant vendors had been informed about the vulnerability under embargo to determine the effectiveness of the attack, mitigating factors and whether software or hardware upgrades would be required.
The discovery will lend some prestige to local research.
"Absolutely - any vulnerabilities that are discovered lend a certain amount of prestige to the organisation being the first to discover it, fully document it and present it," Mr Gillespie said.
"It also shows that Australian IT research and development is up there with the rest of the world, and we're not just a bunch of surfers in Brisbane."
