Hackers Expose 'Critical' Wi-Fi Driver Flaw
- From: "riggor" <riggor@xxxxxxxxxx>
- Date: Thu, 3 Aug 2006 19:03:26 -0400
http://www.eweek.com/article2/0,1895,1998452,00.asp?kc=EWSTEEMNL080306EOAD
LAS VEGAS-Wi-Fi-enabled computers are sitting ducks for code execution
attacks because of gaping flaws in wireless drivers shipped on both Mac and
Windows systems, security researchers warned at the Black Hat Briefings
security conference here.
A pair of hackers-David Maynor and Jon Ellch-demonstrated such a break-in on
an Apple MacBook laptop fitted with a wireless card that was broadcasting
its presence to another computer set up as an access point.
During the demonstration, the researchers were able to take complete control
of the MacBook via a specific vulnerability in the device driver code that
sits between the operating system and the wireless card.
Maynor and Ellch did not release details or exploit code for the flaw, which
affects a wide range of Wi-Fi card manufacturers. The researchers have
notified the affected companies and are working closely to identify the
vulnerable code.
"This is not a big problem today. But, it should be something to take
seriously now before it becomes a big, big problem a year or two from now,"
said Maynor, who works as a senior researcher at Atlanta-based SecureWorks.
"The OS vendors have been hardening the operating system a lot, so now
attackers have two choices. They can go up to the application level, or they
can go lower to the device driver level," Maynor said, warning that Wi-Fi
drivers present an easy-to-exploit target.
"You've got to keep in mind that [malicious] people with an unlimited amount
of time can spend a lot of time looking at these things," he added.
Ellch, a well-known security expert who uses the hacker moniker "Johnny
Cache," made it clear that the issue is not specific to Apple's Mac
computers. "This isn't an Apple problem or a Microsoft problem. This is
something that's problematic across the industry," he said.
However, Maynor said the MacBook was used in the demo as a retort to the
latest Apple commercials. "We don't want to bash Mac. I'm a big fan of Mac.
But those commercials are just [annoying]," he said.
Ellch, a creator of wireless hacking tools, also used the Black Hat stage to
discuss design flaws in the 802.11 link-layer wireless protocol. He
described 802.11 as an "overly complicated" protocol that has not been
implemented securely by many vendors.
He also showcased a new Wi-Fi fingerprinting technique that can be used by
attackers to spy on target systems.
The presentation comes just days after chip giant Intel released a trio of
security patches for critical vulnerabilities affecting its Centrino product
line.
Maynor said the Intel patches, which cover code execution holes in Centrino
drivers and Intel Pro/Wireless network connections, were not related to the
Black Hat speech. "It's pretty interesting, the timing of the [Intel]
patches, but it's not something that we were responsible for," he said.
Intel said in an alert that the most serious flaw in the Centrino wireless
driver line can be exploited to launch remote code execution attacks.
"[These flaws] could potentially be exploited by attackers within range of
the Wi-Fi station to execute arbitrary code on the target system with
kernel-level privileges. These flaws are due to a memory corruption while
parsing certain frames," Intel said.
The bugs could also lead to information disclosure and privilege escalation
attacks.
--
.
- Follow-Ups:
- Re: Hackers Expose 'Critical' Wi-Fi Driver Flaw
- From: Jerry Park
- Re: Hackers Expose 'Critical' Wi-Fi Driver Flaw
- Prev by Date: Re: disable wireless upon ethernet connection
- Next by Date: Yahoo down
- Previous by thread: Linksys router - how to block wired/LAN access
- Next by thread: Re: Hackers Expose 'Critical' Wi-Fi Driver Flaw
- Index(es):
Relevant Pages
|
