It keeps getting better and better

Students warn of hacking threat
Tess Livingstone, higher education editor
14may04

THREE Brisbane university students have discovered a major flaw in wireless network technology that means hackers can bring down critical infrastructure in as little as five seconds.

The finding, which is likely to have worldwide ramifications – was identified by the Queensland University of Technology's Information Security Research Centre.

Wireless technology is booming in popularity because it allows for access to the Internet without the need for cables and it is also used in some countries – but not Australia – to control infrastructure such as railways and electricity.

Associate Professor Mark Looi, the deputy head of QUT's School of Software Engineering and Data Communications, said the discovery should send a warning to government and industry worldwide.

"Any organisation that continues to use the standard wireless technology (IEEE 802.11b) to operate critical infrastructure could be considered negligent," Professor Looi said.

"This wireless technology should not be used for any critical applications, as the results could potentially be very serious."

Professor Looi's PhD students Christian Wullems, Kevin Tham and Jason Smith discovered the flaw while investigating mechanisms for defending wireless devices against hackers.

Mr Wullems will present the findings to the Institute of Electrical and Electronic Engineers Wireless Telecommunication Symposium in California today.

Potential attackers only need a common wireless adaptor which retails for about $50, and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission.

"With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometre of its operation in anywhere between five and eight seconds," Professor Looi said.

The Information Security Research Centre at QUT has been working with AusCERT – Australia's national computer emergency response team – to alert manufacturers about vulnerable wireless networking equipment since the discovery was made in November last year. A solution is yet to be found.

In Brisbane, about 12 public access networks and many corporate intranet systems, including those in large department stores could be affected, Professor Looi said.

"QUT confirmed their findings with other leading independent researchers in Australia," he said.

Professor Looi said that while the process to bring down a wireless network was very simple, it did not compromise the data on the network.

Tools were currently being developed so wireless networks could be tested to see how vulnerable they were to disruption.

this is not exactly big news in totality.

you can do the same thing to Wi-Fi with a magnetotron, like one from a microwave ( don't rip one out unless you know what you are doing, though, you could literally cook your eyeballs.)

My wireless goes out every time I nuke something, for instance.

the big thing is you can do it with a standard card.

addendum- you can do it with a standard card without really deep card hacking.

yeah.. anything that's wireless is far easier to jam in general than wired, it's just the nature of the medium.

I think you can make wireless communications quite confidential (only the proper parties can see it) and have quite a bit of integrity (you know it came from the proper parties), if you have the right people doing the design...

but I don't ever think they will have the same availability as wired connections, and nobody should rely on them if they need availability in the face of an concerted attack.

An interesting note: this specific attack only works on 802.11b or 802.11g in the slow b-compatible mode. It doesn't affect a or g in the fast mode.