Critical 802.11 wireless flaw identified

A serious wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just five seconds has been identified by Queensland University of Technology's (QUT) Information Security Research Centre, a finding that is likely to have worldwide ramifications.

Wireless technology is gaining traction and in some countries is used to control infrastructures such as railway networks, energy transmission and other utilities.

QUT's School of Software Engineering and Data Communications deputy head, associate professor Mark Looi said the discovery of the flaw should send a warning to high levels of government and industry worldwide.

"Any organization that continues to use the standard wireless technology (IEEE 802.11b) to operate critical infrastructure could be considered negligent," Professor Looi said.

"This wireless technology should not be used for any critical applications as the results could potentially be very serious."

Looi's Ph.D students -- Christian Wullems, Kevin Tham and Jason Smith -- discovered the flaw while investigating mechanisms for defending wireless devices against being hacked.

The findings are to be presented to the Institute of Electrical and Electronic Engineers (IEEE) Wireless Telecommunication Symposium in California on Friday.

In effect the flaw allows for the disruption of the standard 802.11b radio frequency developed by the IEEE to transmit data.

The result is that the wireless devices cannot communicate with each other and service is denied.

"The 802.11b network is supported by a number of computing platforms including Macs, PCs and hand held devices and in 99.9 per cent of all cases is the only way to connect to wireless networks," Professor Looi said.

"In order to exploit the vulnerability potential attackers only need a common wireless adaptor which retails for about $A50 (US$35) and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission.

"With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometer of its operation in anywhere between five and eight seconds."

The Information Security Research Center at QUT has been working with Australia's national computer emergency response team AusCERT to alert manufacturers about vulnerable wireless networking equipment since the discovery was made in November last year. A solution to the problem is yet to be found.

AusCERT will release an advisory on the issue today.

Looi said it was important to release the findings to ensure that users of the wireless technologies were made fully aware of the potential risks to their systems.

In Brisbane, he said there are about 12 public access networks plus numerous corporate Intranet systems that could be affected.

"QUT confirmed their findings with other leading independent researchers in Australia," Professor Looi said.

He said the process to bring down a wireless network was very simple however it did not compromise the data on the network.