Wireless network card drivers have been under attack since the Black Hat USA 2006 conference, and nearly every super-popular driver now appears vulnerable. Security researchers David Maynor and Jon Ellch started things off by targeting an Apple MacBook’s wireless driver at the August show, and hackers' interest in the new attack vector was quickly piqued.
Intel Centrino wireless drivers were among the first to fall, tumbling in July of this year. On November 11, hacker Johnny Cache reported a stacked based buffer overflow in the widely used Broadcom wireless driver. Broadcom drivers are used in Cisco, Linksys, and Dell wireless NICs.
Netgear wireless devices were found vulnerable just last week, and D-link wireless drivers are also exploitable. We're talking tens of millions of exploitable desktop computers, laptops, and other wireless devices.
Proof-of-concept exploit code abounds. Metasploit released at least two exploit code modules (for Netgear and Broadcom), and others are cropping up all around the Internet. Most exploit code currently works against Microsoft Windows or Mac OS X, but exploit code writers note that Linux and FreeBSD systems are just as likely to be exploitable.
Even though I have no specific information to back up my postulations, I’m speculating that many more wireless drivers will fall in the coming months. If I was a network system administrator, I would assume that unless my wireless vendor told me different, my wireless driver is not safe.
And because wireless drivers usually run in the system or root security contexts, a malicious attacker may remotely execute arbitrary code on a vulnerable computer. That’s right! You can be walking around with your laptop in a hotel lobby or airport and get completely owned.
Initially, I thought it would be hard to worm this type of exploit, but upon further reflection, a remote wireless attack is ripe for automated exploitation. The first attacker could manually infect the first wireless victim, and let the worm search for new victims from there.
It gets worse: Most laptops come with their wireless cards enabled, even if they aren’t used. Unbeknownst to you, your laptop could be sending out its wireless broadcast signal. A hacker scans the airwaves to find victims: In most cases, even without special antennas or other signal boosters, they need only be within 120 feet of your laptop’s physical location to compromise it.
I was recently on an U.S. Air Force base scanning for unauthorized wireless access points. Every laptop I saw had a broadcasting Centrino chipset, even though the base’s policy disallowed wireless connections. If you don’t need wireless connectivity with an embedded chipset, make sure you disable it in the BIOS.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Networking Resource Alerts
Recommend This
