Indonesia | Singapore
   

News

Wireless Vulnerability Comes as a Shocker

 
David Maynor and Jon Cache showed a room of 300 attendees a video in which they dropped what is known as a 'root kit' into a MacBook by exploiting a weakness found in a wireless card, a component that uses radio waves to connect to the Internet. A root kit is an undetectable program that criminals can use to log passwords and gain access to sensitive files. Maynor was able to create, read and delete files on the Apple laptop. The MacBook, which was running a fully patched version of the latest Apple operating system, showed no indication that it had been compromised.

"The problem itself isn't really an Apple problem," said Maynor, a researcher at SecureWorks, a network-monitoring company. "This is a systemic problem across the industry."

The technique, detailed during the first day of the Black Hat conference, came as a shock to many people who have grown accustomed to connecting to the Internet wirelessly while sitting in airports, hotels, and cafes. "It's an alarming weakness," said Phil Zimmermann, a software engineer who specializes in data security. "Now I would rather connect using an ethernet cable," he said, referring to the term for wired Internet connections.

The MacBook used in the demonstration was not using the wireless gear that came with the computer. Instead, they used a third-party wireless card that they declined to name. The researchers were not identifying the makers or models of wireless devices that are vulnerable, so that manufacturers have a leg up on criminals who might use that information to exploit the vulnerabilities. But Maynor said the flaws are so common that he'd have no trouble walking into an Internet cafe and finding someone vulnerable.

He said the technique could be useful in targeting specific people or specific groups of people who are in close proximity to an attacker --for instance, a cafe that is frequented by executives of a particular company. The researchers declined to demonstrate the attack live because they said radio receivers in the room could allow people to detect their techniques and use them to commit crimes. A computer need not be connected to the Internet to be infected. All that's required is that it has certain wireless devices installed and that those devices be turned on.
 
 
print save email
print save email comment
 
 

 
 
 
 
 
 

Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy Policy     Terms of Use