A serious wireless network technology flaw that could
lead to the breakdown of some critical infrastructures in just five
seconds has been identified by Queensland University of
Technology's (QUT) Information Security Research
Centre.
Wireless technology is gaining traction and in some countries is
used to control infrastructures such as railway networks, energy
transmission and other utilities.
QUT's School of Software Engineering and Data Communications
deputy head, associate professor Mark Looi, said the discovery of
the flaw should send a warning to high levels of government and
industry worldwide.
"Any organisation that continues to use the standard wireless
technology [IEEE 802.11b] to operate critical infrastructure could
be considered negligent," Looi said.
"This wireless technology should not be used for any critical
applications as the results could, potentially, be very
serious."
Looi's PhD students - Christian Wullems, Kevin Tham and Jason
Smith - discovered the flaw while investigating mechanisms for
defending wireless devices against being hacked.
The findings are to be presented to the Institute of Electrical
and Electronic Engineers (IEEE) Wireless Telecommunication
Symposium in California tomorrow (14 May).
In effect, the flaw allows for the disruption of the standard
802.11b radio frequency developed by the IEEE to transmit data.
The result is that the wireless devices cannot communicate with
each other and service is denied.
"The 802.11b network is supported by a number of computing
platforms including Macs, PCs and handheld devices and in 99.9% of
all cases is the only way to connect to wireless networks," Looi
said.
"To exploit the vulnerability potential attackers only need a
common wireless adaptor which retails for about £20 and instead of
using it to enable their computer to access a network, they can
change its coding to interfere with transmission.
"With this adaptor you can basically totally disrupt any
wireless network that uses this technology within a kilometre of
its operation in anywhere between five and eight seconds."
The Information Security Research Center at QUT has been working
with Australia's national computer emergency response team AusCERT
to alert manufacturers about vulnerable wireless networking
equipment since the discovery was made last November. A solution to
the problem is yet to be found.
Looi said it was important to release the findings to ensure
that users of the wireless technologies were made fully aware of
the potential risks to their systems. There are about 12 public
access networks plus numerous corporate Intranet systems that could
be affected, he added.
The process to bring down a wireless network was very simple,
although it did not compromise the data on the network.
"When the adaptor is given the right sequence of codes, it sends
out enough information over the air for the network link to mistake
it as interference - when this happens all devices on the network
delay their transmission for a short period of time," he said.
"The adaptor will keep sending out the interference signal so
the wireless network can't resume its normal transmission," he
said, adding that any computer, PDA or notebook could send out the
signal if the wireless adaptor was programmed accordingly.
Tools are being developed so wireless networks can be tested to
see how vulnerable they are to being disrupted in this way.
Sandra Rossi writes for Computerworld