Enterprise wireless networks are at risk from a
widespread unfixed flaw that can lead to a simple denial of service
attack.
Researchers at Queensland University in Australia have discovered a
hardware configuration flaw in wireless access points, which could
allow anyone equipped with a standard wireless access card and PDA
or laptop to "jam" any wireless network within a 1km radius.
The flaw allows attackers to send repeated requests to the wireless
access point. Other users will receive a "network busy" message and
will not be able to connect to the network.
None of the Wi-Fi equipment manufacturers has devised a fix for the
hole. The flaw affects all 802.11b-based networks, the majority of
installed systems, and 802.11g-based networks running at below
20mbps.
In addition, 802.11g wireless points that also support 802.11b
users can be targeted. Networks running on 802.11a are not
affected, but this standard is not used in the UK.
Internet security testing company NTA Monitor told Computer Weekly
the only solution to the problem is to use 802.11g at speeds of
more than 20mbps or to transfer mission-critical data onto purely
fixed-line networks.
802.11g can theoretically work at up to 54mbps, but actual working
wireless speed depends on the user's fixed-line network speed, and
many networks work at less than 20mbps.
NTA Monitor managing director Roy Hills said, "A company can
prevent such an attack by shielding their buildings using a
technique known as tempest-shield which blocks radio
interference.
"However, this approach is generally only deployed as an
anti-spying measure in government buildings.
"When dealing with this type of threat, for many, it is basically a
trade off between functionality and risk," he said.
Rich Mironov, director at wireless network testing company
AirMagnet, said, "The way to stop such attacks is to locate the
device and turn it off. With this exploit, you must disable the
sender."
Matt Broughton, network systems manager at Basildon & Thurrock
University Hospital, has just rolled out a wireless network at the
hospital, which supports 802.11g and 802.11b network card
users.
He said, "As we rely on 802.11g at above 20mbps we should be all
right as far as this problem is concerned."
Screening wallpaper stops jammers
A future solution to the threat to wireless access points may
lie in technology usually associated with the Stealth bomber, in
the form of BAE Systems' Stealthy Wallpaper.
The company's scientists used Frequency Selective Surface
technology, more commonly found in military applications such as
the Stealth bomber, to develop a flexible wireless screening
material that is less than 0.1mm thick.
This allows the material to be easily applied to a wide range of
surfaces and it can be made transparent for windows.
Two varieties of the material have been developed: active and
passive. The passive material permanently screens Wi-Fi
transmissions but allows the transmission of mobile phone signals
and radio frequencies of the emergency services.
The active material can be turned on or off so that Wi-Fi
networks in different areas of a building can be linked or isolated
as required.