Interesting People mailing list archives
IP: Flaw in Popular Wireless Standard
From: David Farber <dave () farber net>
Date: Wed, 04 Apr 2001 13:43:41 -0400
BTW the Arbaugh referred to in this article is a graduate of UPenn CIS PhD program and did his research under the joint supervision of Jon Smith and myself djf Flaw in Popular Wireless Standard By JOHN MARKOFF SAN FRANCISCO, April 2 New computer security flaws have been discovered in a popular wireless local area networking standard increasingly used by both corporations and consumers. The flaws could make it possible for an intruder who is physically close to a wireless computer network to masquerade as a legitimate user in a supposedly private network. The issue is a crucial one, computer security experts said, because wireless computing networks are rapidly being deployed in corporate offices, potentially giving access to corporate networks that have in the past been physically protected by lock and key. The new research comes on the heels of a report last year by an Intel Corporation researcher, followed by similar research done earlier this year by computer scientists at the University of California at Berkeley, both describing weaknesses in the data-scrambling technique used in the wireless standard known as 802.11B. Those earlier reports had already sent the industry on a search for new ways to protect the wireless data systems, which have gained increasing popularity on corporate and academic campuses, in airports and coffee houses and in inexpensive and convenient home networks. Now the new report, by a group of three researchers at the University of Maryland led by the computer scientist William A. Arbaugh, suggests that simple fixes to the protocol may be more difficult to achieve than had been thought. In a draft of a paper titled "Your 802.11 Wireless Network Has No Clothes," the researchers describe how the access control systems that are designed to protect wireless networks against hostile users can, in fact, be easily deceived. The researchers said that in many cases wireless networks were being incorrectly configured so that the wireless access point is actually inside a corporate or home user's firewall the device that protects a network from attack from those outside leaving the network and its resources vulnerable. "We're seeing a great proliferation of wireless activity now in products, and people have not paid close enough attention to the security issues," Mr. Arbaugh said. "When we began looking at this I was flabbergasted by what I found."
http://www.nytimes.com/2001/04/03/business/03FLAW.html?searchpv=site01
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Flaw in Popular Wireless Standard David Farber (Apr 04)