IP: Flaw in Popular Wireless Standard

[David Farber <dave () farber net>]

BTW the Arbaugh referred to in this article is a graduate of UPenn CIS PhD 
program and did his research under the joint supervision of Jon Smith and 
myself  djf

Flaw in Popular Wireless Standard

By JOHN MARKOFF

SAN FRANCISCO, April 2 — New computer security flaws have been discovered 
in a popular wireless local area networking standard increasingly used by 
both corporations and consumers.

The flaws could make it possible for an intruder who is physically close to 
a wireless computer network to masquerade as a legitimate user in a 
supposedly private network.
The issue is a crucial one, computer security experts said, because 
wireless computing networks are rapidly being deployed in corporate 
offices, potentially giving access to corporate networks that have in the 
past been physically protected by lock and key.
The new research comes on the heels of a report last year by an Intel 
Corporation researcher, followed by similar research done earlier this year 
by computer scientists at the University of California at Berkeley, both 
describing weaknesses in the data-scrambling technique used in the wireless 
standard known as 802.11B.

Those earlier reports had already sent the industry on a search for new 
ways to protect the wireless data systems, which have gained increasing 
popularity on corporate and academic campuses, in airports and coffee 
houses and in inexpensive and convenient home networks.
Now the new report, by a group of three researchers at the University of 
Maryland led by the computer scientist William A. Arbaugh, suggests that 
simple fixes to the protocol may be more difficult to achieve than had been 
thought.
In a draft of a paper titled "Your 802.11 Wireless Network Has No Clothes," 
the researchers describe how the access control systems that are designed 
to protect wireless networks against hostile users can, in fact, be easily 
deceived.

The researchers said that in many cases wireless networks were being 
incorrectly configured so that the wireless access point is actually inside 
a corporate or home user's firewall — the device that protects a network 
from attack from those outside — leaving the network and its resources 
vulnerable.

"We're seeing a great proliferation of wireless activity now in products, 
and people have not paid close enough attention to the security issues," 
Mr. Arbaugh said. "When we began looking at this I was flabbergasted by 
what I found."

> http://www.nytimes.com/2001/04/03/business/03FLAW.html?searchpv=site01



For archives see: http://www.interesting-people.org/