Re: Wifi Security

["Steven M. Bellovin" <smb () cs columbia edu>]

In message <4381ECC3.1090206 () linuxbox org>, Gadi Evron writes:
> > By setting up a fake AP, you can launch active attacks.  Sure, people 
> > won't get the right certificate -- and they're not going to notice, 
> > especially if the (unencrypted) initial web splash page says something 
> > like "For added security, all SSL connections from this hotspot will 
> > use Starbucks-brand certificates.  Please configure your browser to 
> > accept them -- it will protect you from fraud."
> >
> >              --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
> I am very happy to agree with Steve. But I'd also like to add something.
>
> Security does not have to be end-user based... risking the wrath of 
> Randy, let us hail Vietnam for a moment..
>
> One of the technologies first employed in Vietnam (I may be wrong, my 
> history isn't that good) was that of tracking radiation, and 
> specifically, EM radiation by creating the first "smart bombs".
>
> You could see this type of "physical" electronic warfare also employed 
> in Iraq with the US Gov't bombing the center of GSM-blocking signal 
> generators.
>
> Locating where a transmission comes from, supposing it comes from a 
> centralized source, is rather easy.
>
> Missiles for your local ISP to use? I find this rather amusing and a 
> clear path to take.

Leaving the politics aside, it's a lot harder than it seems.  After an 
active attack at a security conference a few years ago, a prof had some 
of his grad students investigate it.  Multipath, variable signal 
attenuation, and the like make it very, very hard.  (If it worked, the 
idea was to embed the localizer in a WiFi-equipped Sony Aibo -- a robot 
dog to hunt down miscreants...)

Btw -- a lot of hot spots already do ARP-filtering to block ARP-level 
attacks on the default router's MAC address.  This problem is already 
out there.

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb