About us Contact us RSS Newsletters Blogs Video Follow us on Twitter

Register | Login

Advertisement
  • Networking
  • Storage
  • Security
  • Mobility and Wireless
  • Applications
  • OS and Servers
  • Mid-sized Business
  • Green IT
  • Virtualisation

Home | News | Insight | How-tos | Case studies | Interviews | Briefings | Reviews | Blog

Mobile Computing & Wireless Networking News



13 April 2007

WiFi bug found in Linux

By Peter Judge. Techworld

A bug has been found in a major Linux WiFi driver that can allow an attacker to take control of a laptop - even when it is not on a WiFi network.

Advertisement

There have not been many Linux WiFi device drivers, and this is apparently the first remotely executable WiFi bug. It affects the widely used MadWiFi Linux kernel device driver for Atheros-based WiFi chipsets, according to Laurent Butti, a researcher from France Telecom Orange, who found the flaw and released the information in a presentation (PDF) at last month's Black Hat conference in Amsterdam.

"You may be vulnerable if you do not manually patch your MadWiFi driver," said Butti. Before making it public, he shared the flaw with the MadWiFi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.

The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a WiFi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.

Linux users have previously suffered from a shortage of Linux drivers, and have campaigned to get wireless networks supported in the Linux kernel. With fewer Linux laptops on WiFi networks, security experts - and presumably hackers - have taken longer to get round to Linux drivers, but issue of handling remote data at the kernel level can cause trouble on the open source OS just as easily as any other.

Butti has previously developed the RAW series of proof-of-concept hacker tools. He also found the Windows WiFi flaw by fuzzing, during the Month of Kernel Bugs last year.

Fuzzing is a blessing, according to Butti, because it is a low-cost way for security researchers to uncover obvious bugs that may get overlooked, and exploited by hackers. In future, he expects fuzzing to reveal bugs in other wireless technologies like WiMax, and wireless USB, as well as many more bugs in the extensions that are regularly added to WiFi.

Follow highlights from Techworld on Twitter
Stay Informed > Subscribe to our Newsletters
The UK IT News widget Get it for your site!

<<newer article | back to index | older article>>

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'WiFi bug found in Linux ' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?
Advertisement
Advertisement

WHITE PAPERS

  • Seven Ways ITIL Can Help You in an Economic Downturn
    Learn more about how ITIL can help your business weather the economic storm, and how it can leave you better positioned for growth when the economy begins to rebound.
  • Modernizing IT: Strategies for Improving Service Quality and Reducing IT Costs
    Working harder simply won’t get you there. No matter how many people you allocate, sinking more labour into old IT practices cannot concurrently meet rising demands on IT and cut costs. Read about cost-effective, automated ways to meet this challenge head-on in this whitepaper.
  • Ten tips on security for your business
    Security of your customer data and business information is vital, this guide covers the essential issues in an easy to understand straight-forward way.
  • Business Continuity - Are you always open for business?
    Business continuity is not an end in itself, but the key to improving performance. Oracle solutions for midsize organisations contribute by providing a secure, easily accessible, and always available information infrastructure thats's also simple and cost-effective to manage. This Oracle Business Brief explains how.
  • A guide to understanding hosted and managed messaging
    Messaging has become absolutely critical to the operation of most enterprises and has become something of a utility, much like electricity or water provision in certain key respects. Learn more with this Osterman research whitepaper.

Techworld topic pages