It is a lot easier to bring down a Wi-Fi network than previously thought, according to work by researchers at the Queensland University of Technology, reported by the Australian Computer Emergency Response Team (AusCERT).
Any 802.11b network can be brought to a standstill by using a simple Wi-Fi card and broadcasting repeated attempts to communicate. The denial of service attack uses a weakness in the design of the collision-avoidance protocol in 802.11b, to block all other devices from the WLAN network - without actually sending or receiving data. The attacker simply sends repeated signals that appear to be a genuine network traffic, causing the other devices to back off and wait, over and over again.
"Any organisation that continues to use the standard wireless technology (IEEE 802.11b) to operate critical infrastructure could be considered negligent," Professor Mark Looi, deputy head of software engineering and data communications at QUT, told Computerworld Today (Australia). "This wireless technology should not be used for any critical applications as the results could potentially be very serious."
The flaw was discovered in November 2003 by PhD students Christian Wullems, Kevin Tham and Jason Smith, and will be presented to the Institute of Electrical and Electronic Engineers (IEEE) Wireless Telecommunication Symposium in California today. Any 802.11b wireless card can be used to mount the DoS attack.
There are no reports of anyone actually using the attack, as people have little to gain from it, since it does not (like the weakness in WEP cryptography) give access to the network or to any private data. The effects of the attack last only as long as the attack itself, as the network recovers instantly when the attacker switches off, or is discovered. It is limited to 802.11b, as most 802.11g networks (faster than 20 Mbit/s) and 802.11a networks are immune.
Also, AusCERT points out: "The results of a successful DoS attack will not be directly discernable to an attacker, so an attack of this type may be generally less attractive to mount."
Despite this, the attack should be taken seriously, say AusCERT and Prof Looi, largely because it makes it cheaper and easy enough for script-kiddies and nuisance-level hackers. "Previously, attacks against the availability of IEEE 802.11 networks have required specialised hardware and relied on the ability to saturate the wireless frequency with high-power radiation, an avenue not open to discreet attack," says the AusCERT advisory. "This vulnerability makes a successful, low cost attack against a wireless network feasible for a semi-skilled attacker."
The vulnerability has been confirmed by vendors, and will apparently not be prevented by the forthcoming 802.11i security specification, even though this includes MAC layer security. "It was very difficult to test, because we didn't want to accidentally bring any networks down other than our own test network and had to do our experiments in secluded locations at 2am in the morning," said Prof Looi.