Wi-fi security is supposed to be improving but experts are still coming up with new ways to break the networks.
This week's Usenix Security Symposium in Washington DC saw a demonstration of denial of service attacks which go beyond brute force methods and target and disable the connections of specific devices on a WLAN.
Most denial of service attacks on Wi-Fi networks simply flood the radio frequencies they use for communications, but John Bellardo of the University of California San Diego showed a subtler approach that let him cut off the link to any specific notebook on the symposium’s WLAN.
The demonstration, reported in Government Computing News, worked by producing spoof “de-authentication” packets, which are used in normal Wi-Fi operation to break the connection between a user and a wireless access point.
When a computer breaks off a connection, it sends a de-authentication packet to the access point, which then accepts no more data from that computer. Belardo’s routine simply pretends to be a specific computer, and sends a de-authentication packet in its name, thereby bumping it off the network.
The approach was effective enough for him to demonstrate, live, his ability to interrupt traffic, to most of the notebooks in the conference room, according to GCN.
As well as the attack, he has produced a suggested repair: a patch which would cause access points to wait several seconds before acting on a de-authentication packet. If more traffic comes from the user, then the packet must have been a spoof or a mistake, and is ignored.
Bellardo saw other holes that need fixing, but said de-authentication spoofing was the worst one out there. “You have to start one hole at a time.,” he said.
Usenix, the Advanced Computer Systems Association, developed from a Unix users group, formed some 25 years ago, and now covers leading edge issues in computing.