New WiFi security flaw found
It appears that every two steps forward are followed by at least one step backward. So it is with WLAN security, as clever security researchers said they have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. David Maynor and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, CA, will demonstrate the flaw at the upcoming Black Hat USA 2006 conference.
Maynor and Ellch "fuzzed" various wireless cards-- hacker slang for throwing a lot of wireless packets at the cards. This can cause programs to fail or run unauthorized software. They were able to access a laptop through a wireless device. "You don't have to necessarily be connected for these device driver flaws to come into play," Ellch said. "Just because your wireless card is on and looking for a network could be enough."
For more ion the latest WLAN security problem
- read Robert McMillan's NetworkWorld report
- and Peter Judge's ZDNet UK report
For more about the Black Hat event
- check out the event's Web site
PLUS:This is an opportune time for the National Institute for Standards and Technology (NIST) to issue its draft guide for 802.11i-based WLAN security. Report