Researchers Hack Wi-Fi driver to Breach Laptop

InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."

Base Station?

[wish bot]

I wonder if this could be used to attack a wired network through a venerable basestation?

OpenBSD

[ivan kk]

Helps explain OpenBSD's stance on not having blobs, they'd have been able to audit the driver code, and fix it quicker to boot.

Black Hat likes pissing people off?

[theitaliangunman]

I guess it's not necessarily a bad thing that they do something so controversial every year, such as releasing vulnerabilities before they're fixed, but I'm beginning to wonder if they do it just for the attention. Something like this should be addressed before it's released, IMHO.

I seem to recall something similar happening at Blackhat last year, although I can't remember exactly what. All I remember is it was the talk of Defcon for the first night I was there.

Re:Clearly the solution is...

[dilvish_the_damned]

Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?

They are illegal. Not in words on paper, but in practice. Prosecutors like smoking guns, and thats how they use trivial shit. Just get yourself suspected of a related crime, and then have said tools on your laptop."Was there any evidence that the defendant used such tools?" "Yes ma'am, we found something called 'cracklib' on his laptop which is used with other tools to cracking passwords, there is no other reason for it your honor".

I also learned one other thing that day; judges have zero sense of humor. I think its a requirement for the job or something.

Re:Once again....

[Frightening]

Have you ever tried to compromise a FC5 box with basic server-hardening and all the latest tech enabled? The implementation of comprehensive buffer-overflow protection schemes(stack,GOT protection..etc) has made it almost impossible to root certain boxes.

Re:I agree...but I don't...but I do...

[jawtheshark]

Of course, users should apply critical updates. Even in a perfect world, where drivers are only changed for critical stuff, the problem is: how are they going to know? You might say "Windows Update", but that only works for Windows drivers and you know as well as I do that most, if not all, drivers are third-party drivers.

My example for Logitec mice stands: I am pretty much the only one that buys a mouse, plugs it in and it works. Other people *think* they need to install *everything* that is on the included CD. It is not the responsibility of Microsoft to push third-party driver updates over Windows Update. It is not their responsibility nor their role.

The only other solution to the problem is: every single driver needs to check the "mothership" for updates every other time. Just like antivirus programs do, just like Windows Update works. I do not even want to imagine what kind of resources that would use, and even less what kind of havoc it might cause because a "bad driver" got released that borks about every second computer in the world. Oh, and I'm ignoring all privacy issue that such a system would bring with it.

Diebold's voting machines

[Timo_UK]

Don't they have Wifi too? And I bet this is old news for NSA, Mossad and the like.

all things survival

[proudhawk]

seems to me like this is right out of Darwin's Law.

In essense, prey evolves defenses to reduce predation.
thus predators must evolve to overcome the defenses
of the prey. same thing here.

with the hardware manufacturers (and their coders):
they've done the "get it working" and the "make it fast" steps.
Now they have to do the "get it right" step.

 

mod parent down

[John Nowak]

Since when was Scheme object-oriented? Also, as a Schemer, I can say that in most cases there *is* a large speed penalty involved, often on the order of a magnitude (or worse). It's much more of an issue if the speed hit matters than pretending it doesn't exist.

For the record, it is also perfectly possible to write safe C code with a good deal of rigor and some basic knowledge of the platform. You certainly don't need to know how to write at a lower level as long as you understand the concepts involved and the particular features of the hardware. People do it all the time and plenty of libraries exist to enable this.

And finally, people hardly switched to Java for "no apparent reason". It's not in the least my language of choice, but for some groups it has a distinct number of advantages over C or C++. In summary, I'm convinced you have no idea what you're talking about.

again we hear of it

[ajs318]

Again we hear of a vulnerability and again it is one which need never have existed in the first place. We know a song about that [openbsd.org]!

It's time that access to source code for device drivers was mandated by law: if hardware manufacturers will not supply the source code for their drivers, then they simply should not be allowed to sell the product. It has to be demanded from above, because of the {false, and patently so} perception that releasing driver source code or specifications might benefit competitors: if everyone has to do it then no-one will benefit unfairly.

Now, in the case of wireless devices, there is a definite possibility that the device could be reprogrammed to operate in a different way to that for which type-approval was granted. So it should be made clear that the approval covers the hardware and software as a combination, and altering the software may cause the device to operate in a non-approved manner. Just by the general principle of "innocent until proven guilty", anyone using a modified version of a device driver would only be liable for prosecution if they actually caused undesirable interference. Anyway, this is how it works in industry: type-approval procedures are published, you can certify your own products, but if at a later date they are discovered not to meet the requirements, then it's your responsibility to deal with it.

Re:Greater problem

[Anonymous Coward]

Given the abysmal moderating around here that '+5 insightful' tag has taught me to expect rather the opposite.
Why dont all you Lisp, Scheme, Haskell and Java OO-fanboys get together and do it right? Go ahead, start a project on sourceforge, grab some old mobo and implement an OS for it. And while you're at it throw out the BIOS too (Assembler, YUCK!). Given the vast superiority of OO languages that should be cake, isn't it? Just imagine all the productivity gains since you never have to debug all those buffer overflows. You could be finished by years end...

Sheesh.

Re:Is this supposed to be sarcastic?

[MooUK]

"When open source hacking tools are made criminal, only criminals have access to security."

Exactly what I just said, in more words, in a letter to my local MP, about a recently passed act. Except I was talking about hacking tools in general, not open source ones.

Re:Greater problem

[baadger]

There is a great interview with the Singularity guys [msdn.com] on Channel 9 which details just how much of Singularity is written in 'unsafe' C# and how much is written in safe C# and other languages.

They also mention some benchmarks against the current Windows line up with some surprising results.

Laptops are "special"

[blowdart]

I've been working with end users enough at uni and work to realise the most even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.

Well considering upgrading the graphics card would take, at the least, a large amount of disassemly and soldering on 99.9% of laptops maybe it's a good thing end users don't try ....

More seriously a lot of the problems with laptops is that vendors, nvidia, ati, intel, et al will not ship drivers for the parts used in laptops, instead they provide them to the laptop vendors. Who, after a year, stop bothering. Trying to find an up to date video driver for my Toshiba is next to impossible, because Toshiba never released any, so I'm stuck with a driver that's well over a year old and has problems in some games. But their viewpoint is, of course, only support the latest and greatest, make people update the hardware. The only hope you have are the people out there who hack the standard driver packages to work with laptop vendor specific device IDs.

If MS had followed through on the idea of including cerified drivers in windowsupdate it would have solved a lot of problems, but very few vendors support it.

Re:Done.

[Anonymous Coward]

odd that this OS though written in java (write once, run anywhere?) is only available for x86.