Wi-Fi Fingerprints -- the End of MAC Spoofing? 176
judgecorp writes, "Wireless devices can be identified by variations in their radio signaling, known as their 'transceiverprint,' according to research reported in Techworld. The Canadian researcher, Jeyanthi Hall, related the prints to MAC addresses and got a positive ID for devices connecting to a Wi-Fi network, claiming 95% success with no false positives. Once they work out how to do this without a dedicated signal analyzer and neural network processing, it's the end of MAC spoofing on wireless networks."
Nice try, but... (Score:2, Insightful)
(any wagers on how many other "first comments" will say the same thing?)
The sample was 15 devices (Score:4, Insightful)
Re:The sample was 15 devices (Score:5, Insightful)
Does anyone remember the good old days when your garage remote control that you just bought from sears would open the door down the street? That's why they had to put in the codes. Just relying on a "fingerprint" when the majority of devices are from the same manufacturer is just a false sense of security.
However, if you really want to be scared, just google "bump key"...
Sample size too small (Score:3, Insightful)
http://www.mathworks.com/company/user_stories/use
Re:Cool hack, but who cares... (Score:2, Insightful)
No false positives? (Score:1, Insightful)
So... what was the 5% if they weren't false positives?
wow, lots of work (Score:3, Insightful)
Re:Just spoof the fingerprint (Score:4, Insightful)
It seems to me one could build analog electronics that allows signal parameters (frequency, rise time, etc.) to be electronically tuned based on the detected signal... after all, if they can identify a signal with high accuracy, then the traits to be spoofed may be distinguishable enough to be accurately measured.
Given a sufficiently powerful software defined radio, a tunable amplifier and a tunable antenna, I don't think this is impossible. It's a heck of a lot more expensive than a WLAN card, for sure. It's also a problem that a neural network is used for identification, since neural networks are a notoriously poor analysis tool from which to extract usable rules. However, given their sample size and lack of other info in the article (of other methods of forecast analysis), it is difficult to say whether the required system is so complicated that it is an intractable problem to reverse engineer the measured characteristics. I'm not convinced it is.
Re:Cool hack, but who cares... (Score:3, Insightful)
Yeah, but let's face it ... you probably don't and neither do I.
Access control lists are a simple concept that administrators understand. It would be a good thing if they could be implemented reliably with ordinary Wi-Fi.
I don't think so..... (Score:4, Insightful)
1. Amplitude
2. Phase shift
3. Signal cadencing... e.g. micro-sliced events
4. Parasitics
5. Encoding profiling.
And the success is 95%. That's wonderful. Bring it on.
In terms of your supposition that it would have to be "100 percent atom for atom identical" is pure hubris. You obviously have little engineering training. Try again.
Re:Moo (Score:5, Insightful)
I don't think it can be trusted... (Score:3, Insightful)
Re:Yeah, right. Sure. Uh-huh. What a dolt. (Score:2, Insightful)
Each radio in existence has a unique signal generated, mostly due to component variation in each production run. Resistors and capacitors in circuits are designed to tolerate a certain amount of variation in resistance, capacitance, etc etc. It's difficult to replicate - and by 'difficult', I mean an electrical engineer with a laboratory full of equipment and a team working for him would find it difficult. A signal generator designed to replicate a specific signal fingerprint would be (a) prohibitively large and (b) prohibitively expensive. Hundreds of thousands, maybe millions of dollars. NSA stuff.
This is a good idea, really, but I'm skeptical of the ability to pack that much sensing equipment into a consumer-portable wireless card.
Comment removed (Score:3, Insightful)
Re:Cool hack, but who cares... (Score:2, Insightful)
What about vulnerabilities, according to:
http://www.informit.com/articles/article.asp?p=36
- One flaw allowed an attacker to cause a denial-of-service attack, if the attacker could bypass several other layers of protection.
-A second flaw exists in the method with which WPA initializes its encryption scheme. Consequently, it's actually easier to crack WPA than it is to crack WEP.
Now, IS WPA more secure than WEP?
Is it possible to have Secure WIFI network without the big WPA2-Enterprise? (Certificate from cisco and such?)