Students from Brisbane, Australia’s Queensland University of Technology School of Software Engineering and Data Communications say they’ve uncovered a flaw in the 802.11 specification that could let attackers shut down wireless networks in seconds.
A report on the findings was issued by the Australian Computer Emergency Response Team (AusCERT) called Denial of Service Vulnerability in IEEE 802.11 Wireless Devices. It says an attacker using a “low-powered, portable device such as an electronic PDA and a commonly available wireless networking card can cause significant disruption to all WLAN traffic within range, in a manner that makes identification and localization of the attacker difficult.”
The problem is caused by an exploitation of the Clear Channel Assessment (CCA) procedure used in equipment running Direct Sequence Spread Spectrum (DSSS)
Networks using 802.11g in mixed mode (with both 802.11g and 11b clients) may also be vulnerable. At higher speeds, 802.11g uses Orthogonal-Frequency-Division Multiplexing (OFDM)
Such a DoS
The vulnerability does not compromise data either by destroying it or intercepting it.
The upcoming 802.11i standard for advanced security on all 802.11 networks would not prevent the attacks. 802.11i is a solution for authentication of users and encryption of data.
The report adds that “independent vendors have confirmed that there is currently no defense.” This problem is essentially built right into the use of DSSS in 802.11. The best solution is to shield WLANs from the outside, something that’s not an option for public access Wi-Fi hotspots which are “particularly vulnerable.” AusCERT recommends not using WLANs vulnerable to the attack for “safety, critical infrastructure and/or other environments where availability is a primary requirement.”
The professor of the students that discovered the flaw is quoted at News.com.au as saying the announcement shouldn’t cause panic, but should “cause a lot of organizations to evaluate carefully what they use wireless networks.”
This DoS vulnerability is not the first security issue the 802.11 world has faced. It joins the problems of wired equivalent privacy (WEP)