 |
|
Sandia fingerprinting technique demonstrates wireless device driver vulnerabilities
September 13, 2006LIVERMORE, Calif. - The next time you're sipping a latte and surfing the Net at your favorite neighborhood wireless café, someone just a few seats away could be breaking into your laptop and causing irreparable damage to your computer's operating system by secretly tapping into your network card's unique device driver, researchers at Sandia National Laboratories in have concluded.
There is, however, some cheerful news. By role-playing the position of an adversary (also known as red teaming), Sandia researchers have demonstrated a unique "fingerprinting" technique that allows hackers with ill intent to identify a wireless driver without modification to or cooperation from a wireless device. Revealing this technique publicly, Sandia researchers hope, can aid in improving the security of wireless communications for devices that employ 802.11 networking.
Sandia is a National Nuclear Security Administration laboratory.
Wireless device drivers fraught with vulnerabilities
Device drivers, according to Sandia security researcher Jamie Van Randwyk, are becoming a primary source of security holes in modern operating systems. Through a laboratory-directed research grant, Van Randwyk and a team of college interns set out last year to design, implement, and evaluate a technique that has proved capable of passively identifying a wireless driver used by 802.11 wireless devices without specialized equipment and in realistic network conditions. Van Randwyk presented his team's findings last month at the USENIX Security Symposium in Vancouver, B.C.
Video and keyboard drivers are generally not exploited because of the difficulty in attaining physical access to those systems, leading some to believe that device drivers are immune to vulnerabilities. However, Van Randwyk points out, physical access is not necessary with some classes of drivers, including wireless cards, Ethernet cards, and modems.
"Wireless network drivers, in particular, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device," says Van Randwyk. Because the IEEE 802.11 standard is the most common among today's wireless devices, he and his team chose to evaluate the ability of an attacker to launch a driver-specific exploit by first fingerprinting the device driver. Fingerprinting is a process by which a device or the software it is running is identified by its externally observable characteristics.
"Passive" approach and "probe request frames" are key
The passive approach used by Van Randwyk and his colleagues demonstrates that a fingerprinter (attacker) need only be in relatively close physical proximity of a target (victim) in order to monitor his or her wireless traffic. Anyone within transmission range of a wireless device, therefore, can conceivably fingerprint the device's wireless driver. Reconnaissance of this type is difficult to prevent since the attacker is not transmitting data, making the attack "invisible" and hard to detect.
Sandia's fingerprinting technique relies on the fact that computers with wireless configurations actively scan for access points to connect to by periodically sending out "probe request frames," of which there are no standard 802.11 specifications. Consequently, developers have created a multitude of wireless device drivers that each performs the "probe request" function differently than other wireless device drivers. Sandia's fingerprinting technique demonstrates the inherent vulnerabilities in this situation through statistical analysis of the inter-frame timing of transmitted probe requests.
Fingerprinting not a new concept
Fingerprinting an 802.11 network interface card (NIC) is not a new concept, says Van Randwyk, and many tools exist that can help identify card manufacturers and model numbers via a wireless device's Media Access Control (MAC) address. Sandia's approach, however, is more advantageous in that it fingerprints the device driver, where most exploits rest due to the driver's placement within the operating system. Additionally, the features used by the Sandia passive technique are not a configurable option in any of the drivers tested, unlike the MAC address in most operating systems.
Sandia's fingerprinting technique has proven to be highly reliable, achieving an accuracy rate ranging from 77 percent to 96 percent, depending on the network setting. Furthermore, the technique requires that only a few minutes worth of network data be collected, and tests confirm that it can withstand realistic network conditions.
DOE/Sandia National Laboratories
Wireless device drivers fraught with vulnerabilities
Device drivers, according to Sandia security researcher Jamie Van Randwyk, are becoming a primary source of security holes in modern operating systems. Through a laboratory-directed research grant, Van Randwyk and a team of college interns set out last year to design, implement, and evaluate a technique that has proved capable of passively identifying a wireless driver used by 802.11 wireless devices without specialized equipment and in realistic network conditions. Van Randwyk presented his team's findings last month at the USENIX Security Symposium in Vancouver, B.C.
Video and keyboard drivers are generally not exploited because of the difficulty in attaining physical access to those systems, leading some to believe that device drivers are immune to vulnerabilities. However, Van Randwyk points out, physical access is not necessary with some classes of drivers, including wireless cards, Ethernet cards, and modems.
"Wireless network drivers, in particular, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device," says Van Randwyk. Because the IEEE 802.11 standard is the most common among today's wireless devices, he and his team chose to evaluate the ability of an attacker to launch a driver-specific exploit by first fingerprinting the device driver. Fingerprinting is a process by which a device or the software it is running is identified by its externally observable characteristics.
"Passive" approach and "probe request frames" are key
The passive approach used by Van Randwyk and his colleagues demonstrates that a fingerprinter (attacker) need only be in relatively close physical proximity of a target (victim) in order to monitor his or her wireless traffic. Anyone within transmission range of a wireless device, therefore, can conceivably fingerprint the device's wireless driver. Reconnaissance of this type is difficult to prevent since the attacker is not transmitting data, making the attack "invisible" and hard to detect.
Sandia's fingerprinting technique relies on the fact that computers with wireless configurations actively scan for access points to connect to by periodically sending out "probe request frames," of which there are no standard 802.11 specifications. Consequently, developers have created a multitude of wireless device drivers that each performs the "probe request" function differently than other wireless device drivers. Sandia's fingerprinting technique demonstrates the inherent vulnerabilities in this situation through statistical analysis of the inter-frame timing of transmitted probe requests.
Fingerprinting not a new concept
Fingerprinting an 802.11 network interface card (NIC) is not a new concept, says Van Randwyk, and many tools exist that can help identify card manufacturers and model numbers via a wireless device's Media Access Control (MAC) address. Sandia's approach, however, is more advantageous in that it fingerprints the device driver, where most exploits rest due to the driver's placement within the operating system. Additionally, the features used by the Sandia passive technique are not a configurable option in any of the drivers tested, unlike the MAC address in most operating systems.
Sandia's fingerprinting technique has proven to be highly reliable, achieving an accuracy rate ranging from 77 percent to 96 percent, depending on the network setting. Furthermore, the technique requires that only a few minutes worth of network data be collected, and tests confirm that it can withstand realistic network conditions.
DOE/Sandia National Laboratories
Wireless Current Events and Wireless News RSSNew brain findings on dyslexic children
The vast majority of school-aged children can focus on the voice of a teacher amid the cacophony of the typical classroom thanks to a brain that automatically focuses on relevant, predictable and repeating auditory information, according to new research from Northwestern University.
Mayo Clinic study shows people with heart devices can 'digest' advanced diagnostic technology safely
A new Mayo Clinic study suggests that video capsule endoscopy (CE), a procedure that uses wireless technology in diagnosing intestinal disease, is safe for patients with heart devices.
First in New York: Bionic technology aims to give sight to woman blinded beginning at age 13
A 50-year-old New York woman who was diagnosed with a progressive blinding disease at age 13 was implanted with an experimental electronic eye implant that has partially restored her vision.
Smallest Nanoantennas for High-speed Data Networks
More than 120 years after the discovery of the electromagnetic character of radio waves by Heinrich Hertz, wireless data transmission dominates information technology.
Caltech scientists create robot surrogate for blind persons in testing visual prostheses
Scientists at the California Institute of Technology (Caltech) have created a remote-controlled robot that is able to simulate the "visual" experience of a blind person who has been implanted with a visual prosthesis, such as an artificial retina.
Radio waves 'see' through walls
University of Utah engineers showed that a wireless network of radio transmitters can track people moving behind solid walls. The system could help police, firefighters and others nab intruders, and rescue hostages, fire victims and elderly people who fall in their homes. It also might help retail marketing and border control.
New publication offers security tips for WiMAX networks
Government agencies and other organizations planning to use WiMAX- Worldwide Interoperability for Microwave Access-networks can get technical advice on improving the security of their systems from a draft computer security guide prepared by the National Institute of Standards and Technology (NIST).
TECNALIA presents innovative mobile robots which are autonomous and polyvalent
TECNALIA Technological Corporation has introduced innovative robots at Euskotren's station in Atxuri (Bilbao) and which are mobile, multifunctional, collaborative, autonomous and polyvalent, suitable for a wide range of work from street cleaning and rubbish collection to accompanying elderly people.
Measuring the next successful antennas for in-body health monitoring devices
Antennas for the latest implanted medical devices are being developed by Queen Mary University of London and tested through a unique piece of kit at the UK's National Physical Laboratory (NPL).
Watching over the water system
After a big earthquake, it's key to keep the water system afloat. Water is necessary for life, and it fights the fires that often accompany such disasters.
More Wireless Current Events and Wireless News Articles
 |
Linksys WRT54G2 Wireless-G Broadband Router by Linksys The Linksys Wireless-G Broadband Router is really three devices in one box. First, there`s the Wireless Access Point, which lets you connect both screaming fast Wireless-G (802.11g at 54Mbps) and Wireless-B (802.11b at 11Mbps) devices to the network. There`s also a built-in 4-port full-duplex 10/100 Switch to connect your wired-Ethernet devices together. Connect four PCs directly, or attach more hubs and switches to create as big a network as you need. Finally, the Router function ties it all together and lets your whole network share a high-speed cable or DSL Internet connection. |
 |
Linksys-Cisco WRT54GL Wireless-G Broadband Router (Compatible with Linux) by Linksys The Linksys Wireless-G Broadband Router is really three devices in one box. First, theres the Wireless Access Point, which lets you connect both screaming fast Wireless-G (802.11g at 54Mbps) and Wireless-B (802.11b at 11Mbps) devices to the network. Theres also a built-in 4-port full-duplex 10/100 Switch to connect your wired-Ethernet devices together. Connect four PCs directly, or attach more hubs and switches to create as big a network as you need. Finally, the Router function ties it all together and lets your whole network share a high-speed cable or DSL Internet connection. Once your computers are connected to the Router and the Internet, they can communicate with each other too, sharing resources and files. All your computers can print on a shared printer connected anywhere in the... |
 |
Powermat PMM-HO100 Home & Office Mat (Black) by Powermat USA The Powermat Portable Mat wirelessly charges up to 3 devices at once. Simply Drop & Charge your favorite devices (receivers for devices sold seperatley). |
 |
Wireless by Charles Stross (Author) Science fiction guru Charles Stross "sizzles with ideas" (Denver Post) in his first major short story collection. The Hugo Award-winning author of such groundbreaking and innovative novels as Accelerando, Halting State, and Saturn's Children delivers a rich selection of speculative fiction- including a novella original to this volume- brought together for the first time in one collection, showcasing the limitless imagination of one of the twenty-first century's most daring visionaries. |
 |
HP Officejet Pro 8000 Wireless Printer by Hewlett Packard Want a printer that offers the convenience of wireless networking? Our Officejet Pro 8000 is right for all printing. You will get professional-quality color at up to 50% lower color cost per page and using less energy than laser printers, and get impressive business documents using automatic two-sided printing. |
 |
Super G 802.11BG Wireless Pci 64 Bit Xp Compliant Turbo Mode by MSI COMPUTER The MSI PC60G Wireless 11g Turbo G PCI card offers higher data rate than standard 802.11g based on the MSI Turbo G Mode technology. Experiencing the high throughput of the MSI Turbo G Mode, MSI Turbo G series wireless products are highly recommended as your best choices, and are suggested to function with MSI Turbo G series wireless products to optimize performance. In addition, the PC60G comes equipped with the ability to help prevent access to sensitive data on the network to secure over the air transmissions with 64/128-bit WEP, WPA, and WPA2 encryption. |
 |
Wireless Extenders zBoost YX510-PCS-CELDual Band Cell Phone Signal Booster up to 2500 Square Feet of Coverage for Home or Office (800 MHz and 1900 MHz Phones) by Wireless Extenders Designed for consumers, the zBoost dual band cell phone signal booster extends a zBoost Cell Zone for single or multiple users in homes or offices simulatneously. |
 |
Sennheiser RS120 926 MHz Wireless RF Headphones with Charging Cradle by Sennheiser The Sennheiser RS-120 Wireless Headphones are an ideal choice for wireless use of both Hi-Fi audio and the TV. The open-ear headphones are supraaural and provide detailed, warm sound reproduction with a strong bass response. The headphone receive sound through walls and ceilings so you won't have to remain in the same room as your equipment. Power comes from NiMH batteries that are recharged by simply putting the headphones on their transmitter base that can be mounted to a wall. The entire system weighs just 8.1 ounces, and it comes with a two-year warranty. |
 |
Xbox 360 Wireless Network Adapter A/B/G Networks Only by Microsoft Software Designed for versatility and ease, the Xbox 360 Wireless Networking Adapter enhances your Xbox 360 experience in the digital home, seamlessly synchronizing with the Xbox 360 system. You can easily transfer videos and music to your Xbox 360 system from your Media Center PC, chat with your friends, play games via Xbox Live, and more - all without the clutter of wires. |
 |
802.11 Wireless Networks: The Definitive Guide, Second Edition by Matthew S Gast (Author) As we all know by now, wireless networks offer many advantages over fixed (or wired) networks. Foremost on that list is mobility, since going wireless frees you from the tether of an Ethernet cable at a desk. But that's just the tip of the cable-free iceberg. Wireless networks are also more flexible, faster and easier for you to use, and more affordable to deploy and maintain. The de facto standard for wireless networking is the 802.11 protocol, which includes Wi-Fi (the wireless standard known as 802.11b) and its faster cousin, 802.11g. With easy-to-install 802.11 network hardware available everywhere you turn, the choice seems simple, and many people dive into wireless computing with less thought and planning than they'd give to a wired network. But it's wise to be familiar with... |
| © 2009 BrightSurf.com |