Wi-Fi

How secure are your wireless device drivers?

Even with the emphasis on securing wireless devices and how they communicate with operating systems, flaws have still surfaced, and attackers have exploited them. One often overlooked source for security flaws is the wireless device driver. Mike Mullins takes a closer look in this edition of Security Solutions.

Wireless devices have revolutionized the way we work, and they've energized the security community to defend them. Unfortunately, they've also given black hats something new to try to subvert for their own personal gain or fame.

Many businesses put off going wireless due to security concerns. To help combat this menace, a multitude of vendors and security professionals have devoted a lot of time and effort to figure out ways to secure wireless connectivity.

However, even with the emphasis on securing wireless devices and how they communicate with operating systems, flaws have still surfaced, and attackers have exploited them. And some of them may still be unknown to the community of users you support.

Like most security professionals, you've probably become pretty vigilant in testing and updating software and security patches. However, an often overlooked area is the device driver that interfaces between the hardware and the OS—and flaws in these drivers do exist.

Vendors develop hardware and device drivers to comply with existing (as well as proposed) standards. This ensures the widest target audience of consumers.

As for wireless devices, the IEEE 802.11 standard requires all stations to listen to and honor many types of frames while in "State 1" (i.e., unassociated and unauthenticated). And this is where the problem lies.

Hackers can use an open source 802.11 hacking tool called LORCON (Loss of Radio Connectivity) to throw an extremely large number of wireless packets at different wireless cards—a technique called fuzzing. This approach allows the hacker to take over a laptop by exploiting a flaw in an 802.11 wireless driver.

However, no OS update or security patch will solve this problem. Let's take a closer look.

The problem

At the 2006 Black Hat convention, David Maynor and Johnny Cache demonstrated many examples of wireless device driver flaws. One such example allowed the pair to take over a laptop by exploiting a bug in an 802.11 wireless driver.

While this particular demonstration only targeted 802.11 wireless devices, studies have shown that other wireless devices are also vulnerable. As further validation, both Apple and Dell released updates to wireless device drivers.

I've heard some people discounting this flaw as hypothetical. However, when I see updates released to address theoretical flaws, I tend to take notice—and so should you.

The solution

Apparently, the only solution is to become more knowledgeable about which wireless devices your end-user community uses on their laptops. If your organization purchased the technology, this is information you should already have.

Once you know all of the different types of wireless devices authorized to be on your network, you need to become more vigilant in monitoring vendor Web sites for updates to device drivers. Schedule timely deployments of the updates as they occur, just as you would for a security fix.

Final thoughts

While this problem isn't an epidemic, it is something that needs to stay on your security radar. This is not an OS-specific problem. Device vendors are aware of it, and they continue to release new drivers to combat the issue. Figure out which devices are part of your network, and check for vendor updates on a regular basis.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

5 comments
BALTHOR
BALTHOR

Why doesn't the computer just use the firmware in the device?The driver is a file that tells a switch in the firmware to turn on.This driver idea will ruin your hardware corporation.

Mike Mullins
Mike Mullins

A driver is a software module that manages access to a hardware device, taking the device in and out of service, setting hardware parameters, transmitting data between memory and the device, sometimes scheduling multiple uses of the device on behalf of multiple processes, and handling I/O errors. No driver = no access to the device

ThomasJWest
ThomasJWest

Was the Apple's wifi card set to connect to any available network? That would be the equivalent of a 'Hack-Me' sign taped to its back, a real open invitation. The demo didn't mention the lack of security on the mac either.

BIOSphereopts
BIOSphereopts

Part of the problem with mac security is the false sense of security that is associated with them. I've seen displays at big box retailers touting the invulnerability of a Mac in terms of viruses and hackers. My son fell for this until I scanned his ports and showed him that his ftp port was wide open. I had to explain TCP/IP to him. Later he called me complaining that he had a virus. "NO WAY!, NOT ON A MAC!" hmmmm.

BIOSphereopts
BIOSphereopts

I didnt need to hear that. Ok, maybe I did. Help me out here, I use a wireless router here at home, with the following: 128 bit WEP SSID broadcast disabled Mac Filtering Are you saying that I am still vulnerable? Although I dont think any of my neighbors will be the ones to attack my wireless network, since they pop up all the time unsecured, would someone with the gumption be able to hack my laptop even with all that?

Editor's Picks