Wireless access has become much more feasible in recent
years, but that doesn’t
mean that security has kept up with its progress. Sure, you may be able to
connect to a wireless access point from your local Starbucks and read your
e-mail while sipping a cup of joe—but who else is out
there enjoying the recent e-mail installment from your sister’s vacation or
perusing your latest bank statement?
To remain protected against such black hats, you need to
stay on top of the latest wireless security threats—and make sure your users do
the same. For example, most security professionals are aware of the man-in-the-middle
attack, which occurs when a black hat is able to read, insert, and modify messages between two machines without
either party knowing that someone has compromised the link between them.
This type of attack has somewhat faded due to physical
security and the complexity of the current switched networks that usually
reside between the two end points. But make no mistake: This type of attack is
In fact, a relatively new wireless tool is helping revive the
man-in-the-middle attack. AirPwn, which debuted at DEFCON 12
in July 2004, requires two 802.11b network interface cards—one for listening
and the other for injecting. It is currently only available for POSIX operating
systems (i.e., Linux, BSD, and other UNIX flavors).
Using this tool on an open wireless network can yield a
couple different results. But neither situation is good news for the user.
Let’s look at the possibilities:
can completely capture an entire wireless session. If a user logs on to
check e-mail and isn’t working over an SSL connection, someone else can
read everything he or she does while online. This includes capturing
session tokens and hijacking a session after the user has logged in.
- AirPwn can inject and redirect traffic to another machine. If a
user browses to a Web site, a black hat can use AirPwn to inject content
from a different location to the user’s browser. This content could include anything from text,
pictures, or harmful code, which could compromise the machine.
AirPwn is a plague to the open wireless networks that exist
all over the world. This is one more reason to teach users that they can’t
expect privacy while using a public network.
It’s imperative that users understand the risks of using
public access. In addition, they can increase their level of data protection by
following one simple rule:
Limit the type of
transactions conducted when connected to a public network.
When you leave your home or corporate network and connect to
an open wireless network, your expectation of privacy and security should drop
dramatically. There is no such thing as a trusted open network.
If you didn’t configure the network and you can’t identify
everyone connected to the network, that means it’s an open network. Remember
that whenever you use an open network, someone could be listening and
manipulating the information you see and send to others. If you have to log on
to a site from an open wireless connection, make sure you use an encrypted
It’s important that security professionals remain aware and
knowledge about the tools the enemy has available. Just as vital is sharing
this information with users and educating them about defending themselves.
I recommend visiting black hat sites and seeing what types
of tools they have to use against you. The bad guys are certainly watching you—it’s
time you started watching them. Then, pass on that knowledge to the people you
Miss a column?
Check out the Security Solutions Archive,
and catch up on the most recent editions of Mike Mullins’ column.
Worried about security issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter, delivered each Friday,
and get hands-on advice for locking down your systems.
Mike Mullins has served as an assistant
network administrator and a network security administrator for the U.S. Secret
Service and the Defense Information Systems Agency. He is currently the
director of operations for the Southern Theater Network Operations and Security