How secure are your wireless device drivers?

Even with the emphasis on securing wireless devices and how they communicate with operating systems, flaws have still surfaced, and attackers have exploited them. One often overlooked source for security flaws is the wireless device driver. Mike Mullins takes a closer look in this edition of Security Solutions.

Wireless devices have revolutionized the way we work, and they've energized the security community to defend them. Unfortunately, they've also given black hats something new to try to subvert for their own personal gain or fame.

Many businesses put off going wireless due to security concerns. To help combat this menace, a multitude of vendors and security professionals have devoted a lot of time and effort to figure out ways to secure wireless connectivity.

However, even with the emphasis on securing wireless devices and how they communicate with operating systems, flaws have still surfaced, and attackers have exploited them. And some of them may still be unknown to the community of users you support.

Like most security professionals, you've probably become pretty vigilant in testing and updating software and security patches. However, an often overlooked area is the device driver that interfaces between the hardware and the OS—and flaws in these drivers do exist.

Vendors develop hardware and device drivers to comply with existing (as well as proposed) standards. This ensures the widest target audience of consumers.

As for wireless devices, the IEEE 802.11 standard requires all stations to listen to and honor many types of frames while in "State 1" (i.e., unassociated and unauthenticated). And this is where the problem lies.

Hackers can use an open source 802.11 hacking tool called LORCON (Loss of Radio Connectivity) to throw an extremely large number of wireless packets at different wireless cards—a technique called fuzzing. This approach allows the hacker to take over a laptop by exploiting a flaw in an 802.11 wireless driver.

However, no OS update or security patch will solve this problem. Let's take a closer look.

The problem

At the 2006 Black Hat convention, David Maynor and Johnny Cache demonstrated many examples of wireless device driver flaws. One such example allowed the pair to take over a laptop by exploiting a bug in an 802.11 wireless driver.

While this particular demonstration only targeted 802.11 wireless devices, studies have shown that other wireless devices are also vulnerable. As further validation, both Apple and Dell released updates to wireless device drivers.

I've heard some people discounting this flaw as hypothetical. However, when I see updates released to address theoretical flaws, I tend to take notice—and so should you.

The solution

Apparently, the only solution is to become more knowledgeable about which wireless devices your end-user community uses on their laptops. If your organization purchased the technology, this is information you should already have.

Once you know all of the different types of wireless devices authorized to be on your network, you need to become more vigilant in monitoring vendor Web sites for updates to device drivers. Schedule timely deployments of the updates as they occur, just as you would for a security fix.

Final thoughts

While this problem isn't an epidemic, it is something that needs to stay on your security radar. This is not an OS-specific problem. Device vendors are aware of it, and they continue to release new drivers to combat the issue. Figure out which devices are part of your network, and check for vendor updates on a regular basis.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

Editor's Picks

Free Newsletters, In your Inbox