Queensland University of Technology (QUT) students have discovered a flaw in 802.11 (Wi-Fi) wireless networks that would allow a hacker to effectively shut down any wireless network using a Denial of Service (DoS)-like attack.
The PhD students, from QUT's Information Research Centre, said that the Collision Avoidance (CA) feature of Wi-Fi networks which followed the IEEE's standardised 802.11 protocol was to blame. They were studying ways to prevent Wi-Fi-based attacks when they discovered the flaw.
By exploiting the way CA worked using a simple Wi-Fi-enabled handheld device, a hacker could cause both the wireless access points and wireless client devices (PCs, notebooks, PDAs, or whatever else) to stop transmitting data wirelessly. When such an attack occurred, it appeared as if the wireless network was busy with other tasks, and was unresponsive. The attack would require a 'semi-skilled' attacker, the students said.
'In order to exploit the vulnerability, potential attackers only needed a common wireless adaptor which retails for about $80-$90 and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission,' said Associate Professor Mark Looi, whose students discovered the flaw. 'With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometre of its operation in anywhere between five and eight seconds.'
Representatives said the Wi-Fi Alliance was looking into the matter, but the organisation seemed to be most surprised that simple Wi-Fi-enabled devices could be made to work in this fashion. However, there had been reports of people attending computer industry trade shows, wandering around and silently turning off wireless networks as they went, using such devices.
Various companies, including AirMagnet, make devices that can sense such anti-Wi-Fi devices, using a metal detector-like clicking sound that gets louder as you get closer to the offending device.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
