It appears that every two steps forward are followed by at least one step backward. So it is with WLAN security, as clever security researchers said they have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. David Maynor and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, CA, will demonstrate the flaw at the upcoming Black Hat USA 2006 conference.
Maynor and Ellch "fuzzed" various wireless cards-- hacker slang for throwing a lot of wireless packets at the cards. This can cause programs to fail or run unauthorized software. They were able to access a laptop through a wireless device. "You don't have to necessarily be connected for these device driver flaws to come into play," Ellch said. "Just because your wireless card is on and looking for a network could be enough."
For more ion the latest WLAN security problem
- read Robert McMillan's NetworkWorld report
- and Peter Judge's ZDNet UK report
For more about the Black Hat event
- check out the event's Web site
PLUS:This is an opportune time for the National Institute for Standards and Technology (NIST) to issue its draft guide for 802.11i-based WLAN security. Report