It appears that every two steps forward are followed by at least one step backward. So it is with WLAN security, as clever security researchers said they have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. David Maynor and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, CA, will demonstrate the flaw at the upcoming Black Hat USA 2006 conference.
Maynor and Ellch "fuzzed" various wireless cards-- hacker slang for throwing a lot of wireless packets at the cards. This can cause programs to fail or run unauthorized software. They were able to access a laptop through a wireless device. "You don't have to necessarily be connected for these device driver flaws to come into play," Ellch said. "Just because your wireless card is on and looking for a network could be enough."
PLUS:This is an opportune time for the National Institute for Standards and Technology (NIST) to issue its draft guide for 802.11i-based WLAN security. Report