Houston Community News >> WiFi Cards Expose Laptop to Hackers

8/4/2006 by Walaika Haskins-- Security researchers have sounded the alarm for wireless Internet users, warning them that their laptop computers are vulnerable to attack by hackers. The flaws could allow thieves to gain access to passwords, bank accounts, and other private information even when the system is not connected to the Internet.


According to David Maynor, senior researcher at network security firm, SecureWorks, and fellow researcher Jon "Johnny Cache" Ellch, the problem is with the software built into wireless-networking hardware that allows it to communicate with a computer's operating system. A criminal exploiting the flaw could send malicious code to an unprotected laptop and gain complete control over it via its Wi-Fi card

The two presented a video demonstration of how the vulnerability could be exploited on a MacBook by taking advantage of software flaws specific to Apple's
operating system, during the opening day of the Black Hat security conference in Las Vegas. But, they added, similar flaws exist in Microsoft Windows and the
open-source operating system, as well, so the majority of all computers, including desktops, are also susceptible.

"The problem itself isn't really an Apple problem," Maynor told the Associated Press. "This is a systemic problem across the industry."

To launch an attack exploiting the Wi-Fi driver flaws, a hacker would need to be within the range of a Wi-Fi signal -- normally about 100 feet. That distance, however, is subject to change as wireless technologies significantly extend the reach of a WiFi signal. That could increase the threat from hackers.

Maynor and Ellch refused to provide specific details or conduct a live demonstration of their research for fear it would fall into criminal hands. But, Maynor did say they were able to remotely identify the wireless driver running on a specific computer and drop a "root kit," i.e., hacker software, into the MacBook, which allowed them to create, read, and delete files on the computer.

The test was conducted using third-party wireless hardware rather than the original wireless equipment Apple ships with the laptop. The duo refused to identify the make or model of the wireless device so as not to give potential hackers a heads-up. But, Maynor said, the flaws are so common that he would have little trouble finding a vulnerable computer at any Internet cafe.

According to Maynor, the main problem is that wireless cards are controlled by a mix of several hardware and software developers. These developers are often under a lot of pressure to quickly get their products to market, and do not invest enough time in perfecting their software.

The pair decided to go ahead with the demonstration because of the danger it presents to wireless users, particularly as a connection to the Internet is not necessary for intruders to exploit the flaw. Wireless cards, unless disabled, constantly broadcast their signal to any network in the vicinity and most are configured to automatically connect to any available network. So, any computer with an active wireless card is at risk.

"We want to educate developers and hardware makers about this threat before it becomes a wide-scale issue," Maynor said. "We're not talking about something that people don't know about, but a lot of people don't know the severity."