A Wi-Fi Warning

Jan 1, 2007 12:00 PM, ASHLEY ROE


         Subscribe in NewsGator Online   Subscribe in Bloglines

‘FINGERPRINTING’ A DEVICE DRIVER IS A NEW WAY FOR YOUR DATA TO BE COMPROMISED

Just say no to wireless networks, suggest researchers from Sandia National Laboratories, Livermore, Calif., who recently uncovered new vulnerabilities of using the wireless networks available in airports and cafes by revisiting a popular hacking method known as “fingerprinting.”

Fingerprinting is a process by which a device or its software is identified by its externally observable characteristics with the purpose of gaining access to sensitive data. By assuming the role of the adversary, or “red-teaming,” Sandia researchers were able to hack into wireless devices through device drivers instead of network interface cards, a previously common means of accessing the information.

“Our technique is completely passive, meaning that a fingerprinter, or attacker, needs only to be able to monitor wireless traffic from the ‘fingerprintee,’ or ‘victim,’” the researchers state in a published report. This means that nearly anyone within transmission range of a wireless device could fingerprint a driver. He or she could only be sitting a few seats away. “If an attacker can passively determine which driver a device is using, he or she can successfully gain information about his victim without fear of detection,” the report states.

Among the most vulnerable wireless drivers include wireless cards, Ethernet cards and modems. According to Jamie Van Randwyk, a Sandia information security specialist and co-author of the report, wireless device drivers are becoming the primary source of security holes in modern operating systems. Physical access is not necessary when attempting to interact with and exploit these classes of drivers. Randwyk says the biggest step end-users can take for protection is to turn off their computer's wireless network. “In most modern laptop computers, this is very easy to turn off, and not doing it will leave yourself vulnerable,” he says.

Take the precaution.

To view the full report, visit http://www.sandia.gov.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top