èƵ

Wi-Fi networks suffer ‘autoimmune’ attacks

Hackers may be able to trick security software into attacking a network's own users, and encryption may not offer much defence

JUST as the body’s immune system sometimes mistakenly attacks its own cells, so the security software intended to protect network users can be fooled into attacking them. This could make attacks by hackers even harder to detect and prevent.

Security software typically prevents unauthorised access by encrypting most of the data transmitted across a network, preventing hackers from exploiting it to cause trouble. However, the administrative commands used to authorise or exclude users are usually sent “in the clear”, for simplicity’s sake.

That means hackers can use fake commands to disconnect users, in so-called denial-of-service (DoS) attacks. To try to prevent this, security software is designed to check that messages are valid before they’re relayed to users and acted upon.

But at next week’s Defcon 16 security conference in Las Vegas, researchers from AirTight Networks in Pune, India, will demonstrate how this validity check can itself be used to dupe the software into sending malicious DoS commands. “This would very easily fool current protection systems,” says team leader Pravin Bhagwat.

“The validity check can itself be used to fool software into launching an attack”

So far the team has exploited this vulnerability to compromise eight systems commonly used to protect home and business Wi-Fi networks. In one instance, the team set up a computer to use a network’s broadcast address as a fake ID. This address relays messages to all network users in one go. When the computer tried to connect to the network, the security software recognised that it wasn’t using a valid ID and declined access. But because the fake ID was the broadcast address, when the software sent a message denying the rogue computer access, it also sent the message to everyone else on the network, so every user was disconnected.

Such “autoimmune” attacks suggest that encryption alone is no longer enough to safeguard networks. The next-generation Wi-Fi standard specifies that admin commands should be encrypted. But a couple of unencrypted messages must still be sent to establish a connection in the first place – which the AirTight team successfully exploited in another attack.

“Since the attack occurs before encryption, it will be very difficult to counter,” says Guy Bunker, chief scientist at security company Symantec. AirTight team member Mohamed Sohail Ahmad suggests that security software will have to rigorously validate where data packets come from before disconnecting users. “But that’s a hard task,” he says.

Computer Viruses – Learn more about the threats to your PC in our comprehensive .

Topics: Computer crime