Security Experts Are on Alert Over Wireless-Hacking Technique
Security experts are raising alarms about a technique that computer hackers could use to penetrate a company's wired data networks from its wireless networks, Monday's Wall Street Journal reported.
Wireless links are increasingly being used by companies to connect desktop and laptop computers without using wires. Cigital Inc., a computer-security company in Dulles, Va., said it has identified a new way to exploit vulnerabilities that have been uncovered in a technology used for wireless local networks.
The attack could allow a skilled hacker, armed with a laptop computer and a wireless modem, to view or modify e-mail, Web pages or other documents being passed through the wired parts of a company's networks, said Robert Fleck, the Cigital consultant who documented the problem.
Some other security experts say standard security precautions can sharply reduce the risk, and some organizations have already taken those steps. But Cigital's tests show that other companies don't appear to be doing so.
The latest security issue builds on earlier discoveries about a popular wireless technology, which is variously known by the term Wi-Fi, or the numerical designation 802.11b. Many companies ship 802.11b hardware with security settings at the lowest level; at companies that don't adjust those settings, packets of data are broadcast through networks without being scrambled to protect them against eavesdropping.
After that problem was publicized, researchers found that the encryption technology used to scramble those packets -- when it is turned on -- can be quickly cracked in an hour or so by hackers armed with some software programs that are easy to obtain.
Mr. Fleck of Cigital combined those wireless vulnerabilities with an attack that has been identified and addressed in most wired networks. Known as ARP poisoning, from the acronym for address resolution protocol, the attack manipulates software in the circuit boards that connect computers to corporate networks. That software contains addresses of other connected machines; a skilled hacker can fool the software to make it seem like his machine has an authorized address to receive data packets on the network. An attacker who understood both techniques, Mr. Fleck said, could use a laptop with a wireless connection to enter a company's wireless network, and then effectively tell machines on the wired portion of the network to pass all data packets through his laptop.
The most obvious solution to the problem is to segregate the gateway device that acts as the front door for machines making wireless connections to a network. That can be done using routing devices or filtering programs known as firewalls.
Copyright (c) 2001 Dow Jones & Company, Inc.
All Rights Reserved.
