802.11 Has DoS Vulnerability

By Eric Griffith

May 13, 2004

Wi-Fi networks -- mainly those based on the 802.11b standard-- are allegedly vulnerable to traffic disrupting attacks according to a new report.

Students from Brisbane, Australia's Queensland University of Technology School of Software Engineering and Data Communications say they've uncovered a flaw in the 802.11 specification that could let attackers shut down wireless networks in seconds.

A report on the findings was issued by the Australian Computer Emergency Response Team (AusCERT) called Denial of Service Vulnerability in IEEE 802.11 Wireless Devices. It says an attacker using a "low-powered, portable device such as an electronic PDA and a commonly available wireless networking card can cause significant disruption to all WLAN traffic within range, in a manner that makes identification and localization of the attacker difficult."

The problem is caused by an exploitation of the Clear Channel Assessment (CCA) procedure used in equipment running Direct Sequence Spread Spectrum (DSSS) at the network's physical (PHY) layer: mostly 802.11b and the earlier 802.11 (no letter). It forces all the WLANs in range using DSSS to "defer transmission of data for the duration of the attack."

Networks using 802.11g in mixed mode (with both 802.11g and 11b clients) may also be vulnerable. At higher speeds, 802.11g uses Orthogonal-Frequency-Division Multiplexing (OFDM) modulation, as does 802.11a.

Such a DoS attack would impact anything in range. Access points would shut out all clients; clients in range would effectively be shut out of the network. The effect only lasts as long as the attacker performs it. After they stop transmitting, the WLAN would return to normal operation.

The vulnerability does not compromise data either by destroying it or intercepting it.

The upcoming 802.11i standard for advanced security on all 802.11 networks would not prevent the attacks. 802.11i is a solution for authentication of users and encryption of data.

The report adds that "independent vendors have confirmed that there is currently no defense." This problem is essentially built right into the use of DSSS in 802.11. The best solution is to shield WLANs from the outside, something that's not an option for public access Wi-Fi hotspots which are "particularly vulnerable." AusCERT recommends not using WLANs vulnerable to the attack for "safety, critical infrastructure and/or other environments where availability is a primary requirement."

The professor of the students that discovered the flaw is quoted at News.com.au as saying the announcement shouldn't cause panic, but should "cause a lot of organizations to evaluate carefully what they use wireless networks."

This DoS vulnerability is not the first security issue the 802.11 world has faced. It joins the problems of wired equivalent privacy (WEP) , the built in security in the standard. WEP, it turns out, is easily cracked with the right tools and enough patience. It has been replaced over the last year by Wi-Fi Protected Access (WPA) and soon 802.11i.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.