We've always known that wireless networking had lots of security problems. But we didn't realize how bad they could be until this week, when Intel released information about security vulnerabilities in the software that runs its Centrino wireless systems, and when security researchers independently demonstrated how they could exploit similar flaws to take over a wireless laptop with startling ease.
On Aug. 1, Intel issued a bulletin warning of three flaws in the software that lets its Wi-Fi radios communicate with the Windows operating system. Although the company said that it knew of no active exploitation of the flaws, one of them was especially dangerous because it could allow an attacker to take remote control of a computer over the air. Then the next day, on Aug. 2, two researchers demonstrated just such an attack at the Black Hat security conference in Las Vegas.
At the event, David Maynor of SecureWorks and Johnny Cache (the nom de guerre of independent researcher Jon Ellch) decided to forgo a live demo for fear of giving away too much information to the bad guys, and instead settled for a video (available from C|Net) that obscured crucial details, but remained plenty scary. In the video, it took Maynor just a minute or so on a Dell laptop to take complete control of an Apple Computer MacBook Pro through a vulnerability in its Wi-Fi card, built by an unidentified third party.
ACROSS THE BOARD.
Maynor stressed that there was nothing Mac-specific in the attack. The problem was not in the OS X operating system from Apple (AAPL) but in the third-party "device driver" software. Although only Intel (INTC) has announced vulnerabilities, it seems a safe bet at this point that there are similar problems with any type of Wi-Fi radio working with any operating system, including any flavor of Windows or Linux.
In addition to Intel, which makes Wi-Fi radios only for Centrino laptops, the major manufacturers of Wi-Fi chips are Broadcom (BRCM), Atheros (ATHR), and Marvell (MRVL), but the products are sold under a wide variety of brand names, including Dell (DELL), Hewlett-Packard (HPQ), Netgear (NTGR), and Linksys, a division of Cisco Systems (CSCO).
Earlier attacks on Wi-Fi security focused on a hacker's ability to break through weak encryption and snatch supposedly private communications out of the air; or, on the ability of an attacker to gain unauthorized access to a wireless network. These new vulnerabilities are much more frightening because they allow an attacker to bypass all of the computer's defense mechanisms, including file encryption.
"Both the Centrino and Mac flaws allow attackers to circumvent encryption," says Alan Paller, research director for the SANS Institute, a Bethesda (Md.) security research organization. "That means that sensitive data stored on laptops isn't protected even if it is encrypted."
For the time being, there's not a whole lot you can do to protect yourself, short of turning off the wireless adapter on your laptop. Intel has released patches to fix the vulnerabilities in its software, but warns that installing them could cause problems because PC manufacturers frequently install modified versions on their own systems.
It would probably be best to wait until fix software is available from the maker of your computer or from the maker of your add-in wireless card, if you use one. In the meantime, it's a good idea to turn off wireless when you are not actually using it. You're likely to notice if someone tries to take over your computer while you are actually working on it, but these attacks will work on a computer sitting idle, even if it is not logged in to a wireless access point.