Sunday, November 12, 2006
A different kind of wireless security problem
We knew about the risk of eavesdropping. This new problem is different and worse.
There's software, a "driver", that makes your wireless card work. This software runs with high privileges, in the sensitive innards of your operating system. What if it has a bug, a security bug which allows someone to take it over? Then you've lost control of your machine. That would be even worse than the usual ways of getting infected because it would require absolutely no action on your part, just having your wireless system turned on within range of somebody malicious.
Broadcom, who makes the inner working of WiFi cards from several different name brands, put such a bug into their driver software. If your card says "Linksys", there's a patch. If it's from somebody else, you're stuck phoning the support line for your equipment and arguing with people who won't know what you're talking about: "Broadcom, in Irvine, Calif., has released a fixed driver to partners, but the availability of fixes for end-users appear to be very limited."
Hype or Horror?
There are two bits of good news in this. One is that there's no evidence that bad guys are actually attacking through this security hole (yet). The other is that it's not the kind of attack that pays big money for them. They could only infect a few computers at a time, or at most several dozen, with an attack like this. They could get tens of thousands of zombie computers under their control by using an Internet-based attack.
Details for your technical friends: The SANS report listing affected versions and files and The original security bug report about the Broadcom equipment.
UPDATE 11/15:
You're taken care of if you own a Dell. Glenn Fleishman's Wi-Fi Net News (read it if you have any interest in the industry) reports that Dell has released a patch for their computers.
UPDATE 11/22:
It's not your imagination. News like this does come in waves. What happens is that security people who hear about a new category of problem turn their attention to finding new examples. That's why we've now found out about similar vulnerabilities in wireless equipment from D-Link and from Netgear. For links to patches, I'll refer you to someone I respect who's already put the list together, Roger Grimes.
|
There's software, a "driver", that makes your wireless card work. This software runs with high privileges, in the sensitive innards of your operating system. What if it has a bug, a security bug which allows someone to take it over? Then you've lost control of your machine. That would be even worse than the usual ways of getting infected because it would require absolutely no action on your part, just having your wireless system turned on within range of somebody malicious.
Broadcom, who makes the inner working of WiFi cards from several different name brands, put such a bug into their driver software. If your card says "Linksys", there's a patch. If it's from somebody else, you're stuck phoning the support line for your equipment and arguing with people who won't know what you're talking about: "Broadcom, in Irvine, Calif., has released a fixed driver to partners, but the availability of fixes for end-users appear to be very limited."
Hype or Horror?
There are two bits of good news in this. One is that there's no evidence that bad guys are actually attacking through this security hole (yet). The other is that it's not the kind of attack that pays big money for them. They could only infect a few computers at a time, or at most several dozen, with an attack like this. They could get tens of thousands of zombie computers under their control by using an Internet-based attack.
Details for your technical friends: The SANS report listing affected versions and files and The original security bug report about the Broadcom equipment.
UPDATE 11/15:
You're taken care of if you own a Dell. Glenn Fleishman's Wi-Fi Net News (read it if you have any interest in the industry) reports that Dell has released a patch for their computers.
UPDATE 11/22:
It's not your imagination. News like this does come in waves. What happens is that security people who hear about a new category of problem turn their attention to finding new examples. That's why we've now found out about similar vulnerabilities in wireless equipment from D-Link and from Netgear. For links to patches, I'll refer you to someone I respect who's already put the list together, Roger Grimes.
# posted by Frederick @ 9:08 AM Email to a friend:
Haloscan: they provide trackback