Wireless technology flawed

A major wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just five seconds has been identified by Australian researchers.

A major wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just five seconds has been identified by Queensland University of Technology’s (QUT) Information Security Research Centre – a finding that is likely to have worldwide ramifications.

Wireless technology is booming in popularity because it allows for access to the internet without the need for cables and it is also used in some countries to control infrastructures such as railway networks, energy transmission and other utilities.

Associate Professor Mark Looi, Deputy Head of QUT’s School of Software Engineering and Data Communications said the discovery of the flaw should send a warning to high levels of government and industry world wide.

“Any organisation that continues to use the standard wireless technology (IEEE 802.11b) to operate critical infrastructure could be considered negligent,” Professor Looi said.

“This wireless technology should not be used for any critical applications as the results could potentially be very serious.”

Professor Looi’s PhD students – Christian Wullems, Kevin Tham and Jason Smith – discovered the flaw while investigating mechanisms for defending wireless devices against being hacked.

The findings were presented by Wullems to the Institute of Electrical and Electronic Engineers (IEEE) Wireless Telecommunication Symposium in California on Friday, May 14.

In effect the flaw allows for the disruption of the standard 802.11b radio frequency developed by the IEEE to transmit data.

The result is that the wireless devices cannot communicate with each other and service is denied.

The 802.11b network is supported by a number of computing platforms including Macs, PCs and hand held devices and in 99.9 per cent of all cases is the only way to connect to wireless networks.

In order to exploit the vulnerability potential attackers only need a common wireless adaptor which retails for about $A50 and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission.

“With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometre of its operation in anywhere between five and eight seconds,” Professor Looi said.

The Information Security Research Centre at QUT has been working with AusCERT – Australia’s national computer emergency response team to alert manufacturers about vulnerable wireless networking equipment since the discovery was made in November last year. A solution to the problem is yet to be found.

AusCERT has also released an advisory on their website.

Professor Looi said it was important to release the findings to ensure that users of the wireless technologies were made fully aware of the potential risks to their systems.

In Brisbane there are about 12 public access networks plus numerous corporate intranet systems that could be affected.

“QUT confirmed their findings with other leading independent researchers in Australia,” Professor Looi said.

Professor Looi said the process to bring down a wireless network was very simple however it did not compromise the data on the network.

“When the adapter is given the right sequence of codes, it sends out enough information over the air for the network link to mistake it as interference – when this happens all devices on the network delay their transmission for a short period of time.

“The adapter will keep sending out the interference signal so the wireless network can’t resume its normal transmission.”

Professor Looi said any computer, PDA or notebook could send out the signal if the wireless adapter was programmed accordingly.

Tools are currently being developed so wireless networks can be tested to see how vulnerable they are to being disrupted in this way.

“It was very difficult to test, because we didn’t want to accidentally bring any networks down other than our own test network and had to do our experiments in secluded locations and at 2am and 3am.”