Home & Office

Wireless network security shows cracks

The 802.1X security standard for wireless LANs has two gaping holes that will give hackers a field day, according to researchers in the US
Written by Rupert Goodwins, Contributor

A new set of security measures aimed at making 802.11-type wireless LANs safe from hackers is fundamentally flawed, according to researchers from the University of Maryland.

Professor William Arbaugh and Arunesh Mishra say in a paper published last week that the new 802.1X security system has two basic problems -- one where a hacker can hijack an existing connection, and another where they can interpose themselves during authentication and steal access information as it's being set up.

In the first case, the hacker monitors the transmissions and when a session is established between a client and an access point, the hacker sends a fake packet to the client purporting to be from the access point saying "Session closed". The client just reconnects with a new session: meanwhile, the legitimate access point thinks the old session is still open and the hacker can use it.

The other way -- a 'man in the middle' attack -- again involves the hacker pretending to be an access point, this time relaying messages between the client and the real access point while monitoring their contents, having "... completely bypassed any higher-layer authentication and render(ing) the authentication mechanism ineffective," according to Arbaugh and Mishra.

The paper, An Initial Security Analysis of the IEEE 802.1X Standard, says that the standard needs to be modified to include symmetric authentication -- where the client and the access point both prove to each other who they are --- and better handling of access point authentication. Without this, it says, 802.1X and 802.11 cannot provide sufficient levels of security. The 802.1X standard itself -- and its associated standard, Extensible Authentication Protocol -- is already in use for wireless networking in Cisco 802.11b products, for example. 802.1X has already been under investigation for its vulnerability to a number of different potential attacks, including several potential denial-of-service flaws.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

Editorial standards