[ISN] Students warn of hacking threat

[InfoSec News]

http://www.thecouriermail.news.com.au/common/story_page/0,5936,9553516%255E8362,00.html

Tess Livingstone
higher education editor
14th May 2004

THREE Brisbane university students have discovered a major flaw in
wireless network technology that means hackers can bring down critical
infrastructure in as little as five seconds [1].

The finding, which is likely to have worldwide ramifications - was
identified by the Queensland University of Technology's Information
Security Research Centre.

Wireless technology is booming in popularity because it allows for
access to the Internet without the need for cables and it is also used
in some countries - but not Australia - to control infrastructure such
as railways and electricity.

Associate Professor Mark Looi, the deputy head of QUT's School of
Software Engineering and Data Communications, said the discovery
should send a warning to government and industry worldwide.

"Any organisation that continues to use the standard wireless
technology (IEEE 802.11b) to operate critical infrastructure could be
considered negligent," Professor Looi said.

"This wireless technology should not be used for any critical
applications, as the results could potentially be very serious."

Professor Looi's PhD students Christian Wullems, Kevin Tham and Jason
Smith discovered the flaw while investigating mechanisms for defending
wireless devices against hackers.

Mr Wullems will present the findings to the Institute of Electrical
and Electronic Engineers Wireless Telecommunication Symposium in
California today.

Potential attackers only need a common wireless adaptor which retails
for about $50, and instead of using it to enable their computer to
access a network, they can change its coding to interfere with
transmission.

"With this adaptor you can basically totally disrupt any wireless
network that uses this technology within a kilometre of its operation
in anywhere between five and eight seconds," Professor Looi said.

The Information Security Research Centre at QUT has been working with
AusCERT - Australia's national computer emergency response team - to
alert manufacturers about vulnerable wireless networking equipment
since the discovery was made in November last year. A solution is yet
to be found.

In Brisbane, about 12 public access networks and many corporate
intranet systems, including those in large department stores could be
affected, Professor Looi said.

"QUT confirmed their findings with other leading independent
researchers in Australia," he said.

Professor Looi said that while the process to bring down a wireless
network was very simple, it did not compromise the data on the
network.

Tools were currently being developed so wireless networks could be
tested to see how vulnerable they were to disruption.

[1] http://www.auscert.org.au/render.html?it=4091