By Munir Kotadia, 14 May 2004 09:25
NEWS A vulnerability in the 802.11 wireless protocol that could allow someone with a PDA to disrupt corporate wireless communications has been discovered by The University of Queensland in Australia.
More and more companies are implementing wireless instead of hard-wired networks to reduce clutter and save installation costs. Microsoft is a prime example - at its UK campus in Reading, employees can only access the intranet and internet using their secure wireless connection.
According to an advisory from AusCert, the Australian Computer Emergency Response Team at the University of Queensland, the vulnerability does not allow an attacker to intercept or modify the data being transferred, but it could threaten the reliability of a corporate network and leave employees without access to online resources.
The attack can be executed using a standard PDA with 802.11 facilities and cause "significant disruption" to all Wi-Fi traffic from access points in a range of around 100 metres.
"Devices within range of the attacking device will be affected. If an access point is within range, all devices associated with that access point are denied service; if an access point is not within range, only those devices within range of the attacking device are denied service," the advisory said.
AusCert said there are no upgrades or defences against the attack because the problem lies in the fundamental implementation of the 802.11 DSSS [Direct-sequence spread spectrum] protocol. Munir Kotadia writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. Tim Jackson
It's more fundamental than the protocol, it is the fundamental nature of wireless communication that it is easily jammed.
It's no big deal to build a jammer that will block an entire campus. should someone want to.
Anyone who relies on wireless communication for their business is basically asking for trouble.
2. John Wilson
Load of hype over nothing
Surely it's obvious that any low power wireleess is easily disrupted by malicious attack without having to rely on exploiting weaknesses in the protocol in order to do so??