School technology leaders are taking seriously the news of a flaw in many wireless infrastructures that could enable hackers to jam “open-air” transmissions using the simplest of handheld devices.
The vulnerability, first reported by the technology news service CNET, is said to involve devices operating on the most common stretch of wireless spectrum, dubbed the 802.11 standard by the Institute of Electrical and Electronic Engineers (IEEE), the standards-setting body responsible for approving new wireless protocols.
According to a May 13 security warning from the Australian Computer Emergency Response Team (AusCERT), the flaw clears the way for “a trivial but effective attack against the availability of wireless local area network (WLAN) devices.”
Armed with nothing more than a low-powered handheld computer and a commonly available wireless networking card, ill-intentioned students could prevent wireless access points (APs) installed within school buildings or on university campuses from receiving communications beamed across information networks, the security group warns.
The result: a crippling denial of service (DoS) attack that would render targeted portions of the network virtually useless for the duration of the assault. What’s worse, researchers at AusCERT warn the security hole represents a potentially easy strike for even the most novice of hackers.
“Previously, attacks against the availability of IEEE 802.11 networks have required specialized hardware and relied on the ability to saturate the wireless frequency with high-power radiation, an avenue not open to discreet attack,” AusCERT’s warning said. “This vulnerability makes a successful, low-cost attack against a wireless network feasible for a semi-skilled attacker.”
Only devices that support 802.11b and low-speed 802.11g wireless protocols are susceptible to such attacks, the warning said. Schools with wireless equipment that supports faster standards, such as 802.11a and high-speed 802.11g, are immune.
Darrell Walery, director of technology for Consolidated High School District 230 in Illinois, a fully wireless district with more than 300 APs across three school buildings, said this was the first he had heard of the flaw.
“I’d say it’s a surprise,” he said. “It does raise some concerns–with a caveat.”
The possibility that a novice could wage an attack with a device as simple as a handheld computer adds another weapon to the arsenal of tech-savvy student pranksters.
“We’ve seen students mess with technology before,” said Walery, who likened a DoS attack to instances of sabotage. The idea, he said, is to cause a disruption–to get under a teacher’s skin. “The enjoyment comes from seeing the fruition of their work,” he said of hackers.
So what, then, is the caveat? Simple, he said: It could be worse.
Although these kinds of DoS attacks have the potential to interrupt classroom learning and cause widespread inconveniences, they are not nearly as damaging as attacks that threaten to compromise student records and other private correspondence, Walery said.
Technically, the attack would exploit what’s known as the Clear Channel Assessment (CCA) procedure, a tactic used to reduce the risk of interference by running separate wireless devices on disparate frequencies.
“When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network,” AusCERT said in its warning.
Brian Mathews, a wireless expert and vice president of AbsoluteValue Systems Inc., said wireless networks have always had the potential to be jammed.
“This is really no surprise,” he wrote in an eMail message to eSchool News. “It is theoretically possible to reprogram a wireless LAN adapter to transmit an interfering signal which will keep others from getting access. An AP could also suffer interference from other sources of RF [radio frequency] energy in the 2.4 GHz band, such as 2.4 GHz cordless telephones and microwave ovens.”
In the case of a DoS attack, Mathews said, information isn’t “lost.” It simply isn’t transferred during the assault.
Fortunately, he said, most APs are equipped with at least three non-overlapping channels, so that if a hacker were to jam one, all a user would need do to skirt the attack is change to an unfettered channel.
To do that, school technology administrators typically would call up a web-based configuration utility, or a digital map of the entire network infrastructure, and select a different channel remotely. Administrators also would have the option to redirect traffic to another AP operating outside the range of attack–assuming the signal will reach, he said.
“If you have an AP that’s not working, one of the first things you will do to troubleshoot is to try another channel,” Mathews wrote. “It is unlikely that the attacker would be jamming all channels, so you could just change the AP and all the associated stations to another, clearer channel.”
Back at Consolidated 230, Walery said district leaders are looking into the threat.
In the event of such an attack, technicians at the school district will look to soften the blow by diverting users to neighboring APs. Because the assaults likely would be committed with the aid of low-powered devices–personal digital assistants, for instance–odds are hackers won’t have the computing power to jam the entire network, Walery said. Instead, they’ll have to target select APs, which means targets will be localized and, hopefully, easier to contain.
District technology leaders also plan to alert educators and other staff to the problem, he said, so they can be “on the lookout” for any suspicious behavior.
Regardless of the threat, he said, the district has no plans to discontinue its use of wireless networks.
AbosoluteValue Systems Inc.
Consolidated High School District 230
Institute of Electrical and Electronic Engineers