Students at an Australian university have discovered a flaw in Wi-Fi (the 802.11b wireless standard) that could let an attacker effectively shut down wireless networks with a Denial of Service (DoS)-like attack. The PhD students, who hail from the Queensland University of Technology's Information Security Research Centre, were studying ways to prevent Wi-Fi-based attacks when they discovered the vulnerability. They say that the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) feature of Wi-Fi networks, which adhere to the IEEE's standardized 802.11 protocol, is to blame.
By using a simple Wi-Fi-enabled off-the-shelf handheld device to exploit the way the CSMA/CA feature's Clear Channel Assessment (CCA) function works, an attacker could cause both wireless Access Points (APs) and wireless client devices (e.g., notebook computers, PDAs) to stop transmitting data. When the attack occurs, the wireless network appears to be busy with other tasks and is unresponsive. Such an attack would require a "semi-skilled" attacker, the students said.
"In order to exploit the vulnerability, potential attackers only need a common wireless adaptor which retails for about $35 and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission," Associate Professor Mark Looi, whose students discovered the flaw, said. "With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometer of its operation in anywhere between 5 and 8 seconds."
Wi-Fi Alliance representatives said that they're looking into the matter but seem to be surprised that an attacker can make a simple Wi-Fi-enabled device act this way. However, someone at a computer industry trade show reportedly wandered around and used such a device to silently turn off the wireless networks he passed. And various companies, including AirMagnet, make devices that can sense such devices with a metal-detector-like clicking sound that gets louder as you get closer to the offending device.
That last detail, incidentally, explains why this type of attack probably won't ever cause major disruptions. Because a Wi-Fi attack requires a device with a radio transmitter, such attacks can be easily located and stopped. And an attacker who's facing a potential jail sentence probably isn't going to stick around a wireless hotspot long enough to be more than a nuisance.