LAS VEGAS -- Security experts have spent the last couple years warning laptop users to take care when accessing wireless Internet hot spots in cafés, airports and elsewhere. At Black Hat USA 2006 Wednesday, two researchers demonstrated just how easy it is for malicious attackers to compromise the wireless cards within those laptops.
"Vendors like Microsoft and Apple have been hardening their operating systems, so attackers are digging down to the device driver level," Maynor said. "The overall security of drivers isn't very good, and our hope is to make the vendors more aware" by demonstrating the ease of an attack.
Maynor and Ellch listed several reasons why wireless cards are an easy target:
Ellch said 802.11 is an example of a wireless standard ripe for the picking by malicious hackers. "It's too big, too ambitious and too complicated," he said. Complexity is a hacker's best friend, he added, "and 802.11 is not lacking in complexity."
The researchers noted that device drivers have been susceptible to attacks that exploit several recent flaws, including the TCP/IP [Transmission Control Protocol/Internet Protocol] vulnerability Microsoft addressed last year and two Windows flaws Microsoft fixed last month in bulletin MS06-035.
As another example of the looming wireless device threat, they pointed to Intel Corp.'s disclosure Tuesday of three security holes in Microsoft Windows drivers and applications for its Centrino-based Intel PRO/Wireless Network Connection hardware. Attackers could exploit these vulnerabilities to remotely run malicious code on a victim's machine, obtain access to wireless network security information or escalate system privileges to the kernel level. Intel has provided upgrades for the software.
Allan Paller, research director of The SANS Institute in Bethesda, Md., said the exploits Maynor and Ellch demonstrated should be taken very seriously.
"This is a big story for several reasons," Paller said in an email. "First, it shoots a pretty big hole in the bulletproof image Apple is trying to project. Second, it isn't just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers are swarm organisms. That means they will see [Maynor's and Ellch's] work as a beacon to follow toward a new cache of useful vulnerabilities."
The bad guys are already exploiting these flaws, Paller added, and are probably annoyed that Wednesday's presentation shed light on the threat.
Maynor stressed that while he attacked an Apple computer for the demonstration, the problem affects a vast range of products. "We don't want to beat on Mac, and I happen to like Mac," he said. But, he added, recent Apple commercials touting the Mac's security prowess stressed that the company needed a wake-up call.
"After seeing this video, Apple was quite responsive," Maynor said, adding that he's now working with Apple to help the company address the weaknesses.
If audience reaction was any indication, the demonstration had the sobering effect Maynor and Ellch were going for.
"This is alarming," said Jonathan Taylor, an IT security engineer who works at Mather, Calif.-based Sutter Health. When he gets back to work, he said he'll urge his colleagues to think of ways to blunt the threat in their environment.
"I'll tell them to pay attention to device driver upgrades," Taylor said, "and not to expect the firewall to protect them against this."
This article originally appeared on SearchSecurity.com.