Security researchers hack laptop wireless driver
By Donald Melanson 
posted June 23rd 2006 2:47PM
posted June 23rd 2006 2:47PM
A pair of security researchers claim they have discovered a means of seizing control of a laptop by exploiting some buggy code in the system's wireless device driver. Not surprisingly, they're keeping the deets of the hack close to their chest, waiting for the upcoming Black Hat USA 2006 conference in August to show off their handiwork to the teeming masses of geeks -- no doubt also giving manufacturers time to fix the problem. The only details that they have revealed is that they used the open-source 802.11 hacking tool LOREN (Lots of Radion Connectivity), which throws loads and loads of wireless packets at wireless cards to see what they can cause to fail, a technique known as "fuzzing." Apparently, a laptop user wouldn't even have to be connected to a network to be vulnerable to an attack; simply having it on and searching for a network is would be enough of an opening for someone so inclined to make your day miserable -- makes us glad we haven't cancelled our dial-up yet.[Via Slashdot]
does the hack work on linux drivers too or just the closed source ones?
Uhm, this being a major security vulnerability and all, shouldn't they be a little more ethical and at least let someone know (to maybe possibly develop a patch or something?). Instead these assholes would rather withhold this info, just for 15 minutes of fame???
That's fucked up.
I thought the name of the tool was called lorcon?
The name of the tool is LORCON (Loss Of Radio CONnectivity) actually. More information at:
http://802.11ninja.net/code/lorcon-current.tgz (the tool itself)
More info on Jon Ellch's talks:
Fun with 802.11 Device Drivers
http://www.defcon.org/html/defcon-14/dc-14-speakers.html#Ellch
Device Drivers
http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch
Makes me glad my lappy has a hard switch for the wifi and a big blue LED to let me know when it's on.
And people wonder why I still prefer good old cat5 in a switched environment. wich more difficult to sniff...
Now if you'll excuse me, I gotta check out this 'LORCON' thang...
macdeth, read the blurb again. It says "no doubt also giving manufacturers time to fix the problem". That's enough of a warning as it is.
But does it work on a Macbook, with OS X and/or XP?