Security experts explore wireless frontier

WASHINGTON - Wireless networks like the ones at your local coffee shop or airport are the next frontier for hacking attacks that could disrupt online transactions or steal your personal data, computer security experts say.

Researchers at the annual meeting of the American Association for the Advancement of Science outlined new breeds of “stealth attacks” and proposed new crypto protocols to defeat them.

"Some of these attacks that we're talking about, by their very nature, could not be detected," Indiana University's Markus Jakobsson told reporters here Saturday. "That is what makes them stealth attacks. They could very well exist, and we could never prove that they do."

The attacks take advantage of the "ad hoc" nature of wireless networks you might casually log into at an Internet cafe or airport, or computer networks that are set up by emergency teams for communication purposes. In such networks, there is no hard-wired infrastructure for connecting computers with each other. Instead, the computers have to organize themselves into networks.

"It gets worse in a wireless network than a wired network, purely because you don't know who you're talking to," Jakobsson said.

Outsiders could insert themselves into ad-hoc wireless networks by manipulating Internet protocols to make their link in the communication chain seem particularly attractive. Jakobsson calls this a "man-in-the-middle" scenario, because the attacker could eavesdrop on network traffic, then pass the data along to the rightful recipients without leaving a trace.

A sophisticated attacker could, for instance, spoof an online banking site to collect passwords and other personalization, introducing an untraceable twist to the growing problems of "phishing" and identity theft.

Another type of threat would involve overwhelming wireless data traffic with "denial-of-service" attacks, already well-known in the wired environment as e-mail cluster bombs or zombie attacks. Such strategies could disrupt the emergency response to, say, a terrorist attack.

Carnegie Mellon University's Adrian Perrig said an attacker could create:

• A "black hole," which sucks in all the data from a wireless network.
• A "gray hole," which would pass along only enough data to keep the network running.
• A "wormhole," which passes along all the data but leads to the man-in-the-middle eavesdropping scenario.

A wireless network is particularly vulnerable to denial-of-service attacks because some of the nodes in the network could be low-capacity devices such as personal digital assistants, said Susanne Wetzel, a computer scientist at the Stevens Institute of Technology. During Saturday's briefing, she demonstrated how an attack could drain a PDA's batteries, disrupting a video stream that was being sent from one laptop to another through the PDA.

MORE FROM SECURITY

Security Section Front

The biggest security threats in 2010 Citigroup denies computer-system breach Twitter temporarily hacked, now up White House picks new cyber czar Pentagon: Insurgents intercepted spy videos Privacy watchdog files complaint against Facebook Ohio court: Cell phone searches require warrant Nearly 1 in 3 older teens gets ‘sexting’ messages Australia to block obscene, crime-linked sites After criticism, Facebook tweaks settings again Security Section Front   Add Security headlines to your news reader: