Featured Research

from universities, journals, and other organizations

Fingerprinting Hackers: Technique Demonstrates Wireless Device Driver Vulnerabilities

Date:
September 13, 2006
Source:
Sandia National Laboratories
Summary:
The next time you're sipping a latte and surfing the Net at your favorite neighborhood wireless café, someone just a few seats away could be breaking into your laptop and causing irreparable damage to your computer's operating system by secretly tapping into your network card's unique device driver, researchers at Sandia National Laboratories in have concluded.

Wireless network drivers, say Sandia researchers, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device. By role-playing the position of an adversary, Sandia has demonstrated a unique fingerprinting technique that allows hackers with ill intent to identify a wireless driver without modification to or cooperation from a wireless device.
Credit: Image courtesy of Sandia National Laboratories

The next time you're sipping a latte and surfing the Net at your favorite neighborhood wireless café, someone just a few seats away could be breaking into your laptop and causing irreparable damage to your computer's operating system by secretly tapping into your network card's unique device driver, researchers at Sandia National Laboratories in have concluded.

There is, however, some cheerful news. By role-playing the position of an adversary (also known as red teaming), Sandia researchers have demonstrated a unique "fingerprinting" technique that allows hackers with ill intent to identify a wireless driver without modification to or cooperation from a wireless device. Revealing this technique publicly, Sandia researchers hope, can aid in improving the security of wireless communications for devices that employ 802.11 networking.

Sandia is a National Nuclear Security Administration laboratory.

Wireless device drivers fraught with vulnerabilities

Device drivers, according to Sandia security researcher Jamie Van Randwyk, are becoming a primary source of security holes in modern operating systems. Through a laboratory-directed research grant, Van Randwyk and a team of college interns set out last year to design, implement, and evaluate a technique that has proved capable of passively identifying a wireless driver used by 802.11 wireless devices without specialized equipment and in realistic network conditions. Van Randwyk presented his team's findings last month at the USENIX Security Symposium in Vancouver, B.C.

Video and keyboard drivers are generally not exploited because of the difficulty in attaining physical access to those systems, leading some to believe that device drivers are immune to vulnerabilities. However, Van Randwyk points out, physical access is not necessary with some classes of drivers, including wireless cards, Ethernet cards, and modems.

"Wireless network drivers, in particular, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device," says Van Randwyk. Because the IEEE 802.11 standard is the most common among today's wireless devices, he and his team chose to evaluate the ability of an attacker to launch a driver-specific exploit by first fingerprinting the device driver. Fingerprinting is a process by which a device or the software it is running is identified by its externally observable characteristics.

"Passive" approach and "probe request frames" are key

The passive approach used by Van Randwyk and his colleagues demonstrates that a fingerprinter (attacker) need only be in relatively close physical proximity of a target (victim) in order to monitor his or her wireless traffic. Anyone within transmission range of a wireless device, therefore, can conceivably fingerprint the device's wireless driver. Reconnaissance of this type is difficult to prevent since the attacker is not transmitting data, making the attack "invisible" and hard to detect.

Sandia's fingerprinting technique relies on the fact that computers with wireless configurations actively scan for access points to connect to by periodically sending out "probe request frames," of which there are no standard 802.11 specifications. Consequently, developers have created a multitude of wireless device drivers that each performs the "probe request" function differently than other wireless device drivers. Sandia's fingerprinting technique demonstrates the inherent vulnerabilities in this situation through statistical analysis of the inter-frame timing of transmitted probe requests.

Fingerprinting not a new concept

Fingerprinting an 802.11 network interface card (NIC) is not a new concept, says Van Randwyk, and many tools exist that can help identify card manufacturers and model numbers via a wireless device's Media Access Control (MAC) address. Sandia's approach, however, is more advantageous in that it fingerprints the device driver, where most exploits rest due to the driver's placement within the operating system. Additionally, the features used by the Sandia passive technique are not a configurable option in any of the drivers tested, unlike the MAC address in most operating systems.

Sandia's fingerprinting technique has proven to be highly reliable, achieving an accuracy rate ranging from 77 percent to 96 percent, depending on the network setting. Furthermore, the technique requires that only a few minutes worth of network data be collected, and tests confirm that it can withstand realistic network conditions.


Story Source:

The above story is based on materials provided by Sandia National Laboratories. Note: Materials may be edited for content and length.


Cite This Page:

Sandia National Laboratories. "Fingerprinting Hackers: Technique Demonstrates Wireless Device Driver Vulnerabilities." ScienceDaily. ScienceDaily, 13 September 2006. <www.sciencedaily.com/releases/2006/09/060912214943.htm>.
Sandia National Laboratories. (2006, September 13). Fingerprinting Hackers: Technique Demonstrates Wireless Device Driver Vulnerabilities. ScienceDaily. Retrieved August 21, 2014 from www.sciencedaily.com/releases/2006/09/060912214943.htm
Sandia National Laboratories. "Fingerprinting Hackers: Technique Demonstrates Wireless Device Driver Vulnerabilities." ScienceDaily. www.sciencedaily.com/releases/2006/09/060912214943.htm (accessed August 21, 2014).

Share This




More Matter & Energy News

Thursday, August 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Flower Power! Dandelions Make Car Tires?

Flower Power! Dandelions Make Car Tires?

Reuters - Business Video Online (Aug. 20, 2014) — Forget rolling on rubber, could car drivers soon be traveling on tires made from dandelions? Teams of scientists are racing to breed a type of the yellow flower whose taproot has a milky fluid with tire-grade rubber particles in it. As Joanna Partridge reports, global tire makers are investing millions in research into a new tire source. Video provided by Reuters
Powered by NewsLook.com
Awesome New Camouflage Sheet Was Inspired By Octopus Skin

Awesome New Camouflage Sheet Was Inspired By Octopus Skin

Newsy (Aug. 19, 2014) — Scientists have developed a new device that mimics the way octopuses blend in with their surroundings to hide from dangerous predators. Video provided by Newsy
Powered by NewsLook.com
Researcher Testing on-Field Concussion Scanners

Researcher Testing on-Field Concussion Scanners

AP (Aug. 19, 2014) — Four Texas high school football programs are trying out an experimental system designed to diagnose concussions on the field. The technology is in response to growing concern over head trauma in America's most watched sport. (Aug. 19) Video provided by AP
Powered by NewsLook.com
Green Power Blooms as Japan Unveils 'hydrangea Solar Cell'

Green Power Blooms as Japan Unveils 'hydrangea Solar Cell'

AFP (Aug. 19, 2014) — A solar cell that resembles a flower is offering a new take on green energy in Japan, where one scientist is searching for renewables that look good. Duration: 01:29 Video provided by AFP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins