School technology leaders are taking seriously the news of a flaw in many wireless infrastructures that could enable hackers to jam "open-air" transmissions using the simplest of handheld devices.
The vulnerability, first reported by the technology news service CNET, is said to involve devices operating on the most common stretch of wireless spectrum, dubbed the 802.11 standard by the Institute of Electrical and Electronic Engineers (IEEE), the standards-setting body responsible for approving new wireless protocols.
According to a May 13 security warning from the Australian Computer Emergency Response Team (AusCERT), the flaw clears the way for "a trivial but effective attack against the availability of wireless local area network (WLAN) devices."
Armed with nothing more than a low-powered handheld computer and a commonly available wireless networking card, ill-intentioned students could prevent wireless access points (APs) installed within school buildings or on university campuses from receiving communications beamed across information networks, the security group warns.
The result: a crippling denial of service (DoS) attack that would render targeted portions of the network virtually useless for the duration of the assault. What's worse, researchers at AusCERT warn the security hole represents a potentially easy strike for even the most novice of hackers.
"Previously, attacks against the availability of IEEE 802.11 networks have required specialized hardware and relied on the ability to saturate the wireless frequency with high-power radiation, an avenue not open to discreet attack," AusCERT's warning said. "This vulnerability makes a successful, low-cost attack against a wireless network feasible for a semi-skilled attacker."
Only devices that support 802.11b and low-speed 802.11g wireless protocols are susceptible to such attacks, the warning said. Schools with wireless equipment that supports faster standards, such as 802.11a and high-speed 802.11g, are immune.
Darrell Walery, director of technology for Consolidated High School District 230 in Illinois, a fully wireless district with more than 300 APs across three school buildings, said this was the first he had heard of the flaw.
"I'd say it's a surprise," he said. "It does raise some concerns--with a caveat."
The possibility that a novice could wage an attack with a device as simple as a handheld computer adds another weapon to the arsenal of tech-savvy student pranksters.
"We've seen students mess with technology before," said Walery, who likened a DoS attack to instances of sabotage. The idea, he said, is to cause a disruption--to get under a teacher's skin. "The enjoyment comes from seeing the fruition of their work," he said of hackers.
So what, then, is the caveat? Simple, he said: It could be worse.
Although these kinds of DoS attacks have the potential to interrupt classroom learning and cause widespread inconveniences, they are not nearly as damaging as attacks that threaten to compromise student records and other private correspondence, Walery said.
Technically, the attack would exploit what's known as the Clear Channel Assessment (CCA) procedure, a tactic used to reduce the risk of interference by running separate wireless devices on disparate frequencies.
"When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network," AusCERT said in its warning.
web page <<< More here
The vulnerability, first reported by the technology news service CNET, is said to involve devices operating on the most common stretch of wireless spectrum, dubbed the 802.11 standard by the Institute of Electrical and Electronic Engineers (IEEE), the standards-setting body responsible for approving new wireless protocols.
According to a May 13 security warning from the Australian Computer Emergency Response Team (AusCERT), the flaw clears the way for "a trivial but effective attack against the availability of wireless local area network (WLAN) devices."
Armed with nothing more than a low-powered handheld computer and a commonly available wireless networking card, ill-intentioned students could prevent wireless access points (APs) installed within school buildings or on university campuses from receiving communications beamed across information networks, the security group warns.
The result: a crippling denial of service (DoS) attack that would render targeted portions of the network virtually useless for the duration of the assault. What's worse, researchers at AusCERT warn the security hole represents a potentially easy strike for even the most novice of hackers.
"Previously, attacks against the availability of IEEE 802.11 networks have required specialized hardware and relied on the ability to saturate the wireless frequency with high-power radiation, an avenue not open to discreet attack," AusCERT's warning said. "This vulnerability makes a successful, low-cost attack against a wireless network feasible for a semi-skilled attacker."
Only devices that support 802.11b and low-speed 802.11g wireless protocols are susceptible to such attacks, the warning said. Schools with wireless equipment that supports faster standards, such as 802.11a and high-speed 802.11g, are immune.
Darrell Walery, director of technology for Consolidated High School District 230 in Illinois, a fully wireless district with more than 300 APs across three school buildings, said this was the first he had heard of the flaw.
"I'd say it's a surprise," he said. "It does raise some concerns--with a caveat."
The possibility that a novice could wage an attack with a device as simple as a handheld computer adds another weapon to the arsenal of tech-savvy student pranksters.
"We've seen students mess with technology before," said Walery, who likened a DoS attack to instances of sabotage. The idea, he said, is to cause a disruption--to get under a teacher's skin. "The enjoyment comes from seeing the fruition of their work," he said of hackers.
So what, then, is the caveat? Simple, he said: It could be worse.
Although these kinds of DoS attacks have the potential to interrupt classroom learning and cause widespread inconveniences, they are not nearly as damaging as attacks that threaten to compromise student records and other private correspondence, Walery said.
Technically, the attack would exploit what's known as the Clear Channel Assessment (CCA) procedure, a tactic used to reduce the risk of interference by running separate wireless devices on disparate frequencies.
"When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network," AusCERT said in its warning.
web page <<< More here
