Every hacker knows the value of using an insecure wireless access point [AP] to compromise a network, but that appears to have escaped the attention of the U.S. nuclear power plant at Comanche Peak.
Beetle went on to discuss the ease with which a malicious attacker could redirect a hapless user to a rogue AP instead of a legitimate one at a public hotspot. Any one of several different attacks could be used to either corrupt a network or take it over completely.
Bruce Potter then described the Hot Spot Defense Kit version 2 [HSDKv2] which looks for directed rogue AP attacks against wireless clients and presents the user with a simple green [secure] and red [insecure] indicators. He drove the point home by stating, "If you're in downtown Baltimore, and someone starts shooting, you tend to freak out, even if they're not shooting at you…wireless shouldn't be any different."
HSDKv2 will be a WiFi environmental monitor of sorts looking for a variety of different attacks, including those from Bluetooth devices. While still under development, HSDKv2 should be out in the near future. Beetle stated that the Shmoo Group wants to make it easier to use, because "if security software isn't usable, it's useless."
Shmoo Group member CowboyM demonstrated just that when he brought out the 802.11bloodhound, which looks like a futuristic handheld pistol. Used to either sniff or disrupt wireless traffic, the device consists of a PocketPC, amplifier, rheostat, battery and patch antenna. The device can pickup WiFi network traffic from several miles away and can easily overpower closer proximity WiFi APs.
Perhaps news of this device will prompt enterprises, as well as nuclear power plants, to revisit their use of wireless APs and make sure their networks are secured against such an easily exploitable threat.
About the author
Victor R. Garza is a technology/security consultant and lecturer at the Naval Postgraduate School in Monterey, Calif.