While attending that conference in Vegas, which included several information systems auditors, I learned of a vulnerability of the 802.11b wireless protocol. If you’re using a wireless router somewhere, you most likely are using the 802.11b protocol.

What I found interesting, as the auditor explained, was that the flaw was in the actual protocol itself. That doesn’t happen much to something as widely used as 802.11b.



After returning from the conference, I did a little reading on the subject, and I’m not certain that this flaw is a major problem, albeit an annoyance. First, no data is at risk here (although the security encryption inherit in many wireless routers has been cracked for sometime now; that’s another blog entry).

Here’s how it works: a hacker is able to issue instructions to their wireless card on their computer to send out data in a specific manner. The wireless router then interprets this data as interference. This apparently takes all of 8 seconds to accomplish.

The 802.11b protocol goes about its business until it encounters interference. When it does, it stops network traffic for a bit and then resumes. However, the hacker doesn’t just hit the network with one burst of bogus data. Instead, the bogus data is sent constantly, which essentially prevents the wireless network from working resulting in Denial of Service.

So how is the industry reacting to solve this problem? They’re not, according to this article. Go figure. Since the hacker needs to be within a few hundred feet of a wireless router, most companies are hoping that these malicious folks won’t be hanging around their offices causing problems.

Don’t these folks think that someone out there is going to invent a virus that finds wireless cards and forces them to send out the bogus interference data? That’s my prediction: sometime in the next six months, someone is going to release just such a virus, and it’s going to cause some serious connectivity issues.