Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0061
Type: Vulnerability
Status: Candidate
Classification:
Hijacking
Design Flaw
Description:
Most Wi-Fi WLAN equipment vendors include a sublevel of rudimentary authentication via MAC address white/black listing. Standard tools can "spoof" MAC addresses which allow any attacker to mask himself/herself as an authorized client thereby gaining access to the WLAN.
Discussion:
MAC spoofing is by no means a new attack vector. This level of WLAN authentication by itself, without additional security layers, is not sufficient to adequately protect the network from unauthorized users.
In order to exploit this inherent WLAN vulnerability a malicious intruder must only use a wireless "sniffer" to detect and record authorized associations on the wireless network. Once this information has been recorded, the intruder now knows what clients are on the "white" list of approved MAC address. Next, the intruder can use any publicly available tool to forge deauthentication/disassociation packets to the approved client station as if it were the AP. This will force the client to detach from the AP. The intruder can then change the MAC address of his/her WLAN client and associate to the AP. The AP will see the attempted association and compare the MAC address of the client against its approved "white" list of authorized clients. Since the intruder has "spoofed" the MAC of the truly authorized client the AP will explicitly allow the intruder to associate to the WLAN.
Credits
Author:
Johshua
Wright
(jwright@hasborg.com)
: None
References
URL:
http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf
Released: 2005-12-16
Submitter
Paul
Carugati
(paul.carugati@motorola.com)
: Motorola Inc
Submitted: Fri Dec 16 13:21:57 -0800 2005
Candidate Date: Sun Dec 18 18:42:11 -0800 2005
