A new set of security measures aimed at making 802.11-type wireless LANs safe from hackers is fundamentally flawed, according to researchers from the University of Maryland.
Professor William Arbaugh and Arunesh Mishra say in a paper published last week that the new 802.1X security system has two basic problems -- one where a hacker can hijack an existing connection, and another where they can interpose themselves during authentication and steal access information as it's being set up.
In the first case, the hacker monitors the transmissions and when a session is established between a client and an access point, the hacker sends a fake packet to the client purporting to be from the access point saying "Session closed". The client just reconnects with a new session: meanwhile, the legitimate access point thinks the old session is still open and the hacker can use it.
The other way -- a 'man in the middle' attack -- again involves the hacker pretending to be an access point, this time relaying messages between the client and the real access point while monitoring their contents, having "... completely bypassed any higher-layer authentication and render(ing) the authentication mechanism ineffective," according to Arbaugh and Mishra.
The paper, An Initial Security Analysis of the IEEE 802.1X Standard
