IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Advisory Number: AV04-023 Vulnerability in IEEE 802.11
12 May 2004

Purpose

This advisory brings attention to a denial of service vulnerability that exists in hardware implementations of the IEEE 802.11 wireless protocol.

Assessment

The vulnerability is related to the medium access control (MAC) function of the IEEE 802.11 protocol. WLAN devices perform Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) to minimise the likelihood of two devices transmitting simultaneously. Fundamental to the functioning of CSMA/CA is the Clear Channel Assessment (CCA) procedure, used in all standards-compliant hardware and performed by a Direct Sequence Spread Spectrum (DSSS) physical (PHY) layer.

An attack against this vulnerability exploits the CCA function at the physical layer and causes all WLAN nodes within range, both clients and access points, to permanently defer transmission of data. When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network.

Affected devices include those that implement IEEE 802.11 using a DSSS physical layer (i.e. IEEE 802.11, 802.11b and low-speed -below 20Mbps, 802.11g wireless devices.

Not afftected: IEEE 802.11a and high-speed (above 20Mbps) 802.11g wireless devices.

The results of a successful DoS attack will not be directly discernable to an attacker, so an attack of this type may be generally less attractive to mount. The effect of the DoS on WLANs is not persistent - once the jamming transmission terminates, network recovery is essentially immediate.

IEEE 802.11 device transmissions are of low energy and short range, so the range of this attack is limited by the signal strength of the attacking device, which is typically low. Well shielded WLANs such as those for internal infrastructures should be relatively immune, however individual devices within range of the attacker may still be affected. Public access points will remain particularly vulnerable.

Suggested Action

At this time no software or firmware upgrades are available for existing devices, as the issue is inherent in the protocol implementation of IEEE 802.11 DSSS.

PSEPC recommends that environments in which network availability is a primary importance should evaluate and take necessary steps to ensure their susceptability to this vulnerability is limited. For more information please see: http://www.auscert.org.au/render.html?it=4091

Note to Readers

Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or opscen@ocipep-bpiepc.gc.ca by e-mail.

Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at
(613) 993-9620.

Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.