Feeds

Attack of the bandwidth-hogging hackers

Wi-Fi hotspot peril

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Swiss security researchers have unearthed a flaw in wireless LAN systems that might be used by hackers to drastically increase their share of the available bandwidth at the expense of the other users. The issue should be of particular concern to hotspot operators, according to a team from the computer labs at the Ecole Polytechnique Federale de Lausanne (EPFL).

Appropriate standards (such as 802.11i) have been developed to ensure user security and privacy in hotspots, but this does nothing to prevent users altering the MAC protocol of a machine to increase his share of available bandwidth, according to the Swiss team.

They explain: "The new generation of wireless adapters allow easy modification of previously inaccessible MAC protocol parameters; for example, with a single line of code hackers can reduce the contention window size, realising a considerable redistribution of throughput shares among station competing for wireless bandwidth. Other cheating techniques include the modification of protocol timers, the misuse of collision-avoidance mechanisms such as the Net Allocation Vector, and selective scrambling of other users frames."

Professor Jean-Pierre Hubaux, leader of the three person team from EPFL who investigated the issue, said that although they had demonstrated these attacks in a lab environment they were yet to see reports about this kind of misdeeds in the real world yet. But that is no reason for complacency, he argued.

"Experience has shown that breaches are usually exploited, especially if this is easy to do (as it is the case here). With the increasing programmability of the devices, the risk will increase as well," Prof. Hubaux told El Reg.

"Considering that wireless access to hotspots is a charged service to a shared and scarce resource, it is easy to predict that numerous users will be tempted to cheat using the described techniques, thus discouraging honest users to make use of the service," the Swiss Boffins argue.

The Lab has also designed a (US patent pending) detection system, dubbed Domino, to spot bandwidth-stealing behaviour in wireless LANs. This technology is designed to help any Wi-Fi operator to protect its infrastructure against bandwidth-hogging hackers. EPFL hopes to license its technology to IT suppliers.

EPFL researchers will present their work at the Mobisys mobile system conference in Boston next week. ®

Related stories

New flaw takes Wi-Fi off the air
Wi-Fi group to update WLAN spec
Cisco thwarts WLAN dictionary attack
Wi-Fi Alliance preps WPA 2 security spec

Choosing a cloud hosting partner with confidence

More from The Register

next story
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
iPhone 6 shunned by fanbois in Apple's GREAT FAIL of CHINA
Just 100 Beijing fanbois queue to pick up new mobe
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.