By Brad Reed
Jason Crawford has learned that if you want to break into secure Wi-Fi
networks, you don't need to buy equipment from the black market.
Instead, you can buy it from Toys "R" Us, he says.
Crawford, who works as a principal investigator for R&D projects at
Lockheed Martin's newly opened wireless-security laboratory, says he has
figured out how to crack the seemingly secure wireless networks that
consumers and corporations use - with nothing more than a cluster of
eight PlayStation 3s. Crawford won't go into the details of just how he
used the PS 3s to hack Wi-Fi networks, but he says that you don't have
to be a top-level hacker to figure it out.
"The PS 3s use a processor called the Cell Broadband Engine, and it's so
insanely fast that it didn't take long for us to crack [Wi-Fi Protected
Access] networks once we started writing some software for it," Crawford
says. "I set up a cluster of about eight PS 3s. . . . Getting them
together wasn't all that expensive," he says.
Crawford's PlayStation hack is just one of many projects that Lockheed
Martin researchers are working on to head off the dangers of
technological surprise. In other words, the brains at the company are in
a race to discover the loopholes and faults in wireless security before
terrorists and cyber criminals do. Needless to say, this requires a
tremendous amount of outside-the-box thinking, says John Morrison, chief
of the company's Wireless Cyber Security Lab.
"The 9/11 Commission said that one of the biggest reasons that the
government failed to prevent the 9/11 attack was a failure of
imagination," Morrison says. "We're trying to ensure that something
similar doesn't happen in the realm of wireless communications," he
Defining the problem
So, just what are the biggest emerging threats in wireless security?
Perri Nijeb, CTO for Lockheed Martin Information Systems, says her
biggest concern has been the gradual migration of the office to the
home. In other words, as workers increasingly connect to company data
through corporate VPNs from their homes, companies have less and less
control over where their employees can gain access to sensitive
"The lines between our 'work' environment and our 'home' environment are
becoming increasingly blurred as wireless routers, phones and aircards
rapidly extend the traditional office enterprise further and further to
the 'edge,'" Nijeb says. "The network now moves with the individual to
their living room, hotel room, car and coffee shop. . . . This is both
exciting and challenging for us."
To that end, Lockheed Martin has been running tests on many types of
consumer technology that have been migrating to enterprise networks,
including Wi-Fi, WiMAX, Bluetooth, and cell phones. The abundance of
Wi-Fi hot spots is one of the lab's most pressing concerns because Wi-Fi
increasingly has become ubiquitous in urban areas and oftentimes users
can connect to unsecured networks and not even realize that they're at
risk. The major issues with Wi-Fi include "connection hijacking,
deliberate or inadvertent denial of service, the creation of security
holes in corporate or government networks, and difficulty in attributing
network actions to specific IP addresses, due to the ease of hijacking,"
Nijeb says. Morrison says all these issues, particularly connection
hijacking, have the potential to cause massive headaches for corporate
IT departments if they don't educate their users about security issues.
"When I was working in New York City as the IT director for a financial
services company, we had a problem with drug dealers using others'
unprotected Wi-Fi networks to do their deals," Morrison says. "And then
when the authorities would trace their IP address, it would go back to
the home of one of our unsuspecting employees."
Another concern for the lab is the spread of Bluetooth technology.
Although Bluetooth generally has a very short transmission range,
Crawford notes there are technologies that can pick up Bluetooth signals
from farther away than where they're supposed to be accessible. This has
particularly frightening implications, because sophisticated hackers
theoretically could use Bluetooth to track people's movements, he says.
"Bluetooth is already installed in most semi-expensive vehicles right
now," Crawford says. "If you want to track somebody's movements, you
just need to set up several sleeper PDAs in the area where they're
traveling, and if you have a high-enough antenna, you can pick up a lot
of people's movements."
In addition, because more and more handsets are being equipped with
Bluetooth, Wi-Fi and WiMAX capabilities, Crawford says these security
vulnerabilities are expected only to multiply in the coming years.
"A lot of these features can be difficult to turn off, and most people
don't even know about them," Crawford says. "What's more, a lot of these
devices will try automatically to get on hot spots."
Where the boardroom meets the battlefield
The problems being addressed by Lockheed Martin's wireless security lab
aren't limited to the enterprise, of course. Most of them also are
becoming increasingly crucial to securing the military's battlefield
communications networks. Currently, the company is helping the Army's
Warfighter Information Network-Tactical program build a new mobile
network that can span an entire theatre of operations and will equip all
Humvees, tanks and other vehicles with IP radios that will link to an ad
hoc network capable of delivering 100Mbps of data to soldiers on the
"The military has a vision of having an IP address for every soldier and
weapon," Morrison says. "They're not going to be trailing wires around
on the battlefield, but that can lead to some vulnerabilities."
Just as corporate users are vulnerable when they connect to enterprise
networks using home Wi-Fi connections, soldiers are at their most
vulnerable when they use wireless communications in crowded urban
environments, Morrison says. He acknowledges that urban battle settings
are difficult to recreate in a laboratory environment, but he says that
the lab has tried using fixed and mobile communications systems to
simulate how soldiers will travel in the theatre of operations.
The main challenge lies in creating a collection of wireless nodes that
can pass on informal to low-power or low-bandwidth devices effectively
while still being able to be set up and taken down as quickly as the
mission dictates, Nijeb says. The stakes on the battlefield are
certainly higher than the stakes in most home offices, but corporate
networks can learn a great deal from how the military effectively
deploys wireless networks with connections that are both fluid and
secure, she says.
"This concept again points to the expansion of the network beyond
traditional boundaries," Nijeb says. "Cyber and wireless security has
been of high interest due to its almost limitless boundaries and the
fact that it touches and impacts everyone, not just the military and the
government. This newly emerging wireless world will only succeed if all
of the stakeholders feel they can trust in the security of the network."
All contents copyright 1995-2008 Network World, Inc.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com