Security researchers have recently uncovered a new trick that allows them to take control of an entire laptop system by installing a malicious code into the driver of a narrow-range wireless Internet connection device.
The details of the attack process will be presented by security expert David Maynor from Internet Security Systems at the Black Hat 2006 conference, which will take place next month in Las Vegas, USA.
Exploiting device drivers is not an easy task, but it has become more feasible recently due to the emergence of various new software tools that assist even those hackers who are not particularly tech-savvy (commonly referred to as script kiddies—individuals who may not have much technical knowledge but inadvertently obtain information about device vulnerabilities online and gain control over systems).
Maynor has utilized an open-source 802.11 attack tool called LORCON to broadcast a large number of wireless data packets to various wireless cards. Hackers often use this method to check whether a program is simply malfunctioning or if it can present an opportunity for them to deploy malicious software on the victim’s laptop.
Thanks to LORCON, Maynor also discovered a driver vulnerability that allows him to gain full control of the system. He is also repeating this experiment on other networking technologies such as Bluetooth, EvDO, and HSDPA.
“Hackers just need to sit at a public connection point and casually wait for their ‘prey’ to come within sight,” Maynor warned. “The user’s system can be attacked even when the driver has just been activated and the network connection process has not yet been completed.”
According to Maynor, the main reason for this issue is that the experts who develop drivers for wireless devices today often overlook security considerations.