July 12, 2001, 12:15 PM — The research arm of IBM Corp. has a software tool under development to identify wireless LAN nodes that are vulnerable to a sneak attack by hackers, the company announced Thursday. Prototyped on a Linux-based wireless personal digital assistant (PDA), the device will be able to automatically monitor 802.11 wireless LAN networks and collect security-related information.
The project developed from internal concerns at IBM over the security of its own growing 802.11 network, said Dave Safford, manager of the Global Security Analysis Lab at IBM Research unit.
"We've been doing some 'ethical hacking' for a year now, demonstrating weaknesses in 802.11 networks," he said. "The real challenge is that 802.11 networks are exploding. Wireless managers don't even know where all the network access points are."
The Wireless Security Auditor prototype presents detailed information for all access points on an 802.11 wireless network, including station and network name, address, location, and security state. The software, which in prototype has been installed on a Compaq Computer Corp. Ipaq PDA with a 802.11 card, has a color-coded user interface, with properly configured access points shown in green, and vulnerable ones shown in red.
The project is at the stage where IBM can show it to security managers for beta-testing, but the company has no definitive plans for pricing or availability.
IBM's intent is to help security personnel prevent "drive-by hacking," the rising threat posed by hackers equipped with a wireless-capable computer wandering around businesses, looking for vulnerable wireless network access points to pounce upon.
However, an unobtrusive PDA designed to spot weak points in network security also sounds like a new tool for hackers looking to exploit a breach rather than fix one.
"One of the things we've tried to do is make this a passive device, just a scanner, so network administrators can see the weaknesses before the drive-by hackers can," Safford said. The limits of a PDA in terms of storage space and software capability make it a less ideal penetration device than a wireless laptop, he added. "I doubt very much that we'll see hackers using PDAs as their attack tools."
Wireless networks typically use the Wired Equivalent Privacy (WEP) protocol for encrypting data over the air. The WEP protocol came under attack by researchers in February, who claimed WEP was vulnerable to hackers using off-the-shelf equipment.
IBM's product is not designed to strengthen WEP, rather it is designed to discover whether an access point is using it at all. Wireless access points are typically shipped with data encryption and user authentication capabilities turned off, and as employees add new wireless devices to the network, security needs to be checked more frequently.