WiFi Device Driver Vulnerabilities

Security researchers David Maynor and Jon Ellch have found ways to seize control of laptop computers by manipulating buggy code in wireless device drivers. In a demonstration presented at the Blackhat conference, they remotely compromised a MacBook exploiting one of the wireless device driver issues they discovered.

Wireless devices are designed to be constantly sniffing for new networks, and this can lead to security problems, especially if their driver software is buggy. Apple is not the only vendor to have problems with its wireless drivers, by exploiting bugs in four different wireless cards, the researchers found ways to seize control of laptops running Windows and Linux as well.

Firewalls and operating system tools have traditionally been used to protect against wireless users, but Cache and Maynor say device driver can be exploited at a much lower level. This allows attacks to bypass all operating system level protection.

You do not have to be connected to a wireless network in order to be exposed. Only defence is to turn them physically off when you dont need them and limit your usage of them to "somewhere safe".

More details and a video of the demonstration are available at Brian Krebs' Security Fix column.
read more ...