WiFi Clear Channel Assessment Flaw Shows the Technology's Limitations

I haven't had time to discuss the WiFi Clear Channel Assessment vulnerability that has been identified by researchers at Queensland University of Technology. When I first heard about this, I immediately thought that the most likely exploit of this vulnerability would be at a technology conference or a trade show.

Late last night, I found an article in Infoworld that quoted Rich Mironov from WiFi security vendor AirMagnet, indicating that a Denial of Service situation had occurred at a MacWorld Expo in New York:

At the Javits Center in New York at an Apple show, somebody was wandering the show floor with a broadcasting card in his laptop. Everywhere he went he shut down the network for a couple of hundred feet by crowding out traffic in all directions. His device was randomly running up and down all the channels....

I installed a WiFi network in my home office that includes a D-Link DI-624 AirPlus Xtreme G Wireless Router and D-Link DWL-G650 AirPlus Xtreme G Wireless PC Card. Since the DWL-G650 has an Atheros chip set and I run Fedora Core 1 Linux most of the time, I had to install the MADwifi driver. Part of this driver is a hardware abstraction layer which is only released in binary form. This is unusual for Linux drivers, so I looked for information about why this had been done.

In my research, I learned that the Atheros chip set is fully programmable for radio channel and broadcast power, and that the FCC will not allow the free distribution of tool kits for programming the Atheros chip set. So, the developer of the MADwifi HAL made a binding agreement with Atheros to make a partially closed-source, Linux compatible driver. Now that this WiFi vulnerability has been documented, it's pretty obvious to me why the FCC has taken this position.

I feel like the report from Queensland University of Technology provides specific details about a limitation of some WiFi technologies that many of us already knew about. But, this new information should not dissuade us from deploying 802.11b or a or g networks, because the productivity and flexibility that wireless provides still outweighs the security and availability risks.

I have visited sites where networks have been built that are entirely dependent on 802.11 wireless technology. Many setups like these are in people's homes, and they have been built for practical, logistical, or aesthetic reasons. Although the likelyhood of intentionally jamming a home network is small, the possibility of a disruption as a result of equipment malfunction is larger, particularly where the wireless network is in a densely-built area. If your network is 100-percent wireless and you need to ensure availability, it is probably a good idea to have a small, wired Ethernet segment that you can plug a PC into during a disruption.