Wi-Fi Security Risks

Ray Naraine talks about exploits on Wi-Fi networks, how easy they are, first with a tool called Silica, then with free software running on a Nokia N800.

Exploits of this type can be prevented by elementary network hygiene, using the authentication and encryption techniques of 802.11i.
A different kind of vulnerability has been described by “Johnny Cache.” This type of vulnerability is more insidious.

In lab tests it has been possible for a device masquerading as an access point to respond to probe frames (which must always be sent in the clear before any authentication can take place) with a mal-formed packet that causes a buffer overrun in the computer that is looking for a network. Because these buffer overruns are in the 802.11 driver they can be designed to execute hostile code in kernel mode.
Of course this type of vulnerability is specific to particular implementations of the Wi-Fi driver, and all the reported ones have been fixed. More reassuring, there is no reported case of this type of exploit actually being done in the wild. But the principle remains that a badly written network driver can compromise your security regardless of the higher level measures you take, and that wireless networks are more vulnerable to this type of exploit than wired.

So, is Wi-Fi too insecure for corporate use? Neither of the two classes of vulnerability discussed here seem to be stoppers. The Naraine exploits are addressed by simple common sense; the known driver vulnerabilities were repaired before anybody exploited them in the wild. There are almost certainly more like that waiting to be found, but on the scale of risks, this has so far ranked low compared to the many widely publicized instances of physical theft of a laptop.