Researchers David Maynor and Jon Ellch have discovered a way to compromise computers via some flaws in the device drivers for the wireless cards using LORCON – you don’t even have to be using the card – the radio just needs to be active. The are fairly tight lipped about the methods, as they will demonstrating the attack at Black Hat USA 2006.
Remember Simple Nomad’s presentation about hacking the friendly skies at Shmoocon this year? More wireless problems, which are left exposed by just having your wireless turned on – you don’t even have to be using it.
A few words to the wise:
- Don’t use the wireless at Black Hat (for this and many other reasons), or any other convention, or any untrusted hotel network unless you intend to wipe your drive and reinstall – especially at security/hacker/phreaker conferences.
- Don’t store any personal information, or any other information that you don’t want freely available on your mobile device that you use at above conferences.
- Shut off your wireless card when not in use
- Practice defense in depth, just in case.