Security Vulnerability in Apple's AirPort Base Station 60
inditek writes "At Stake has issued a security warning today about a vulnerability in Apple's AirPort Base Station: 'Apple's AirPort device is a wireless access point, providing 802.11 services to network clients. Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.'"
Not really a big problem. (Score:1, Interesting)
Oh no the hackers are telnetting from inside the house!
Besides if you're using a switch instead of a stupid hub they can't sniff you anyway.
Re:Not really a big problem. (Score:4, Insightful)
You'd like to think that, wouldn't you? arpspoof [monkey.org] from the dsniff [monkey.org] package lets you sniff on a switched network. So does ettercap [sourceforge.net].
Re:Not really a big problem. (Score:1)
However, I stand by the fact that airport is intended for home use where the exploit isn't much of a risk anyway.
Re:Not really a big problem. (Score:4, Insightful)
Really? A device designed to support 50 computers simultaneously designed only for home use. You better tell that to all of the business [apple.com] and academic [apple.com] users quick - or are they all using the "other" version of the Airport [apple.com]?
Re:Not really a big problem. (Score:3, Insightful)
My Graphite Airport Base Station is in my house. I still get the range when I'm about 50 meters from the building (yes, I did the ultimate nerdish test, walking around the property with an iBook and iChatting with a friend to see if I loose him). Unfortunately, this means that I would also catch Airport on the neighboring properties. Now, I'm not that much afraid of malicious hacker parking a big black van in front of my house, but actually if some neighbor kid would
Re:Not really a big problem. (Score:1)
Also, I'd suggest doing a ping instead of iChat, it would go faster.
Re:Not really a big problem. (Score:2)
> big black van in front of my house
Two of my neighbors put up wireless Ethernet systems recently, and neither has very good security on them. In fact, one neighbor didn't password-protect his network, use WEP, or even change the default password on his router.
Here's what's scary. If a person parked a car outside his house and started downloading something illegal, like child pornography, the NAT capabilities of the wireless base station would
And then what? (Score:2)
Re:And then what? (Score:1)
duh (Score:5, Insightful)
This is very old news.
Re:duh (Score:2)
I'll just go back to wondering why this warrants being pointed out by @Stake, let alone mention on Slashdot.
Re:duh (Score:4, Insightful)
True, you'll actually have to read the article to discover what the "News" is here, but it's a practice that I recommend.
Re:duh (Score:1)
Damm you and your kind to hell, hell, hell.
Strange (Score:5, Informative)
Not clear text (Score:2)
Since it's apparently the same key every time, it might as well be plaintext as far as real security goes.
Re:Not clear text (Score:1)
not just wifi weaknesses - xor obfuscation (Score:2, Informative)
Re:not just wifi weaknesses - xor obfuscation (Score:1, Funny)
Re:not just wifi weaknesses - xor obfuscation (Score:2)
Re:not just wifi weaknesses - xor obfuscation (Score:1)
This is exactly what my experience has been with Apple. I have worked with them on two serious bugs now and both times they have treated me like it was my fault their software was broken.
In one case it took Apple over a year to fix the problem.
If Apple is going to truly compete in the enterprise market, they need to change their thinking. First, security is important and trumps even user experience. Second, the
Re:Deja Vu (Score:1, Offtopic)
Ok, what the hell. There WASN'T information on their site the last time I checked. Now there is. Nothing about a release date, besides 'June 2003', which isn't the normal Matrix release day (since that's 5/15, which is a Thursday according to my calendar)
Re:Deja Vu (Score:1)
Er.. since when has WEP been "secure"? (Score:5, Informative)
...
If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an anonymous attacker that can sniff the network can obtain administrative access to the AirPort. If WEP is enabled, then the attack is limited to WEP authenticated attackers.
It is well known that WEP can quickly and easily be broken [sourceforge.net], so really what this is saying is that all Airport base stations that are administered are vulnerable, regardless of whether WEP is used or not
Workaround: Only admin the Airport from a Mac connected directly to the cabled ethernet interface using a crossover cable until this issue is patched.
Re:Er.. since when has WEP been "secure"? (Score:3, Interesting)
The point of the security advisory is that this access point's efforts in that realm are really silly and make it worse than the other access points. None of them are really "secure." The part you quoted seems to allude or infer that some are, and that's kind of dumb of them to say - but you're getting distracted from the point.
Re:Er.. since when has WEP been "secure"? (Score:5, Insightful)
What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.
WEP is perfectly secure for a standard network, and anyone who is willing to spend 100 hours standing in my driveway just for access to a network on which everything else is passworded is simply insane.
Anyone who acts like WEP is worthless is simply misinformed.
Re:Er.. since when has WEP been "secure"? (Score:4, Funny)
Re:Er.. since when has WEP been "secure"? (Score:2)
Re:Er.. since when has WEP been "secure"? (Score:2)
I'm afraid he doesn't need to stand in your driveway. Are you 100% positive your Airport network cannot be accessed from any neighboring building? If it can (and I think it's quite possible, actually), then you could be vulnerable for some smartass neighborhood kid. He can wait, he can break your network o
Re:Er.. since when has WEP been "secure"? (Score:2)
Re:Er.. since when has WEP been "secure"? (Score:2)
Phew - no buildings near your base station. Looks like all those starbucks using Airport kit are secure after all.
psst. it may be difficult for you to accept, but the world does not revolve around you see...
Re:Er.. since when has WEP been "secure"? (Score:2)
psst. it may be difficult for you to accept, but the world does not revolve around you see...
The post I was replying to said "Are you 100% positive your Airport network cannot be accessed from any neighboring building? If it can (and I think it's quite possible, actually), then you could be vulnerable for some smartass neighborhood kid." I think my response was appropriate. YMMV.
Re:Er.. since when has WEP been "secure"? (Score:2)
What? You couldn't get any results from your own AP (with I'm guessing perhap
Re:Er.. since when has WEP been "secure"? (Score:2)
WEP is just fine for this level of security.
Now as far as packet sniffing and random buggery, well it's certainly vulnerable and I wouldn't deploy it on a corporate level in any high traffic business district.
Re:Er.. since when has WEP been "secure"? (Score:2)
20 hours is a bit pessimistic.
"we were able to collect that many packets in a few hours on a partially loaded network", says the Stubblefield/Ioannidis/Rubin paper (ATT tech report TD-4ZCPZZ) about implementing the Fluhrer/Mantin/Shamir attack.
What's important here is how that "few hours" compares to the amount of time the WEP key stays in service. If you've got a big network it's almost impossible to get everyone to change to a new WEP key. If
turn off encryption and its a flaw - well blow me (Score:2, Insightful)
--
Nothing new to see here move along
--
Unimportant (Score:4, Informative)
well, duh. (Score:3, Insightful)
well, big frickin' duh, if you'll pardon my french.
if i administrate any computer or for that matter any access point via an insecure connection or any connection that can be sniffed by an intruder well, no doubt it can be compromised!
why is this news? why, more specifically is this apple news?
why not create a new
commonsense.slashdot.org (Score:3, Funny)
Redundent? Yes. Informative? YES! (Score:2)
If you read the posting, @Stake is not laying claim to the vulnerability, rather the obfuscation technique used by Apple to transmit their passwords. While other wireless routers (linksys, netgear, etc.) all suffer from the same core vulnerability, they don't all use the same methods for transmitting password information. RTFA:
The authentication credenti
Re:Redundent? Yes. Informative? YES! (Score:1)
Unobfuscating the password is merely a convenience to avoid patching the base administration software.
On a security point of vue, this is the same as a login process. The Airport base would have to use secured login methods (like public key exchange or challenge/reply, etc) to prevent such flaws.
This is true fo
Other wirelesses then? w/out sniffing ... (Score:1)
And don't intend the article as the other wireless systems being "more secure".
I am surfing constantly on neighbors Linksys system - their covad is so much faster than our dsl. I've never sniffed to get it. It shows up on my airport menus
Security fix for base station. (Score:1)
The presence of a rat is well regarded in Japan, it is the sign of a good harvest.
Set a Damn Password (Score:1)