Simple security for wireless

22 Aug 2011

In early August, at the Def Con conference - a major annual gathering of computer hackers - someone apparently hacked into many of the attendees' cell phones, in what may have been the first successful breach of a 4G cellular network.

If early reports are correct, the incident was a man-in-the-middle (MITM) attack, so called because the attacker interposes himself between two other wireless devices.

Coincidentally, a week later, at the 20th Usenix Security Symposium, MIT researchers presented the first security scheme that can automatically create connections between wireless devices and still defend against MITM attacks. Previously, thwarting the attacks required password protection or some additional communication mechanism, such as an infrared transmitter.

Showcasing novel ways to breach security is something of a tradition at Def Con. In previous years, MITM attacks had been launched against attendees' Wi-Fi devices; indeed, the MIT researchers demonstrated the effectiveness of their new scheme on a Wi-Fi network. But in principle, MITM attacks can target any type of wireless connection, not only between devices (phones or laptops) and base stations (cell towers or Wi-Fi routers), but also between a phone and a wireless headset, a medical implant and a wrist-mounted monitor, or a computer and a wireless speaker system.

Ordinarily, when two wireless devices establish a secure connection, they swap cryptographic keys - the unique codes they use to encrypt their transmissions. In an MITM attack, the attacker tries to broadcast his own key at the exact moment that the key swap takes place. If he's successful, one or both of the devices will mistake him for the other, and he will be able to intercept their transmissions.

Password protection can thwart MITM attacks, assuming the attacker doesn't know the password. But that's not always a safe assumption.