[ISN] Inside Lockheed Martin's wireless security lab

From: InfoSec News (alerts@private)
Date: Tue May 20 2008 - 01:32:01 PDT


By Brad Reed
Network World

Jason Crawford has learned that if you want to break into secure Wi-Fi 
networks, you don't need to buy equipment from the black market. 
Instead, you can buy it from Toys "R" Us, he says.

Crawford, who works as a principal investigator for R&D projects at 
Lockheed Martin's newly opened wireless-security laboratory, says he has 
figured out how to crack the seemingly secure wireless networks that 
consumers and corporations use - with nothing more than a cluster of 
eight PlayStation 3s. Crawford won't go into the details of just how he 
used the PS 3s to hack Wi-Fi networks, but he says that you don't have 
to be a top-level hacker to figure it out.

"The PS 3s use a processor called the Cell Broadband Engine, and it's so 
insanely fast that it didn't take long for us to crack [Wi-Fi Protected 
Access] networks once we started writing some software for it," Crawford 
says. "I set up a cluster of about eight PS 3s. . . . Getting them 
together wasn't all that expensive," he says.

Crawford's PlayStation hack is just one of many projects that Lockheed 
Martin researchers are working on to head off the dangers of 
technological surprise. In other words, the brains at the company are in 
a race to discover the loopholes and faults in wireless security before 
terrorists and cyber criminals do. Needless to say, this requires a 
tremendous amount of outside-the-box thinking, says John Morrison, chief 
of the company's Wireless Cyber Security Lab.

"The 9/11 Commission said that one of the biggest reasons that the 
government failed to prevent the 9/11 attack was a failure of 
imagination," Morrison says. "We're trying to ensure that something 
similar doesn't happen in the realm of wireless communications," he 

Defining the problem

So, just what are the biggest emerging threats in wireless security? 
Perri Nijeb, CTO for Lockheed Martin Information Systems, says her 
biggest concern has been the gradual migration of the office to the 
home. In other words, as workers increasingly connect to company data 
through corporate VPNs from their homes, companies have less and less 
control over where their employees can gain access to sensitive 

"The lines between our 'work' environment and our 'home' environment are 
becoming increasingly blurred as wireless routers, phones and aircards 
rapidly extend the traditional office enterprise further and further to 
the 'edge,'" Nijeb says. "The network now moves with the individual to 
their living room, hotel room, car and coffee shop. . . . This is both 
exciting and challenging for us."

To that end, Lockheed Martin has been running tests on many types of 
consumer technology that have been migrating to enterprise networks, 
including Wi-Fi, WiMAX, Bluetooth, and cell phones. The abundance of 
Wi-Fi hot spots is one of the lab's most pressing concerns because Wi-Fi 
increasingly has become ubiquitous in urban areas and oftentimes users 
can connect to unsecured networks and not even realize that they're at 
risk. The major issues with Wi-Fi include "connection hijacking, 
deliberate or inadvertent denial of service, the creation of security 
holes in corporate or government networks, and difficulty in attributing 
network actions to specific IP addresses, due to the ease of hijacking," 
Nijeb says. Morrison says all these issues, particularly connection 
hijacking, have the potential to cause massive headaches for corporate 
IT departments if they don't educate their users about security issues.

"When I was working in New York City as the IT director for a financial 
services company, we had a problem with drug dealers using others' 
unprotected Wi-Fi networks to do their deals," Morrison says. "And then 
when the authorities would trace their IP address, it would go back to 
the home of one of our unsuspecting employees."

Another concern for the lab is the spread of Bluetooth technology. 
Although Bluetooth generally has a very short transmission range, 
Crawford notes there are technologies that can pick up Bluetooth signals 
from farther away than where they're supposed to be accessible. This has 
particularly frightening implications, because sophisticated hackers 
theoretically could use Bluetooth to track people's movements, he says.

"Bluetooth is already installed in most semi-expensive vehicles right 
now," Crawford says. "If you want to track somebody's movements, you 
just need to set up several sleeper PDAs in the area where they're 
traveling, and if you have a high-enough antenna, you can pick up a lot 
of people's movements."

In addition, because more and more handsets are being equipped with 
Bluetooth, Wi-Fi and WiMAX capabilities, Crawford says these security 
vulnerabilities are expected only to multiply in the coming years.

"A lot of these features can be difficult to turn off, and most people 
don't even know about them," Crawford says. "What's more, a lot of these 
devices will try automatically to get on hot spots."

Where the boardroom meets the battlefield

The problems being addressed by Lockheed Martin's wireless security lab 
aren't limited to the enterprise, of course. Most of them also are 
becoming increasingly crucial to securing the military's battlefield 
communications networks. Currently, the company is helping the Army's 
Warfighter Information Network-Tactical program build a new mobile 
network that can span an entire theatre of operations and will equip all 
Humvees, tanks and other vehicles with IP radios that will link to an ad 
hoc network capable of delivering 100Mbps of data to soldiers on the 

"The military has a vision of having an IP address for every soldier and 
weapon," Morrison says. "They're not going to be trailing wires around 
on the battlefield, but that can lead to some vulnerabilities."

Just as corporate users are vulnerable when they connect to enterprise 
networks using home Wi-Fi connections, soldiers are at their most 
vulnerable when they use wireless communications in crowded urban 
environments, Morrison says. He acknowledges that urban battle settings 
are difficult to recreate in a laboratory environment, but he says that 
the lab has tried using fixed and mobile communications systems to 
simulate how soldiers will travel in the theatre of operations.

The main challenge lies in creating a collection of wireless nodes that 
can pass on informal to low-power or low-bandwidth devices effectively 
while still being able to be set up and taken down as quickly as the 
mission dictates, Nijeb says. The stakes on the battlefield are 
certainly higher than the stakes in most home offices, but corporate 
networks can learn a great deal from how the military effectively 
deploys wireless networks with connections that are both fluid and 
secure, she says.

"This concept again points to the expansion of the network beyond 
traditional boundaries," Nijeb says. "Cyber and wireless security has 
been of high interest due to its almost limitless boundaries and the 
fact that it touches and impacts everyone, not just the military and the 
government. This newly emerging wireless world will only succeed if all 
of the stakeholders feel they can trust in the security of the network."

All contents copyright 1995-2008 Network World, Inc. 

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 20 2008 - 01:48:14 PDT