Datamation Logo

Security Flaw Could Ground Wi-Fi Users

Home Security
Ed Sutherland
By Ed Sutherland
November 14, 2006
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Wi-Fi users beware: Use your wireless computer in public and you could be opening yourself to the latest security risk.

Another security hole could be wide open the moment you switch on a Wi-Fi enabled laptop, warned a group of security investigators, including the Zeroday Emergency Response Team (ZERT), a security monitoring group loosely affiliated with Baylor University.

The flaw, a buffer overflow error in Broadcom’s (Quote)BCMWL5.SYS wireless driver, could allow nearby hackers to execute kernel-mode code, according to the Month of Kernel Bugs (MoKB) project, which first warned of the vulnerability.

Hackers already have a tool, the Metasploit Module, which can exploit the security opening, according to the organizations warning users. The exploit “can be used to inject any standard Windows payload into a vulnerable system,” according to ZERT’s advisory.

Windows laptop users do not need to do anything to be vulnerable. “Windows is exploitable without the existence of an Access Point (AP) or any interaction from the user,” according to ZERT. A Wi-Fi card’s background scan of available wireless networks triggers the flaw.

“If you are at an airport, coffee shop, or using your computer with wireless card enabled in any public place, you are at risk,” ZERT said.

Just how close an attacker needs to be to exploit the Wi-Fi bug depends on the hacker’s antenna and signal strength, according to the advisory.

Although chipmaker Broadcom revised its Wi-Fi driver after hearing from user “Johnny Cache,” one security group could not offer a patch for such a wide range of hardware. Building a patch for the many different vendors “is impractical,” ZERG wrote.

Instead, users who believe they are affected can check the manufacturer’s Web site, the researchers suggested. Some computer makers, such as Dell, have automatic update services.

This article was first published on InternetNews.com. To read the full article, click here.

  SEE ALL
ARTICLES  
Previous Article
Security Flaw Could Ground Wi-Fi Users
Next Article
The Future of ERP

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

AI

AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI in Cybersecurity: The Comprehensive Guide to Modern Security
Security

What Is Cybersecurity? Definitions, Practices, Threats

What Is Cybersecurity? Definitions, Practices, Threats
Security

How to Secure a Network: 9 Key Actions to Secure Your Data

How to Secure a Network: 9 Key Actions to Secure Your Data
Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands

Technologyadvice ServerWatch TechRepublic Enterprise Networking Planet eWeek Project Management eSecurity Planet IT Business Edge
Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.