Jason Crawford has learned that if you want to break into secure Wi-Fi networks, you don't need to buy equipment from the black market. Instead, you can buy it from Toys "R" Us, he says.
Crawford, who works as a principal investigator for R&D projects at Lockheed Martin's newly opened wireless-security laboratory, says he has figured out how to crack the seemingly secure wireless networks that consumers and corporations use -- with nothing more than a cluster of eight PlayStation 3s. Crawford won't go into the details of just how he used the PS 3s to hack Wi-Fi networks, but he says that you don't have to be a top-level hacker to figure it out.
"The PS 3s use a processor called the Cell Broadband Engine, and it's so insanely fast that it didn't take long for us to crack [Wi-Fi Protected Access] networks once we started writing some software for it," Crawford says. "I set up a cluster of about eight PS 3s. . . . Getting them together wasn't all that expensive," he says.
Crawford's PlayStation hack is just one of many projects that Lockheed Martin researchers are working on to head off the dangers of technological surprise. In other words, the brains at the company are in a race to discover the loopholes and faults in wireless security before terrorists and cyber criminals do. Needless to say, this requires a tremendous amount of outside-the-box thinking, says John Morrison, chief of the company's Wireless Cyber Security Lab.
"The 9/11 Commission said that one of the biggest reasons that the government failed to prevent the 9/11 attack was a failure of imagination," Morrison says. "We're trying to ensure that something similar doesn't happen in the realm of wireless communications," he says.
Defining the problem
So, just what are the biggest emerging threats in wireless security? Perri Nijeb, CTO for Lockheed Martin Information Systems, says her biggest concern has been the gradual migration of the office to the home. In other words, as workers increasingly connect to company data through corporate VPNs from their homes, companies have less and less control over where their employees can gain access to sensitive information.
"The lines between our 'work' environment and our 'home' environment are becoming increasingly blurred as wireless routers, phones and aircards rapidly extend the traditional office enterprise further and further to the 'edge,'" Nijeb says. "The network now moves with the individual to their living room, hotel room, car and coffee shop. . . . This is both exciting and challenging for us."
To that end, Lockheed Martin has been running tests on many types of consumer technology that have been migrating to enterprise networks, including Wi-Fi, WiMAX, Bluetooth, and cell phones. The abundance of Wi-Fi hot spots is one of the lab's most pressing concerns because Wi-Fi increasingly has become ubiquitous in urban areas and oftentimes users can connect to unsecured networks and not even realize that they're at risk. The major issues with Wi-Fi include "connection hijacking, deliberate or inadvertent denial of service, the creation of security holes in corporate or government networks, and difficulty in attributing network actions to specific IP addresses, due to the ease of hijacking," Nijeb says. Morrison says all these issues, particularly connection hijacking, have the potential to cause massive headaches for corporate IT departments if they don't educate their users about security issues.
"When I was working in New York City as the IT director for a financial services company, we had a problem with drug dealers using others' unprotected Wi-Fi networks to do their deals," Morrison says. "And then when the authorities would trace their IP address, it would go back to the home of one of our unsuspecting employees."