Paying Heed to 802.11n Security

Customers are clamoring for the improved throughput and coverage area, but they also need to keep security in mind.

When Motorola March 12 publicly announced its 802.11n initiative and rolled out equipment for enterprise customers, this meant all of the biggest names in the wireless LAN space in terms of market share were now offering the products based on the draft standard.
This blanket availability shows that these companies have paid heed to their customers' hunger for 802.11n's improvements in throughput, coverage area and client density performance.
However, these hungry customers should also save a little room for security. The 802.11n threat and protection landscapes have not yet evolved at the pace set by the access market, and there are current problems to be solved as well as the potential for greater issues down the road to which customers should pay attention.
Everyone with whom I have spoken agrees there are no known vulnerabilities or attacks specific to 802.11n now, and one school of thought is there won't be the kind of vulnerabilities we've seen in the past. For example, there were no new 802.11a vulnerabilities when that specification first came to market.
However, Amit Sinha, CTO for wireless intrusion prevention vendor AirDefense, said 802.11n adds enough layer of complexity to the wireless MAC and PHY so that there may be opportunities for attack down the road.
Sinha said, "802.11n does significantly complicate the MAC layer with the inclusion of mechanisms such as block acknowledgements and spoofed duration fields that could be exploit candidates. 802.11a did not change the MAC or the basic OFDM modulation used in the physical layer. The physical layer of 802.11n is also dramatically different. The inclusion of 40MHz modes and complex legacy protection mechanisms will lend itself to slightly modified denial-of-service attacks that at the very least could cripple the sought-after benefits of 802.11n."