But this exploit is best not framed as a wireless versus wireline exploit, but rather as a network exploit.
"It has nothing to do with wireless," according to Mike Klein, CEO of Interlink, a company known for their carrier-class RADIUS servers. The result of this exploit, though, makes RADIUS-based authentication systems, wireless and dial-up RAS alike, vulnerable to spoofed authentication and data sniffing.
The concern about this exploit centers on wired LAN configuration and how much trust should be given to its implementation. A simple wireless network is likely to use the same virtual (or wired, for that matter) network as other production computers. That enables any employee to sniff for RADIUS traffic, directly if the wireless access point it attached to the same shared-media hub as the employee, or indirectly with ARP (Address Resolution Protocol, used to identify the hardware address based on the IP address) poisoning, using tools such as Arpoison, Cain & Abel, dsniff, and Ettercap. If the network does separate the end-users from the wireless network, only a Layer 3 attack can be performed, but this is still possible using proxy ARP or ICMP (Internet Control Message Protocol) redirects.
Most of these problems can be mitigated if the access point uses a different VLAN for the management traffic (including RADIUS authentication) than the client or data traffic. Even if those best practices are applied, however, the cables themselves are still vulnerable to tapping if someone has access to the wiring closet or has access to more advanced technology such as tapping the copper cable without splicing into it. Whatever the method, the attacker will either need to take extreme measures to gain physical access, using social engineering techniques to get a rogue access point on the right network, or work as an insider.
This all begs the question, of course: If the intruders have physical or network access, why go after the RADIUS keys when there are likely more interesting things to be obtained? Why would hackers be "looking at pebbles, not boulders?" said Mike Klein concerning the issue.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
