The McGraw-Hill Companies
Cataloging-in-Publication Data is on file with the Library of Congress.
McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please write to the Director of Special Sales, Professional Publishing, McGraw-Hill, Two Penn Plaza, New York, NY 10121-2298. Or contact your local bookstore.
Hacking Exposed™ Wireless: Wireless Security Secrets & Solutions
© 2007 The McGraw-Hill Companies
All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
1234567890 FGR FGR 01987
ISBN-10: 0-07-226258-3
Sponsoring Editor
Jane K. Brownlow
Editorial Supervisor
Janet Walden
Project Editor
LeeAnn Pickrell
Acquisitions Coordinator
Jennifer Housh
Technical Editors
Johnny Cache and Vincent Liu
Copy Editor
LeeAnn Pickrell
Proofreader
Paul Tyler
Indexer
Rebecca Plunket
Production Supervisor
George Anderson
Composition
EuroDesign - Peter F. Hancik
Illustration
Lyssa Wald
Series Design
Peter F. Hancik, Lyssa Wald
Art Director, Cover
Jeff Weeks
Cover Designer
Pattie Lee
Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
To my brilliant wife, Jody. If I didn't have you in my life, I'd be lost in this world.
-Jon
To Nicole, forever and always.
-Vinnie
About the Authors
Johnny Cache
Johnny Cache received his Masters in Computer Science from the Naval Postgraduate School in 2006. His thesis work, which focused on fingerprinting 802.11 device drivers, won the Gary Kildall award for the most innovative computer science thesis. Johnny wrote his first program on a Tandy 128K color computer sometime in 1988. Since then, he has spoken at several security conferences including BlackHat, BlueHat, and toorcon. He has also released a number of papers related to 802.11 security and is the author of many wireless tools. Most of his wireless utilities are included in the Airbase suite, available at 802.11mercenary.net.
Vincent Liu
Vincent Liu, CISSP, is the Managing Director at Stach & Liu, a professional services firm providing IT security consulting to the Fortune 500, national law firms, and global financial institutions. Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Prior to that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency. Vincent is a developer for the Metasploit Project and an experienced speaker, having presented his research at conferences including BlackHat, toorcon, and Microsoft BlueHat. Vincent has been published in interviews, journals, and books with highlights including Penetration Tester's Open Source Toolkit, Writing Security Tools and Exploits, Sockets, and Shellcode, Porting, and Coding. Vincent holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in computer science and engineering and a minor in psychology.
ABOUT THE CONTRIBUTING AUTHORS
Kevin Finisterre is the former Head of Research and cofounder of SNOSoft, Inc., aka Secure Network Operations. Kevin's primary focus has been on the dissemination of information relating to the identification and exploitation of software vulnerabilities on various platforms; Apple, IBM, SAP, Oracle, Symantec, and HP are among the many vendors that have had problems identified by Kevin. He is currently focused on Apple security, with his latest project being the Month of Apple Bugs. He enjoys testing the limits and is constantly dedicated to thinking outside the box. Apart from M.O.A.B., Kevin's current brainchild is the project he calls DigitalMunition.com.
Kyle Hershberger received his Bachelor of Science in Electrical Engineering from the Georgia Institute of Technology. He has over four years of experience in the field of microwave and RF integrated-circuit design, where his primary focus has been on the design and development of power amplifier ICs for both military and commercial applications. He is currently working on the development of high-linearity power amplifiers for the upcoming WiMax standard. In addition to his professional interests, he has also been a licensed amateur radio operator (N3KX) since 2002 with a primary interest in VHF and microwave operation.
David Pollino has a strong background in security, wireless, and networking. David is currently a security practitioner working in financial services. During his career, he has worked for an industry-leading security consulting company, a large financial services company, and a tier 1 Internet service provider. David frequently speaks at security events and has frequently been quoted in the press in online and print journals on security issues. During his career as a consultant and network engineer, David has worked for clients across multiple industries, including financial services, service providers, high technology, manufacturing, and government. He is the author of such books as RSA Press' Wireless Security and McGraw-Hill's Hacker's Challenge, Hacker's Challenge 2, and Hacker's Challenge 3.
Jon Rose, CISSP, MCSD, is a Senior Security Associate at Stach & Liu, a professional services firm providing IT security consulting to the Fortune 500, national law firms, and global financial institutions. Before joining Stach & Liu, Jon was a Senior Security Engineer at Ernst & Young's New York Advanced Security Center (ASC). In this role, he conducted application assessments for Fortune 100 clients while also developing and delivering training classes, including Secure Application Development and eXtreme Hacking. Prior to that, Jon consulted with a government-focused security firm based out of Washington, D.C. In this capacity, he performed security assessments and guided regulatory compliance for numerous federal agencies. Jon holds a Bachelor of Business Administration from James Madison University with a major in computer information systems.
Patrick Stach is the Director of Research and Development at Stach & Liu, a professional services firm providing IT security consulting to the Fortune 500, national law firms, and global financial institutions. Before founding Stach & Liu, Patrick contributed to the development of multiple industry-leading security vulnerability scanning engines. He has led the network security teams at a number of major Internet hosting providers and has performed freelance consulting and research. Patrick has lectured on mathematics and taught network security as adjunct faculty in Japan. He is a well-respected cryptanalyst and is a developer of the Metasploit Framework. Patrick has presented at DefCon, Interz0ne, ShmooCon, toorcon, and PhreakNIC.
ABOUT THE TECHNICAL EDITORS
Vincent Liu and Johnny Cache technically edited each other's chapters.
ACKNOWLEDGMENTS
I would like to thank everyone who was helped me with my technical achievements throughout the years. In roughly chronological order, this would be my parents, anyone from 219/Dwaynes World/NetNitco, Dwayne Dobson, #area66, Rich Johnson, Matt Miller, Jody Radowicz and the rest of nologin/uninformed, David Hulton (h1kari), Joshua Wright, Dragorn, #vax, Chris Eagle, Dr. Volpano, and HD Moore. Without friends as smart as these, I would never have gotten half this far. Last but not least, I would like to thank the entire editing staff who worked on this book. Before starting this, I had no idea why people always seemed to thank their editors. Now I know. Thanks guys.
-Jon
To my mom, dad, and sister for always believing in me. To Ramune for being a rockstar reviewing machine. To krispyos for all the Cokes. To Da Cheese for all the jokes. To JRo for harassing me all day long. To optyx for the pog collection. To Jane and Jenni for being so patient. And in no particular order: #vax, irc.elite.net, skape, hdm, spoonm, xbud, alfredo, slow, tastic, jj, benz, rhy0t, bubbles, pfhaf, Mrs. Magedanz, and Professor Smith. Thank you all.
-Vinnie