Posted: 21st Sep, 2007 By: MarkJ
The UK's Centre for the Protection of National Infrastructure (
CPNI) has issued a paper that exposes critical flaws in the new generation wide-area broadband wireless
WiMAX technology:
WiMax has fundamental security flaws, including the lack of two-way authentication, which allows a hacker to set up a "rogue" base station to impersonate a legitimate one so that the hacker can spoof the base station and launch man-in-the-middle attacks, "exposing subscribers to various confidentiality and availability threats," the CPNI paper said.
"This means session hijacking is possible and the attacker could gain access to sensitive information."
The piece also notes some inherent problems with wireless and
WiMAX technology in general, such as their use of radio frequency spectrum, which makes it fairly simple to jam and issue denial-of-service (DoS) attacks.
It's understood from Govexec.com's summary that such exploits are already well known but that not enough is being done to protect people at the subscriber/end-user level. Sadly many of these problems may only come to the fore after
WiMAX has had a chance to establish itself.